We are aware of a potentially service impacting issue. Learn more

How to Enable DNSSEC on a Main Domain in cPanel Print

  • DNS, dnssec, whm, cpanel, security, nameservers
  • 90

DNSSEC (Domain Name System Security Extensions) is an essential security feature that helps protect your domain from DNS spoofing and other attacks by validating DNS responses. Enabling DNSSEC on your main domain in cPanel ensures that your domain’s DNS records are cryptographically signed, enhancing overall security. Follow this step-by-step guide to enable DNSSEC on your main domain.


Step 1: Log in to cPanel

  1. Access the cPanel account for your main domain by navigating to your cPanel URL (e.g., https://yourdomain.com:2083).

  2. Enter your username and password to log in.


Step 2: Access the DNS Zone Editor

  1. In the cPanel dashboard, locate the Domains section.

  2. Click on Zone Editor.


Step 3: Enable DNSSEC

  1. In the Zone Editor, locate your main domain in the list of available zones.

  2. Click on the DNSSEC button next to your main domain (if available). If the DNSSEC option is not visible, ensure that DNSSEC is supported by your hosting provider for this account.


Step 4: Generate a Key Pair

  1. Click on Create Key or a similar option to generate a DNSSEC key pair.

  2. Specify the following details:

    • Key Tag: Leave the default value or enter a custom one if required.

    • Algorithm: Choose an algorithm (e.g., RSA-SHA256) supported by your registrar.

    • Digest Type: Select the digest type (commonly SHA-256).

  3. Save the key once it has been generated. This will also produce a DS (Delegation Signer) record.


Step 5: Add the DS Record to Your Domain Registrar

  1. Copy the DS record provided in cPanel. This will include information such as:

    • Key Tag

    • Algorithm

    • Digest Type

    • Digest

  2. Log in to your domain registrar’s control panel.

  3. Navigate to the DNS management section and locate the DNSSEC settings.

  4. Add the DS record for your main domain by pasting the details from cPanel.

  5. Save your changes.


Step 6: Verify DNSSEC Configuration

  1. Use a DNSSEC validation tool such as DNSViz or Verisign’s DNSSEC Debugger.

  2. Enter your main domain (e.g., yourdomain.com) and check if DNSSEC is configured correctly.

  3. Ensure that the status shows as secure without any errors.


Tips for Success

  • Registrar Support: Ensure your domain registrar supports adding DS records.

  • Propagation Time: DNSSEC changes may take time to propagate, so verify the configuration after some time.

  • Backup Keys: Keep a secure backup of your DNSSEC keys for future reference or recovery.


By following these steps, you can successfully enable DNSSEC on your main domain, enhancing its security and protecting it from DNS-related threats.

 


Was this answer helpful?

« Back