DNSSEC

DNSSEC is your domain’s DNS cryptographic defence technology.
By using DNSSEC, it is possible to verify, that the information returned from DNS is correct and originates from the right place.
When DNSSEC is active, you can not change your domain’s nameservers.

Attention!

Deactivating DNSSEC will take 24h by default. This ensures the correct DNS records propagation and prevents your domain’s downtime. If you would like to deactivate DNSSEC as quickly as possible, please contact our customer support.

Deactivating DNSSEC

You can deactivate DNSSEC through “My Zone” control panel by clicking on your domain name from Services overview window.

In the next window, click on “DNSSEC” either from the menu on the left, or from domain overview.

Now click “Deactivate”

Activating DNSSEC

If your domain is in Zone registrar and uses Zone nameservers, you can activate DNSSEC through My Zone control panel by clicking the domain name from Services overview menu. Then click on DNSSEC and from the next window Activate. 
Activation of DNSSEC will take 1-2h.

Activating DNSSEC for CloudFlare nameservers

Once your domain is using Cloudflare nameservers and DNSSEC activation is initiated from their environment, Cloudflare will give you DC record data, that needs to be added to the domain’s DNSSEC settings through “My Zone” control panel.

In DNSSEC settings window, you can add the DS record. Simply open Advanced settings and click on the + icon

Insert Cloudflare DNS record as follows:

  • Fill the Key Tag value
  • Choose Key type according to Flags value (usually it is KSK)
  • Choose Algorithm¬†according to Digest type – if Digest Type is SHA256, choose ECDSA-P256-SHA256 (13)
  • Insert Public key value

You don’t need to add Private key.

Updated on 4. Oct 2023

Was this article helpful?

Related Articles