DNSSEC adds a level of security to your domain name's DNS. In the Domain Manager, you can manage Domain Name System Security Extensions (DNSSEC) for the following domain name extensions:
See DNSSEC FAQ for more information.
You can activate DNSSEC security information for your domain name under the following conditions:
If you have a Premium DNS account, you can take advantage of our fully managed DNSSEC services. For more information, see Enable DNSSEC in my Premium DNS account.
To enable DNSSEC, the zone must be digitally signed by your DNS server. During signing, you create a Delegation of Signing (DS) record. Each DS record contains information the registry uses to authenticate using DNSSEC. You use the DS Record and the information it contains to enable DNSSEC for your zone.
You can define up to 10 DS records for each domain name.
For domain names with a .eu extension, you can define a maximum of four DS records. For domain names with a .uk extension (.co.uk, .me.uk, and .org.uk), you can define a maximum of eight DS records.
The domain name extension determines the DNSSEC information you supply for each domain name. Here are the available DNSSEC fields and their usage by domain name extension:
DNSSEC Field | .com / .net / .biz / .us / .uk / .co | .org | .eu |
---|---|---|---|
Key Tag | Required | Required | Required |
Algorithm | Required | Required | Required |
Digest Type | Required | Required | Required |
Max Signature Life | Not Supported | Optional | Not Supported |
Flags | Not Supported | Not Supported | Required |
Protocol | Not Supported | Not Supported | Required |
Digest | Required | Required | Required |
Public Key | Not Supported | Not Supported | Required |
The following information is required to create a DS record for your domain name: