How do I enabled DNSSEC for my Domain?


The Domain Name System Security Extensions (DNSSEC) is a set of specifications that extend the DNS protocol by adding cryptographic authentication for responses received from authoritative DNS servers.

DNSSEC was designed to address those risks and provide cryptographic verification through digital signatures that can be used to validate that records delivered in a DNS response came from the authoritative DNS server serving the queried domain name and haven't been altered en route.


How do I enable it?

1. Before starting this process, please check that your extension is supports DNSSEC. All generic extension (eg. .com, .net...) support DNSSEC, and you can check if your country code extention supports it here:


2. At the current time our name servers do not support DNSSEC although we do aim to offer this support in the future. Due to this you will need to use another Name Server provider, who is able to provide you with the DNSSEC-capable authoritative name servers. Once you have delegated to this Name Server provider proceed to step 3.


3. For us to anchor DNSSEC at the registry, we will need the Delegation Signer (DS) record. Your name server provider will be able to assist you with the correct values for your DS record. Please provide us with the following Details via email to from your account holder email address:

Key Tag:
Digest Type:
Public Key**:

* ZSK (256) or KSK (257)
** Some registries require the public key to be passed and generate the digest from this in their own systems

Once you have sent this email to us, please feel free to join us via live chat and provide our agent with the Ticket number so we can asssit you with this as soon as possible.

Was this article helpful?
0 out of 0 found this helpful