If you wish to secure your domain name with DNSSEC and you're using your own custom nameservers, you can configure DNSSEC inside your control panel.
If you're using the TransIP nameservers, DNSSEC will automatically be enabled. Use this article if you want to manually configure DNSSEC in your control panel.
Configuring DNSSEC in your control panel
Visit the control panel and head to 'Domain' at the top of the page. Next, select your domain name on the left hand side (don't check the box).
At the top of the page you will see your domain name and the button 'Manage' next to it. Click on this button and select 'DNSSEC settings'.
Take note: You will only be able to configure the DNSSEC settings when using your own custom nameservers. If you're using the TransIP nameservers, DNSSEC will automatically be used for your domain name and the 'DNSSEC settings' button will not be visible.
We recommend using a zone-signer script in order to complete your DNSSEC settings, such as ‘Zonesigner’. Please note that you will need both Bind and Perl to use Zonesigner.
If you are name servers from another service such as CloudFlare, the Key Tag, algorithm and KSK (Key Signing Key) will be provided by them.
After clicking on 'DNSSEC settings' you will find yourself on the following page.
Below you can find an explanation of the different DNSSEC settings.
Key Tag:
The required Key Tag consists of 4 or 5 digits and can be found in your DNS zone using Zonesigner.
Algorithm:
Enter the specific algorithm required to encrypt the public key. You can find the corresponding algorithm in your DNS zone.
Flags:
You can choose between a Key Signing Key (KSK, 257) and a Zone Signing Key (ZSK, 256). The Key Signing Key is the most used flag.
Public Key:
The digital signature of the records in your DNS zone is checked by the public key. You can find the public key near the corresponding DNSSEC records in your DNS zone.
When you've configured your DNSSEC settings, click 'Save'.
The Key Tag can be found in the DS record. The Algorithm, Flag, and Public key can be found in the DNSKEY record.
This handy tool can help you get the correct information.
In this article we explained how you can configure DNSSEC for your own custom nameservers inside your control panel.
If you have any questions regarding this article, please contact our support team. You can reach them using the 'Contact us' button below or via the 'Contact' button inside your control panel.