What is DNSSEC?
DNSSEC or Domain Name System Security Extensions is a security level that you can put on your domain to protect your visitors from different forms of attacks. This is done with digital signature records or DS records. The DNS server will compare its DS record to the DS record at the domain’s registrar. If the DS records match then you know the record is authentic and the visitor’s information is safe.
How to use DNSSEC in cPanel
To use DNSSEC in cPanel you would first need to to the “Zone Editor” tab in the domains section. Once in there you will want to find the domain you would like to use and click the DNSSEC button for that domain. We will be using example.com in this guide.
On this screen, you will have the choice to either import a key or create a key. If you already have a key to use you will want to import it and use that for your DNSSEC. If you do not already have a key you will want to create a key.
When creating a key, you can either choose to create or customize.
If you choose to create it will create 2 basic keys to bind to your domain. If you will choose to customize you will be given a screen to configure a key to either be more secure or to your liking.
Once you have you created the keys they will show up on your page with a couple of different options. You will be able to view the DS records that you just created and export the key. By view the DS records that will give you all of the information needed when putting it in DNS manager. The export button will give you a copy of the key if you would like to use the same key again for another domain.
When clicking on the arrow next to your key tag it will give you a couple more options. These options would be to deactivate or delete that ceratin key.
The Deactivate button will make it show that the key does not work any longer but it will not remove the key from your page. You would do this when you are trying to configure a new key but would still like this key to reference. The Delete button will completely remove this record from your page. You would like to do this when have completely configured another key and you do not need this key any longer.
Now that you have created your DNSSEC keys you can add those DS records to your DNS manager and protect your visitors.