Pre-requirements

  • Ensure your domain is using the correct nameservers and has DNS propagation completed.
  • Access to your domain registrar to update DS (Delegation Signer) records.
  • cPanel access to the Zone Editor feature.

Important Warnings Before Proceeding

  • Do not change name servers while DNSSEC is enabled. Changing nameservers with DNSSEC enabled may result in your domain failing to resolve.
  • Before changing nameservers or transferring domains, disable DNSSEC and wait at least 72 hours for DNS propagation to complete.
  • If transferring to a new web host or domain registrar, remove DS records from the registrar before the transfer. Wait for propagation before initiating the transfer.
  • After completing the transfer, re-add the DS records at the new registrar to avoid potential DNS resolution issues.

Steps to Create a DNSSEC Key in cPanel

  1. Log in to your cPanel account.
  2. Scroll down to the Domains section and click Zone Editor.
  3. In the Zone Editor interface, locate the domain you want to enable DNSSEC for, and click the DNSSEC button next to it.
  4. In the DNSSEC interface, click Create Key.
  5. A confirmation message will appear. Click Create to generate the DNSSEC key.
  6. Once the key is generated, the DS Records interface will display the key details.

Adding the DS Record at Your Domain Registrar

After creating the DNSSEC key in cPanel, you must add the DS record to your domain registrar. Follow these steps:

  1. Determine the digest type your registrar supports (usually SHA-1 or SHA-256).
  2. In cPanel, click Copy next to the appropriate digest record.
  3. Go to your domain registrar's website and navigate to the DNS management section.
  4. Add the DS record by pasting the copied information into the appropriate fields at your registrar's site.

Gotchas to Avoid

  • Always ensure you copy the correct digest type supported by your registrar (e.g., SHA-1, SHA-256) to prevent DNSSEC configuration errors.
  • If you're planning a DNS transfer, disable DNSSEC and remove DS records at least 72 hours prior to avoid propagation delays.

Linux Command to Verify DNSSEC

dig +dnssec example_rdomain.com

This command checks if DNSSEC is properly configured for your domain.

Once DNSSEC is set up, the command should return DNSSEC-related records. If the setup is incorrect, the output may show missing DNSSEC records or validation failures.

Did this answer help? 0 People found this helpful (0 Votes)

Top Articles

Domain Aliasing Done Right: Expanding Your Website's Reach with cPanel

Imagine having multiple domain names all leading to your fantastic website! With domain aliases...
How to Create New Addon Domains on Your cPanel Account

Want to host multiple websites under one WebHostingM cPanel account? Addon domains let you easily...
Creating a Subdomain in cPanel: Expanding Your Website's Reach with cPanel

Learn how to create and manage subdomains within your cPanel interface. Understand the difference...
How To Master Subdomains, Addons, and Aliases Creation in cPanel

Learn how to create and manage subdomains, addon domains, and alias domains within your cPanel...
Enabling or Disabling Domain Alias Redirection in cPanel: How To

Learn how to enable or disable redirection for domain aliases in cPanel. Follow these...