Adding DNSSEC to a Domain Name – Help & Support

What is DNSSEC?

DNSSEC is a technology that digitally 'signs' data so a site is protected against attacks. It helps protect against forged DNS data. The goal is to provide assurance that the DNS records provided to the user are the same as the DNS records published on the DNS server.

How to configure DNSSEC

DNSSEC support must be enabled with your current DNS provider. At this time, Our default name servers do not support the creation of the appropriate resource records to create a proper DNSSEC chain.

If your DNS provider has enabled DNSSEC support, they will also provide you a corresponding Delegation Signer (DS) record that will need to be added to the appropriate registry's DNS zone.

If you do not have access to our Reseller API, please submit a Support Request with the DS record while logged into your account so that we may update this record on your behalf.

If you are an Enom.com Reseller, you may update,add or delete DS records by utilizing the following API calls:

https://www.enom.com/api/API%20topics/api_adddnssec.htm
https://www.enom.com/api/API%20topics/api_getdnssec.htm
https://www.enom.com/api/API%20topics/api_deletednssec.htm

Components of DNSSEC

There are 6 components to a DS key:

Domain Name - The domain name of the DNSSEC
TTL - The time to live
Key Tag- A numerical value that is used to identify the DNSSEC record.
Algorithm - The the algorithm used to generate the signature.
- 3 for DSA/SHA1
- 5 for RSA/SHA1
- 6 for DSA-NSEC3-SHA1
- 7 for RSASHA1-NSEC3-SHA1
- 8 for RSA/SHA-256
- 9 for RSA/SHA-512
- 13 for ECDSA/SHA-256
Digest Type - The algorithm type that was used to construct the digest.
- 1 for SHA-1
- 2 for SHA-256
Digest - A string value generated by the algorithm.

The components are usually generated and submitted in the bind format, and appears as follows:

example.com. IN DS 54321 8 1 1234567891012345678910

Comments

3 comments

brody ross

July 23, 2018 20:29
Why is there not options in domain settings for this??
0

Comment actions Permalink
brody ross

July 23, 2018 20:41
why the hell do I have to use the api, godaddy already has this built in tot the domain settings

https://www.godaddy.com/help/add-a-ds-record-23865
1

Comment actions Permalink
Newrac Lda

December 05, 2019 09:10
i need this too.
0

Comment actions Permalink

Please sign in to leave a comment.

Articles in this section

Related articles