DNSSEC Setup


DNSSEC is a set of extensions to DNS which enable establishing a chain of trust for a domain. By signing their zone with DNSSEC, domain registrants protect the visitors of their websites against phishing, cache poisoning and many other Internet threats.

Establishing a Chain of Trust

In order to establish a chain of trust, you need to:

  • Sign the domain zone and upload it to the authoritative DNS server
  • Log in to "Manage your account → My domains", enter the DNSKEY record, one or several DS records.

For gTLDs and foreign (i.e., not Russian) ccTLDs you can specify only a DS record.

Change Implementation Time

Change implementation time depends on when the changes were made and corresponds to domain delegation time:

  • for .РФ and .SU domains - up to 2 hours;
  • gTLDs and foreign ccTLDs are signed within a few minutes.

Turning Off DNSSEC

You may delete domain chain of trust in panel "Manage your account → My domains". This will delete all the DS records of the domain.