How to Enable DNSSEC For Your Website

An interface showing a website with DNSSEC signed
An interface showing a website with DNSSEC signed

With Cloudflare, you can easily enable DNSSEC for your own website. It is available on the free plan.

As you already added and configured your website on Cloudflare, let’s enable DNSSEC for your website.

Before you start, please make sure that you already disabled DNSSEC from your domain registrar. Some domain registrars are already enabled DNSSEC support for their domains. Cloudflare would not be able to issue new DNS records for DNSSEC if it is not disabled.

As Vulcan is using Rumahweb, Rumahweb already provided a menu to enable DNSSEC but it is not enabled by default so you will need to supply your own keys.

After that, you can start adding DNSSEC by following these steps:

  1. Login to the Cloudflare Dash(board).
  2. Select your account and domain.
  3. Navigate to DNS > Settings.
  4. You will see DNSSEC option, click Enable DNSSEC.
  5. You will get a window with necessary information, copy and note them because you will use them later.

Login to your domain registrar client page, find a DNSSEC option, and add the values that you have noted before. Here is an example from Rumahweb:

You should copy the Key Tag, set the algorithm to ECDSA P-256 with SHA-256 (Algorithm 13) as Cloudflare is using that algorithm, set the Digest Type (for Vulcan, it is 2), and copy the Digest from the Cloudflare DNSSEC window.

After that, please wait while Cloudflare propagates DNSSEC records for your website.

So, how to make sure that DNSSEC is already enabled on your website?

You can validate the DNSSEC for your website by running a test on Internet.nl, have a look at the DNSSEC section of the test. If the section has green circle checkmark, congratulations, your website is already DNSSEC-enabled!

Thanks for reading this article!

Leave a Reply

Your email address will not be published. Required fields are marked *