Sidebar

Enabling DNSSEC

This guide provides step-by-step instructions for enabling DNSSEC (Domain Name System Security Extensions) on your domains in the UK DNS Privacy Project authoritative DNS service.

Prerequisites

Before enabling DNSSEC, ensure:

  1. Your domain is fully delegated to our nameservers:
    • ns1.dnsprivacy.org.uk
    • ns2.dnsprivacy.org.uk
  2. Your domain registrar supports DNSSEC DS record configuration
  3. You have access to update your domain’s settings at your registrar

Step 1: Enable DNSSEC in Your Domain Settings

  1. Log in to your UK DNS Privacy Project dashboard
  2. Navigate to Dashboard > Authoritative Domains
  3. Click on the domain name for which you want to enable DNSSEC
  4. Click the Edit button in the top-right corner
  5. Find the DNSSEC Enabled checkbox in the security settings section
  6. Check the box to enable DNSSEC
  7. Click Save Changes to apply the setting
DNSSEC enabling checkbox in domain settings

After saving, our system will automatically:

  • Generate the necessary cryptographic keys (KSK and ZSK)
  • Sign all DNS records in your domain
  • Make the signed records available via our nameservers

Step 2: Obtain DS Records

Once DNSSEC is enabled, you need to obtain the DS (Delegation Signer) records to provide to your domain registrar:

  1. Return to your domain’s details page
  2. Click on the DNSSEC tab or section
  3. You’ll see the generated DS records, typically in this format:
DS records display in the DNSSEC section

You’ll need to copy these values to provide to your registrar. DS records typically include:

  • Key Tag (a numerical identifier)
  • Algorithm (a number representing the cryptographic algorithm)
  • Digest Type (a number representing the hash function)
  • Digest (the hexadecimal hash value)

Example DS record:

12345 13 2 1A2B3C4D5E6F7G8H9I0J1K2L3M4N5O6P7Q8R9S0T1U2V3W4X5Y6Z7

Step 3: Add DS Records at Your Registrar

To complete the DNSSEC setup, you must add the DS records at your domain registrar:

  1. Log in to your domain registrar’s account
  2. Navigate to the domain’s management page
  3. Look for DNSSEC, DS Records, or Security settings
  4. Enter the DS record(s) from Step 2

The exact process varies by registrar.

Step 4: Verify DNSSEC Configuration

After adding the DS records at your registrar, you should verify that DNSSEC is working properly:

  1. Allow time for the DS records to propagate (typically 24-48 hours)
  2. Use online DNSSEC validation tools such as:
  3. Enter your domain name and check for a successful DNSSEC validation
DNSSEC verification tool showing successful validation

DNSSEC Status Indicators

In your domain list and domain details page, you’ll see DNSSEC status indicators:

  • DNSSEC Disabled: Red badge indicating DNSSEC is not enabled
  • DNSSEC Enabled (No DS): Yellow badge indicating DNSSEC is enabled but DS records are not configured at registrar
  • DNSSEC Enabled: Green badge indicating DNSSEC is fully configured and operational

Disabling DNSSEC

If you need to disable DNSSEC:

  1. First, remove the DS records from your domain registrar
  2. Wait 24-48 hours for these changes to propagate
  3. Then disable DNSSEC in your domain settings in the UK DNS Privacy Project dashboard

Important: Disabling DNSSEC in your dashboard before removing DS records from your registrar can cause DNS resolution failures for your domain.

Troubleshooting

Common Issues

DNSSEC Validation Failures

If DNSSEC validation fails:

  • Verify the DS records at your registrar match those in your dashboard
  • Check if your registrar has properly published the DS records
  • Allow sufficient time for propagation (24-48 hours)

DNS Resolution Problems

If you experience website or email connectivity issues:

  • Verify the DS records are correctly configured
  • Check for DNSSEC validation errors using online tools
  • Temporarily disable DNSSEC if needed (remove DS records first, then disable in dashboard)

DS Record Mismatch

If the DS records don’t match:

  • Update the DS records at your registrar to match those in the dashboard
  • If the issue persists, contact our support team

Our use of cookies
We use a session cookie to maintain your login state when you create an account with us. This cookie is essential for the operation of our website and is used solely for authentication purposes. For more information, please read our privacy policy.