Article overview

Help article

How can I secure domains that use custom nameservers with DNSSEC ?

It is possible to generate your own DNS records if you are using your own custom nameservers and want to secure your domain with DNSSEC. You can add additional DNS records through the control panel as follows: select the domain in the list name and click on ‘’DNSSEC settings’’ under the tab ‘’Advanced domain settings’’.

We recommend to use a zone-signer script in order to complete your DNSSEC settings, such as ‘Zonesigner’. Please note that you will need Bind as well as Perl to use Zonesigner. If you are using the name servers from another service such as CloudFlare, the Key Tag, algorithm and KSK (Key Signing Key) will be provided by them.

The following security algorithms are enabled:

  • 3 DSA/SHA1
  • 5 RSA/SHA-1
  • 6 DSA-NSEC3-SHA1
  • 7 RSASHA1-NSEC3-SHA1
  • 8 RSA/SHA-256
  • 10 RSA/SHA-512
  • 12 GOST R 34.10-2001
  • 13 ECDSA Curve P-256 with SHA-256
  • 14 ECDSA Curve P-384 with SHA-384

Please note that some domain extensions might not support some of the relatively new security algorithms such as 13 and 14. You can find more information about currently available algorithms and the status of future ones on the website of IANA.org.

Do you have a good idea?

Give us your idea! If it's popular we'll add it to the wishlist!

Has this article been helpful?

Create an account or log in to leave a rating.

Share this article

Comments

Create an account or log in to be able to leave a comment.

Are you stuck?

Ask one of our specialists to assist you

Contact us