Table of Contents DNSSEC Activation About DNSSEC ? Important remarks Configuration DNSSEC Activation About DNSSEC ? Since its design in 1983, Domain Name System (DNS) is vulnerable to attacks. Attackers are able to falsify responses to queries to the DNS which allow them to redirect end users to Web sites under their own control. In response to these threats, DNSSEC cryptographically ensures that DNS content cannot be modified from its source without being detected. DNSSEC works by digitally signing each DNS record so that any tampering of that record can be detected. Important remarks DNSSEC involves : the domain's DNS server the registrar the registry the provider's DNS server Outside case 1, DNSSEC should be used by experimented people because of the propagation time or DNS cache. If you want to configure DNSSEC yourself: Always use external tools such as https://dnssec-analyzer.verisignlabs.com/ or http://dnsviz.net/ Registry do not support the same algorithms All DNS servers (clients) do not verify DNSSEC, you can achieve answers on them despite bad DNSSEC configuration Configuration Case 1 - Domain and DNS managed by Online Activation If your extension allows that, you can activate by clicking the button Desactivation Click the button to delete DNSSEC, for security, it is advised to wait 48 hours before addding it again Case 2 - Domain is managed by Online with your own DNS server Activation After the generation of your key (depending on your extension), you can fill the different information to transfer them to the registrar In case of error, you can modify them after Desactivation Click on “DELETE DS RECORDS” to ask for deletion on the registry. After that it is up to you to delete on the DNS server