• יום שני, נובמבר 1, 2021

When it comes to DNSSEC (Domain Name System Security Extensions), your domain name registrar plays a crucial role in establishing a secure connection between your signed domain and the higher-level name servers. This connection forms a "chain of trust" that ensures the integrity and authenticity of your domain. The process starts at the root of the DNS system, extends to the top-level domains (TLDs), and eventually encompasses second-level domain names like "example.com" and beyond.


How do I setup DNSSEC for .LY domain?

DNSSEC adds an extra layer of authentication layer to DNS, making sure that visitors go to your domain instead of a spoofed domain.

 

To configure DNSSEC, you first enable it with your DNS Provider and then add a DS record at your domain registrar.

 

Step 1 – Enable DNSSEC with your DNS Provider

First, DNSSEC needs to be enabled for your domain by your DNS Provider. If you are using another DNS provider for your domain, for example, Cloudflare, you should be able to Enable DNSSEC from your provider control panel.

In this example, we are using Cloudflare DNS, but the general steps are similar to most providers. If in doubt, please contact your DNS provider customer support.

 

By enabling DNSSEC first in the Cloudflare dashboard, you’re asking Cloudflare to generate the data necessary for adding a delegation signer (DS) record to your domain at the registrar. To obtain the Cloudflare DS record data:

 

Log in to the Cloudflare dashboard.

Ensure the website for the DS record you need is selected.

Click the DNS app.

Scroll down to the DNSSEC panel.

Click Enable DNSSEC. You will see a dialog informing you that your configuration is pending until the DS record is added at your registrar.

Next, click to expand the DS Record dropdown in the DNSSEC panel.

Copy the DS Record fields for Step-2

 

Step 2 – Add the DS record to your registrar

To complete your DNSSEC configuration, it is necessary for your domain to have a DS record in your domain DNS configuration at the registrar. To complete this step:

 

Log in to your Client Area

Open a new Support Ticket requesting to configure DS records for your “.LY” domain. Please include the following information obtained from Step-1 above:

Domain Name (Required)

DS Record (Required)

Digest (Required)

Digest Type (Required)

Algorithm (Required)

Public Key (Optional)

Key Tag (Required)

Once your support ticket is processed, you will receive confirmation that DNSSEC has been configured for your “.LY” domain

 

Step 3 – Verification (Optional)

After your receive confirmation that DNSSEC has been configured for your domain, please allow enough time for DNS propagations to complete, this might take up to 4 hours.

 

You can use an online tool for DNSSEC validation such as DNSSEC Analyzer to test and verify the configuration for your domain from both the DNS Provider and the Registrar side.