Jump toUpdate content

How to enable DNSSEC

Reviewed on 26 May 2021Published on 26 May 2021

Since its design in 1983, DNS has been vulnerable to attacks. Attackers are able to falsify responses to DNS queries which allow them to redirect end users to web sites under their own control. In response to these threats, DNSSEC was deployed. DNSSEC cryptographically ensures that DNS content cannot be modified from its source without being detected. It works by digitally signing each DNS record so that any tampering of that record can be detected.

DNSSEC therefore involves:

  • the domain’s DNS server
  • the registrar
  • the registry
  • the provider’s DNS server

DNSSEC should only be used by experienced users, due to the propagation time of the DNS cache. If you do want to configure DNSSEC yourself, bear in mind that:

Requirements:
  • You have an account and are logged into the Dedibox Console
  • You own a domain name

How to activate and deactivate DNSSEC if your domain and DNS are managed by Scaleway

Although DNSSEC should generally only be configured by experienced users, this simple activation/deactivation is easy to carry out.

  1. Log in to the console.

  2. Click Domain. A list of your domains displays.

  3. Click Configure domain name next to the relevant domain.

  4. Click the Manage DNSSEC tab.

  5. Click the Activate DNSSEC button to activate DNSSEC, if allowed by your domain extension. If DNSSEC is already activated, the Deactivate DNSSEC button displays, allowing you to deactivate it if you wish.

Note:

If you deactivate DNSSEC, it is advised to wait 48 hours before activating it again.

How to activate and deactivate DNSSEC if your domain is managed by Scaleway with your own DNS server

  1. Log in to the console.

  2. Click Domain. A list of your domains displays.

  3. Click Configure domain name next to the relevant domain.

  4. Click the Manage DNSSEC tab.

  5. Depending on whether you want to activate or deactivate DNSSEC:

  • Activation: A key is generated for you. Complete the rest of the configuration fields, and click Update DNS Records to transfer them to the registrar. In case of error, you can modify this information at a later date.
  • Deactivation: Click Delete DNS Records to request deletion from the registry. You will then need to delete the records from the DNS server yourself.
See Also