Skip to content
English
Submit Ticket
  • There are no suggestions because the search field is empty.

Configuring (external) DNSSEC for your DNS Zone

What is DNSSEC?

DNSSEC adds cryptographic security to the Domain Name System to ensure that DNS responses are authentic and have not been altered in transit. It helps verify that users are being directed to the correct destination.

DNSSEC protects against:

  • DNS spoofing
  • Cache poisoning attacks
  • Tampering with DNS responses

When DNSSEC is enabled, resolvers receive cryptographically verified DNS data that can be trusted as originating from the authoritative DNS zone.

How DNSSEC Works

DNSSEC uses digital signatures attached to DNS records. These signatures are validated through a chain of trust that starts at the DNS root and continues down to the domain.

Key components include:

  • DNSKEY – public key of the zone
  • DS record – delegation signer linking parent and child zones
  • RRSIG – cryptographic signature for DNS data

Activate DNSSEC for your DNS Zone

If your domain is hosted with OpusDNS (OpusDNS Nameservers), DNSSEC configuration is included free of charge. However, it must be manually enabled, as it is disabled by default.

Where can i find it in the Domain settings?

Path: Left sidebar → Domains → All Domains → click on a domain → navigate to the DNS tab → choose DNSSEC in the sidebar

Direct URL: /domains/[DOMAIN]/dns/dnssec

Here you will see an overview of your DNSSEC status. 

Step-by-Step Setup
  1. Navigate to the DNS panel and select DNSSEC
  2. Click on Configure DNSSEC
  3. Enable DNSSEC
  4. Click on Save DNSSEC

 

Where can i find it in the Zone settings?

Alternatively you can find the DNSSEC configuration here:

Path: Left sidebar → DNS Zones → All DNS Zones → click on a zone

Direct URL: /dns/[ZONE]

There is a dedicated DNSSEC status panel where you can enable DNSSEC.

Step-by-Step Setup
  1. Navigate to the DNSSEC panel
  2. Click on Enable DNSSEC
  3. Turn the DNSSEC Status on via Toggle
  4. Click on Enable DNSSEC

Screenshot 2026-05-27 at 13.51.26


External Nameservers and DNSSEC

If you use external nameservers, DNSSEC support depends entirely on your provider. Not all DNS providers support DNSSEC or implement it in a compatible way.

Please verify DNSSEC support with your DNS provider before enabling it.

Where can i find it?

Path: Left sidebar → Domains → All Domains → click on a domain

Direct URL: /domains/[DOMAIN]


What can I see?

On the domain overview page, you will find:

  • Domain details
  • Nameserver panel
  • Security settings
  • Contact information
  • DNS Zones
  • DNSSEC panel


Step-by-Step Setup

  1. Navigate to the Domain settings panel
  2. Navigate to DNSSEC
  3. Click on Configure DNSSEC
  4. Enable DNSSEC
  5. Add the DS records provided by your DNS provider to activate DNSSEC for your domain. You can choose between two input formats:
    1. Complete DS record (single-field input)

      Screenshot 2026-05-22 at 10.18.28


    2. Separated fields, where you manually enter:

      Screenshot 2026-05-22 at 10.18.24
      1. Key Tag
      2. Algorithm
      3. Digest Type
      4. Digest
  6. Click Save DNSSEC