It is possible to generate your own DNS records if you are using your own custom nameservers and want to secure your domain with DNSSEC. You can add additional DNS records through the control panel as follows: select the domain in the list name and click on ‘’DNSSEC settings’’ under the tab ‘’Advanced domain settings’’.
We recommend to use a zone-signer script in order to complete your DNSSEC settings, such as ‘Zonesigner’. Please note that you will need Bind as well as Perl to use Zonesigner. If you are using the name servers from another service such as CloudFlare, the Key Tag, algorithm and KSK (Key Signing Key) will be provided by them.
The following security algorithms are enabled:
- 3 DSA/SHA1
- 5 RSA/SHA-1
- 6 DSA-NSEC3-SHA1
- 7 RSASHA1-NSEC3-SHA1
- 8 RSA/SHA-256
- 10 RSA/SHA-512
- 12 GOST R 34.10-2001
- 13 ECDSA Curve P-256 with SHA-256
- 14 ECDSA Curve P-384 with SHA-384
Please note that some domain extensions might not support some of the relatively new security algorithms such as 13 and 14. You can find more information about currently available algorithms and the status of future ones on the website of IANA.org.