Managing DNSSEC
Last Updated: March 2026
2 min read
DNSSEC (DNS Security Extensions) is a special security system for your DNS service that adds cryptographic signatures to DNS records to prevent tampering and ensure authenticity. Not all TLDs support DNSSEC.
What is DNSSEC?
DNSSEC adds a layer of security to the DNS lookup process by enabling DNS responses to be verified. It protects against:
- DNS cache poisoning: Attackers inserting false DNS data into resolver caches
- Man-in-the-middle attacks: Intercepting and altering DNS responses
- DNS spoofing: Redirecting users to malicious websites
How to Access DNSSEC Management
- Log in to your domain registrar account.
- Navigate to your domains list.
- Click on the domain you would like to edit the DNSSEC for.
- Click on Manage Nameservers or DNS Settings.
- Look for a DNSSEC Management section or link.
On this page, you can make any necessary changes to your DNSSEC configuration.
Required Information for DNSSEC
To add a registry-level DNSSEC record, you will need the following from your DNS provider:
| Field | Description |
|---|---|
| Key Tag | An integer value used to identify the DNSSEC record |
| Algorithm | The algorithm used to generate the signature (e.g., RSA/SHA-256) |
| Digest Type | The algorithm type used to construct the digest (e.g., SHA-256) |
| Digest | A string value generated by the algorithm |
Important Notes
- DNSSEC requires support from both your domain registrar and your DNS provider (nameserver operator).
- If your registrar’s nameservers do not support DNSSEC, you will need to use third-party nameservers that do (such as Cloudflare, AWS Route 53, or Google Cloud DNS).
- DNSSEC is supported for most TLDs when using third-party nameservers. For more information on supported TLDs, refer to the registry’s official documentation.
- Incorrectly configured DNSSEC can make your domain completely unreachable. Be very careful when making changes.
For more details, see our DNSSEC FAQ article.
Tags:
dns
dnssec
security
domains