DNSSEC

DNSSEC checks the data using cryptographically secured signatures, which are calculated using the data to be protected and transmitted to the client together with the data. The signature used can be used to check whether the data was sent from an authorized source. At the same time, the signature makes it possible to check whether data has been altered in transit.

Requirements for activating DNSSEC

The following requirements must be met for DNSSEC to be used:

• DNSSEC support at TLD level (e.g. .de)
• DNSSEC support from the DNS provider

Automatic configuration

For the automatic activation of DNSSEC, both the DNS zone and the domain must be managed via creoline DNS. The following requirements must be met for automatic configuration:

• DNSSEC must be deactivated for the domain
• DNSSEC must be deactivated for the DNS zone
• The domain must have been registered via creoline
• The DNS zone must be managed via creoline DNS
• The nameservers of the domain must point to the standard creoline nameservers

Navigate to the DNS zone for which you want to enable DNSSEC and click Settings → Enable DNSSEC.

You can use the pop-up window to specify the mode in which DNSSEC is to be activated.

Manual configuration

Navigate to the DNS zone for which you want to activate DNSSEC and click on Settings → Activate DNSSEC.

Select the Generate DNSSEC configuration only mode so that the DNSSEC configuration is not automatically stored with the domain.

Select the DNSSEC button to display the current DNSSEC configuration.

Store the DNSKEY entry 257 KSK with your domain provider in order to fully sign the DNS zone. The DNSKEY entry of Type 256 ZSK does not need to be stored with your domain provider.