Domain Name Security Extensions (DNSSEC) adds an extra layer of security to your domains by attaching digital signature (DS) records to their DNS information.
You can self-manage DNSSEC for domains registered with 1st Domains when they are using third-party (not 1st Domains) name servers that have DNSSEC enabled. An example third-party DNS provider that supports DNSSEC is Cloudflare.
To enable DNSSEC, the zone must be digitally signed by your DNS server. During signing, you create a Delegation of Signing (DS) record. Each DS record contains information the registry uses to authenticate using DNSSEC. You use the DS Record and the information it contains to enable DNSSEC for your zone.
Enabling DNSSEC
Once you have the DS record information from your DNS provider, you'll be able to add a new DS record to your domain name using the steps below.
- Firstly, login to the Account Manager and select Manage Domains & Services
- Next select the Domain Name you wish to manage to access the Domain Manager.
- Under the Name Server Delegation section click the Enable DNSSEC button. (If you can't see the 'Enable DNSSEC' button, it means that you are using 1st Domains for your DNS Servers. To use DNSSEC for your domain name you will need to delegate your name servers to a third-party DNS provider that supports DNSSEC like Cloudflare.)
- On the DNSSEC Configuration page, enter the DS Record you have been provided by your DNS provider into the input box provided.
- Click Enable DNSSEC button to enable DNSSEC. Allow up to 48 hours for your changes to take full effect globally.
- After 48 hours, you can validate DNSSEC is enabled by using a DNSSEC Analyser.
Important to wait for the propagation of the records before doing a test.