Skip to content

DNSSEC

Domain Name System Security Extensions (DNSSEC) allow domain owners to digitally sign their DNS records. By doing this, users are protected from DNS data that has been corrupted, either accidentally or maliciously.

Two things are required for DNSSEC to work: 1. DNS servers that publishes the DNS records must ensure that the DNS data is signed 2. The devices that fetch information from that domain needs to ensure that they validate the records and display errors if they cannot be validated

A great deal of pain is taken out of this process by Cloudflare.

How to enable DNSSEC with Cloudflare

Visit this page for instruction on how to enable DNSSEC with Cloudflare: https://developers.cloudflare.com/dns/additional-options/dnssec/