If you wish to secure your domain name with DNSSEC and you're using your own custom nameservers, you can configure DNSSEC inside your control panel.
If you're using the TransIP nameservers, DNSSEC will automatically be enabled. Use this article if you want to manually configure DNSSEC in your control panel.
- Domain extensions that support DNSSEC
DNSSEC can be configured for nearly every domain extension. Take a look at our wide assortment of domain names and search for a domain extension. Next, click on 'More information' to see if the domain extension supports DNSSEC.
Configuring DNSSEC in your control panel
Visit the control panel and head to the tab 'Domains & Hosting' at the top of the page. Next, select your domain name on the left hand side (don't check the box).
At the top of the page you will see your domain name and the button 'Manage' next to it. Click on this button and select 'DNSSEC settings'.
Take note: You will only be able to configure the DNSSEC settings when using your own custom nameservers. If you're using the TransIP nameservers, DNSSEC will automatically be used for your domain name and the 'DNSSEC settings' button will not be visible.
If you are name servers from another service such as CloudFlare, the Key Tag, algorithm and KSK (Key Signing Key) will be provided by them.
After clicking on 'DNSSEC settings' you will find yourself on the following page.
Below you can find an explanation of the different DNSSEC settings.
The required Key Tag consists of 5 digits and can be found in your DNS zone using Zonesigner.
Enter the specific algorithm required to encrypt the public key. You can find the corresponding algorithm in your DNS zone.
- Supported algorithms
The following algorithms are supported:
- 3 DSA/SHA1
- 5 RSA/SHA-1
- 6 DSA-NSEC3-SHA1
- 7 RSASHA1-NSEC3-SHA1
- 8 RSA/SHA-256
- 10 RSA/SHA-512
- 12 GOST R 34.10-2001
- 13 ECDSA Curve P-256 with SHA-256
- 14 ECDSA Curve P-384 with SHA-384
You can choose between a Key Signing Key (KSK, 257) and a Zone Signing Key (ZSK, 256). The Key Signing Key is the most used flag.
The digital signature of the records in your DNS zone is checked by the public key. You can find the public key near the corresponding DNSSEC records in your DNS zone.
When you've configured your DNSSEC settings, click on 'Save'.
Take note that some domain extensions might not support some of the relatively new security algorithms such as 13 and 14. You can find more information about currently available algorithms and the status of future ones on the website of IANA.org.
In this article we explained how you can configure DNSSEC for your own custom nameservers inside your control panel.
If you have any questions regarding this article, please contact our support team. You can reach them using the 'Contact us' button below or via the 'Contact' button inside your control panel.
If you wish to discuss this article with other users, feel free to leave a comment below.