fb-pixel

How to enable DNSSEC for your domains

To enable DNSSEC on your domain, follow these two simple steps:

  1. Generate DNSSEC keys through cPanel.
  2. Add the DS record via the Customer Area.

With SupportHost, DNSSEC is available on all TLDs.

Here’s a step-by-step guide on activating DNSSEC:

Generate DNSSEC keys via cPanel

Log-in to cPanel and under the “Domains” section, click on “Zone Editor.”

Cpanel Zone Editor

You’ll see a list of associated domains. For the domain you wish to enable DNSSEC on, click the “DNSSEC” button.

Cpanel Zone Editor Enable Dnssec Domain

In the DNSSEC settings, click on “Create Key” to generate the public keys (KSK and ZSK) used to encrypt your data.

Dnssec Cpanel Create Key

A window will appear showing the algorithm used to create the DNSSEC keys. Click “Create” to proceed.

Confirm Create Keys Zsk Ksk Dnssec Cpanel

Add the DS Record via the Customer Area

Log into the customer area and go to the “Domains” section.

Client Area Supporthost Manage Domains

Locate the domain for which you want to activate DNSSEC, and click the wrench icon to access domain management.

Domain Management Enabling Dnssec

From the left-hand menu, click on “DNSSEC Management” under the “Manage” section.

Dnssec Management Client Area Supporthost

The next steps differ depending on the type of domain you are activating DNSSEC for:

  • All domains.
  • .eu domains.

Activating DNSSEC for all TLDs (except “.eu”)

This procedure applies to all top-level domains (TLDs) where DNSSEC can be activated, excluding “.eu” domains. If you wish to enable DNSSEC for “.eu” domains, please follow the steps in the next section of this tutorial.

From the “DNSSEC Management” panel, you can input the necessary information to create the DS (Delegation Signer) record.

The required data were generated earlier when setting up the DNS Zone for DNSSEC. You can locate this information in cPanel by opening the Zone Editor tool and selecting DNSSEC > View DS Records.

Zone Editor Dnssec View Ds Records

Next, transfer the data from the cPanel screen (displayed on the right) to the Customer Area screen (on the left). You will need to enter the Key Tag, Algorithm, Digest Type, and Digest.

Add Ds Record Enabling Dnssec Domain

To complete the process, click “Save Changes.” A confirmation message will appear, indicating that DNSSEC has been successfully enabled.

Dnssec Enabled Domain Supporthost

If you wish to disable DNSSEC, simply click the “Disable” button in this section. Disabling DNSSEC will remove the DS records you previously entered.

If you make any changes to the DS record, you will need to click the “Save Changes” button again to apply the updates.

Activate DNSSEC for “.eu” Domains

For “.eu” domains, the DNSSEC activation process differs slightly from other TLDs.

In the Customer Area, navigate to “Domains,” then select the wrench icon next to the desired domain and click on “DNSSEC Management,” as shown in the previous steps.

Dnssec Management Client Area Supporthost

For “.eu” domains, you only need two pieces of information: the algorithm type and the public key (Public DNSKEY).

In cPanel, after creating the DNSSEC keys (as outlined in the earlier part of this tutorial), open the “Zone Editor” tool and click on “DNSSEC.”

Expand the section for the “KSK” (Key Signing Key) by clicking the arrow to the left.

  • Here, you’ll find the algorithm used, for example, RSA/SHA-256 (Algorithm 8).
  • Select the same algorithm in the Customer Area, as shown in the screenshot.
Dnssec Activation Eu Domains Step1

Next, click on “Public DNSKEY” in cPanel.

Activate Dnssec Eu Domain

A new screen will appear where you can copy the “Public DNSKEY” using the “Copy” button.

In the Customer Area, paste this public key and click “Enable.”

Dnssec Activation Eu Domains Step2

A notification will confirm that DNSSEC has been successfully enabled.

To disable DNSSEC, click the “Disable” button.


Try one of our hosting plans for free and without obligation for 14 days. No payment information required!