DNSSEC adds an extra layer of authentication layer to DNS, making sure that visitors go to your domain instead of a spoofed domain.
To configure DNSSEC, you first enable it with your DNS Provider and then add a DS record at your domain registrar.
Step 1 – Enable DNSSEC with your DNS Provider
First, DNSSEC needs to be enabled for your domain by your DNS Provider. If your DNS provider is Register.ly, e.g. your domain name servers are ns1.ns.ly, ns2.ns.ly, etc. Then please log in to your Client Area and open a support ticket requesting to enable and configure DNSSEC for your domain.
If you are using another DNS provider for your domain, for example, Cloudflare, you should be able to Enable DNSSEC from your provider control panel.
In this example, we are using Cloudflare DNS, but the general steps are similar to most providers. If in doubt, please contact your DNS provider customer support.
By enabling DNSSEC first in the Cloudflare dashboard, you’re asking Cloudflare to generate the data necessary for adding a delegation signer (DS) record to your domain at the registrar. To obtain the Cloudflare DS record data:
- Log in to the Cloudflare dashboard.
- Ensure the website for the DS record you need is selected.
- Click the DNS app.
- Scroll down to the DNSSEC panel.
- Click Enable DNSSEC. You will see a dialog informing you that your configuration is pending until the DS record is added at your registrar.
- Next, click to expand the DS Record dropdown in the DNSSEC panel.
- Copy the DS Record fields for Step-2
Step 2 – Add the DS record to your registrar
To complete your DNSSEC configuration, it is necessary for your domain to have a DS record in your domain DNS configuration at the registrar. To complete this step:
- Log in to your Client Area
- Open a new Support Ticket requesting to configure DS records for your “.LY” domain. Please include the following information obtained from Step-1 above:
- Domain Name (Required)
- DS Record (Required)
- Digest (Required)
- Digest Type (Required)
- Algorithm (Required)
- Public Key (Optional)
- Key Tag (Required)
- Once your support ticket is processed, you will receive confirmation that DNSSEC has been configured for your “.LY” domain
Step 3 – Verification (Optional)
After your receive confirmation that DNSSEC has been configured for your domain, please allow enough time for DNS propagations to complete, this might take up to 4 hours.
You can use an online tool for DNSSEC validation such as DNSSEC Analyzer to test and verify the configuration for your domain from both the DNS Provider and the Registrar side.