DNSSEC Print

  • DNSSEC
  • 0

What is DNSSEC?

Domain Name System Security Extensions or DNSSEC, is an important security protocol that sits on top of the existing domain name system and provides a critical level of assurance that traffic comes from where it says it does. DNSSEC protects against forged DNS answers. DNSSEC protected zones are cryptographically signed to ensure the DNS records received are identical to the DNS records published by the domain owner. DNSSEC makes it much harder for hackers to perform man-in-the-middle attacks.

Enabling DNSEC

The steps required to enable DNSSEC depend upon a domain names Registrar and the nameservers or DNS service provider it is using. Begin by determining who your domain names Registrar is, the nameservers or DNS provider and DNSSEC status. To find this information perform a WHOIS lookup here:

https://www.alpineweb.com/domain-names/whois/

Look for the following fields (output from WHOIS servers may vary - these are intended as examples):

Registrar: eNom, LLC - 1 API GmbH
Name Server: lara.ns.cloudflare.com, will.ns.cloudflare.com
DNSSEC: unsigned or signedDelegation

Instructions for Enabling DNSSEC

AlpineWeb Customers can enable DNSSEC for their domains by following the instructions below:

If you are an AlpineWeb Customer and would like assistance in enabling DNSSEC for your domain to increase your domains security, submit a Help Ticket here:

https://www.alpineweb.com/backroom/submitticket.php?step=2&deptid=3


My Domains Registrar is Hexonet / 1 API GmbH and is using Cloudflare

There are two steps to enabling DNSSEC.

Begin by logging in to the AlpineWeb Customer Backroom:

https://www.alpineweb.com/backroom/clientarea.php

Your login details are as follows:

Login: The email address used during the initial account creation.
Password: Specified during the ordering process

After logging in to the AlpineWeb Customer Backroom take the following steps:

  1. Cloudflare - The first step is to enable and create DNSSEC records in Cloudflare.

    1. Navigate to:

      Services > My Services > Cloudflare Account: Manage > Manage Cloudflare

    2. Next, click on the DNS tab

    3. Click on Enable DNSSEC

      Note: If you encounter the following message you may need to refresh the page:

      The DS added to your registrar is incorrect! Please check the DS record below and make sure you've added the same record to your registrar.

    4. DNSSEC will be pending until the DS record has been added to your domains registrar. This usually takes ten minutes, but can take up to an hour.

  2. My Domains Registrar is Hexonet / 1 API GmbH

    1. After enabling DNSSEC in Cloudflare, a DNS record called a DS needs to be added at the registrar level. The DS helps DNS resolvers verify the public key used to sign your DNS records.

    2. In a new browser tab, navigate to:

      Domains > My Domains > Domain Name: Manage > DNSSEC Management

    3. Copy the individual DNSSEC records from the Cloudflare DNSSEC page into the domain names DNSSEC Management form:

      Example Records:

      DS Records
      Keytag: 2371
      Algorithin: 13
      Digest Type: 2
      Digest: Value from Cloudflare DNSEC page

      KEY Records
      Flags: 257
      Protocol: 3
      Algorithim: 13
      Public Key: Value from Cloudflare DNSEC page


My Domains Registrar is Enom and is using Cloudflare

There are two steps to enabling DNSSEC.

Begin by logging in to the AlpineWeb Customer Backroom:

https://www.alpineweb.com/backroom/clientarea.php

Your login details are as follows:

Login: The email address used during the initial account creation.
Password: Specified during the ordering process

After logging in to the AlpineWeb Customer Backroom take the following steps:

  1. Cloudflare - The first step is to create DNSSEC records in Cloudflare.

    1. Navigate to:

      Services > My Services > Cloudflare Account: Manage > Manage Cloudflare

    2. Next, click on the DNS tab

    3. Click on Enable DNSSEC

      Note: If you encounter the following message you may need to refresh the page:

      The DS added to your registrar is incorrect! Please check the DS record below and make sure you've added the same record to your registrar.

    4. DNSSEC will be pending until the DS record has been added to the domains registrar.

  2. My Domains Registrar is Enom

    1. After enabling DNSSEC in Cloudflare, a DNS record called a DS needs to be added at the registrar level. The DS helps DNS resolvers verify the public key used to sign your DNS records.

    2. A DS record wil need to be constructed and submitted to Enom using the following format:

      domain-name.com. 3600 IN DS 2371 13 2 30cd4ef1210ff5b4af5bef6384d08e31e9d158211026b323d6fb6750b82ddb4d


      <domain-name.com.> <TTL> IN DS <Key Tag> <Algorithim> <Digest Type> <Digest>


      Construct the DS record from the Cloudflare DNSSEC page values:

      Example Records:

      DS Records
      Keytag: 2371
      Algorithin: 13
      Digest Type: 2
      Digest: Value from Cloudflare DNSEC page

      KEY Records
      Flags: 257
      Protocol: 3
      Algorithim: 13
      Public Key: Value from Cloudflare DNSEC page

    3. After creating the DS record to be submitted to Enom, submit a Support Ticket to our Domain Name Service Department using the following example:

      Please add a DS record to Enom for my domain, my-domain-name.com
      
      My DS record is:
      
      my-domain-name.com. 3600 IN DS 2371 13 2 30cd4ef1210ff5b4af5bef6384d08e31e9d158211026b323d6fb6750b82ddb4d
      


      https://www.alpineweb.com/backroom/submitticket.php?step=2&deptid=3

    4. Enom's process may take 24-48 hours.


My Domains Name is not registered with AlpineWeb and is using Cloudflare

We recommend that you contact your Domain Registrar before beginning this process as some Registrars do not support DNSSEC.

There are two steps to enabling DNSSEC.

Begin by logging in to the AlpineWeb Customer Backroom:

https://www.alpineweb.com/backroom/clientarea.php

Your login details are as follows:

Login: The email address used during the initial account creation.
Password: Specified during the ordering process

After logging in to the AlpineWeb Customer Backroom take the following steps:

  1. Cloudflare - The first step is to create DNSSEC records in Cloudflare.

    1. Navigate to:

      Services > My Services > Cloudflare Account: Manage > Manage Cloudflare

    2. Next, click on the DNS tab

    3. Click on Enable DNSSEC

      Note: If you encounter the following message you may need to refresh the page:

      The DS added to your registrar is incorrect! Please check the DS record below and make sure you've added the same record to your registrar.

    4. DNSSEC will be pending until the DS record has been added to your domains registrar.

  2. My Domains Registrar

    1. After enabling DNSSEC in Cloudflare, a DNS record called a DS needs to be added at the registrar. The DS helps DNS resolvers verify the public key used to sign your DNS records.

    2. Contact your domains Registrar for instructions and guidance to enable DNSSEC for your domain name registration.

    3. Your Registrar's process may take 24-48 hours.


My Domain Name is not registered with AlpineWeb and is not using Cloudflare

If your domain name is not with an AlpineWeb Registrar you will need to contact your domains Registrar and DNS provider for instructions and guidance to enable DNSSEC for your domain name registration.


Was this answer helpful?

« Back