How to configure DNSSEC for an internal domain name

Reviewed on June 11, 2025

DNSSEC uses digital signatures based on public key cryptography to strengthen DNS authentication. You can enable or disable DNSSEC for each of your internal domain names.

This page shows you how to enable DNSSEC for your Domains and DNS internal domains only. You can also enable DNSSEC using the API.

Before you start

To complete the actions presented below, you must have:

• A Scaleway account logged into the console
• Owner status or IAM permissions allowing you to perform actions in the intended Organization
• An internal domain name managed with Scaleway Domains and DNS

How to activate DNSSEC

1. Click Domains and DNS in the Domains & Web Hosting section of the Scaleway console side menu. The Domains and DNS dashboard displays with a list of your domains.
2. Click the Internal domains tab. The list of your internal domains displays.
3. Click the domain name you want to configure.
4. Click Activate under DNSSEC in the domain information section. Open Image over content
   Close current Lightbox

DNSSEC will be active in a matter of minutes.

How to edit or deactivate DNSSEC

1. Click Domains and DNS in the Domains & Web Hosting section of the Scaleway console side menu. The Domains and DNS dashboard displays with a list of your domains.
2. Click the Internal domains tab. The list of your internal domains displays.
3. Click the domain name you want to configure.
4. Click Deactivate under DNSSEC in the domain information section.

DNSSEC deactivation can take up to 48 hours to fully propagate.