DNSSEC Activation

About DNSSEC ?

Since its design in 1983, Domain Name System (DNS) is vulnerable to attacks. Attackers are able to falsify responses to queries to the DNS which allow them to redirect end users to Web sites under their own control.

In response to these threats, DNSSEC cryptographically ensures that DNS content cannot be modified from its source without being detected. DNSSEC works by digitally signing each DNS record so that any tampering of that record can be detected.

Important remarks

DNSSEC involves :

  • the domain's DNS server
  • the registrar
  • the registry
  • the provider's DNS server

Outside case 1, DNSSEC should be used by experimented people because of the propagation time or DNS cache.

If you want to configure DNSSEC yourself:

Configuration

Case 1 - Domain and DNS managed by Online

Activation

If your extension allows that, you can activate by clicking the button

Desactivation

Click the button to delete DNSSEC, for security, it is advised to wait 48 hours before addding it again

Case 2 - Domain is managed by Online with your own DNS server

Activation

After the generation of your key (depending on your extension), you can fill the different information to transfer them to the registrar In case of error, you can modify them after

Desactivation

Click on “DELETE DS RECORDS” to ask for deletion on the registry. After that it is up to you to delete on the DNS server