How do I turn on DNSSEC?

DNSSEC adds a layer of authentication to an otherwise insecure DNS infrastructure. It ensures that visitors are directed to your web server when they type your domain into a web browser, which isn’t necessarily the case in DNS. You can learn more about how DNSSEC works in Introduction to DNSSEC.

DNSSEC is now available to all websites on Cloudflare. We’ll do the heavy lifting: we'll sign your zone, publish your public signing keys, and generate your DS record. Protecting your domain from DNS forgeries is just a few clicks away. All you need to do is enable DNSSEC in your Cloudflare dashboard and add the DS record to your registrar.

Instructions for enabling DNSSEC

1. Log in to the Cloudflare dashboard.

2. Open the DNS app


3. Scroll down to the DNSSEC module and click Enable DNSSEC.

4. A pop-up will open with instructions for how to add the DS record to your registrar. You will need to copy parts of the DS record and paste them into your registrar’s dashboard. Every registrar is different, and your registrar may only require you to enter in some of the available fields.

Once your registrar publishes the DS record, your domain will be DNSSEC-enabled. Good job! You can verify your DNSSEC configuration with the third-party DNSViz tool.

Still not finding what you need?

The Cloudflare team is here to help. 95% of questions can be answered using the search tool, but if you can’t find what you need, submit a support request.

Powered by Zendesk