We are aware of a potentially service impacting issue. Learn more

How to Enable DNSSEC on a Subdomain in cPanel with Its Own Account Print

  • dns, dnssec, subdomain, whm, cpanel, security, nameservers, seperate, subdomain on own account, subdomain on separate acccount
  • 94

How to Enable DNSSEC on a Subdomain in cPanel with Its Own Account

DNSSEC (Domain Name System Security Extensions) is an essential security feature that helps protect your domain and subdomains from DNS spoofing and other attacks by validating DNS responses. If you have a subdomain set up as its own cPanel account, you can enable DNSSEC to enhance its security. Follow this step-by-step guide to enable DNSSEC on a subdomain in cPanel.


Step 1: Log in to cPanel

  1. Access the cPanel account for your subdomain by navigating to its unique cPanel URL (e.g., https://subdomain.yourdomain.com:2083).

  2. Enter your username and password to log in.


Step 2: Access the DNS Zone Editor

  1. In the cPanel dashboard, locate the Domains section.

  2. Click on Zone Editor.


Step 3: Configure DNSSEC for the Subdomain

  1. In the Zone Editor, locate your subdomain in the list of available zones.

  2. Click on the DNSSEC button next to your subdomain (if available). If the DNSSEC option is not visible, ensure that DNSSEC is supported by your hosting provider for this account.


Step 4: Generate a Key Pair

  1. Click on Create Key or a similar option to generate a DNSSEC key pair.

  2. Specify the following details:

    • Key Tag: Leave the default value or enter a custom one if required.

    • Algorithm: Choose an algorithm (e.g., RSA-SHA256) supported by your registrar.

    • Digest Type: Select the digest type (commonly SHA-256).

  3. Save the key once it has been generated. This will also produce a DS (Delegation Signer) record.


Step 5: Add NS and DS Records to the Main Domain’s DNS Zone

  1. Log in to the cPanel account for the main domain (e.g., yourdomain.com).

  2. Navigate to the Zone Editor and locate the DNS zone for the main domain.

  3. Add the following records:

    • NS Record: Point the subdomain’s nameservers to the appropriate DNS servers.

    • DS Record: Enter the details from the DS record generated in the subdomain’s cPanel account. This includes:

      • Key Tag

      • Algorithm (8)

      • Digest Type (2)

      • Digest

Example:
subdomain.yourdomain.com. 14400 NS XX1.040services.net
subdomain.yourdomain.com. 14400 NS XX2.040services.net
subdomain.yourdomain.com. 14400 DS KEYTAG 8 2 DIGESTGOESHERE

  1. Save your changes.


Step 6: Verify DNSSEC Configuration

  1. Use a DNSSEC validation tool such as DNSViz or Verisign’s DNSSEC Debugger.

  2. Enter your subdomain (e.g., subdomain.yourdomain.com) and check if DNSSEC is configured correctly.

  3. Ensure that the status shows as secure without any errors.


Tips for Success

  • Registrar Support: Ensure your domain registrar supports DNSSEC for the main domain.

  • Propagation Time: DNSSEC changes may take time to propagate, so verify the configuration after some time.

  • Backup Keys: Keep a secure backup of your DNSSEC keys for future reference or recovery.


By following these steps, you can successfully enable DNSSEC on a subdomain configured as its own cPanel account, enhancing its security and protecting it from DNS-related threats.


Was this answer helpful?

« Back