How to enable DNSSEC on your domain

DNSSEC, or Domain Name System Security Extensions, is a suite of security protocols that safeguards the integrity and authenticity of DNS data.

Framer supports DNSSEC, but you must set it up with your DNS provider, outside of Framer. It’s important to note that DNSSEC increases complexity and affects performance due to larger DNS packets and the need for regular key management. It can also lead to compatibility issues and misconfiguration risks, which may cause DNS resolution failures.

While DNSSEC enhances the integrity and authenticity of DNS data, it does not protect against all DNS attacks and can introduce new vulnerabilities. In short, ensure you make the right trade-off.

Enabling DNSSEC for your domain enhances security by preventing attackers from manipulating DNS responses. It ensures data integrity and authenticity through digital signatures, protecting against DNS spoofing and cache poisoning attacks. This makes your online presence more secure.

To enable DNSSEC, follow these steps:

  1. Ensure your DNS hosting provider supports DNSSEC, as not all providers do.

  2. Log in to your DNS provider’s control panel and look for DNSSEC settings.

  3. Generate DNSSEC keys. Some providers automatically generate these keys, while others require manual configuration.

  4. Publish DNSSEC records, typically DS (Delegation Signer) records that include public keys and other necessary information.

  5. Obtain the DS record from your DNS provider after enabling DNSSEC.

  6. After obtaining the DS record, go to the DNS settings of your domain and add the DS record details provided by your DNS hosting provider.

  7. Use online tools like DNSViz or Verisign DNSSEC Analyzer to verify the DNSSEC status of your domain.

Please note that the specific details above may vary based on the DNS host and domain registrar. Additionally, ensure you follow best practices for key management. Improper configuration can lead to DNS resolution failures and make your website unavailable.