DNSSEC V2 (Beta)

Please note that the DNSSEC is still a protocol under significant change. As such, we are not compliant with all possible options available under the DNSSEC protocol. We are working to make sure we stay up to date with that.

What is DNSSEC?

Briefly, DNSSEC is a means of securing your domain from certain types of man in the middle attacks by attaching encrypted signatures to the records that are served for it. A digit signature is attached to each piece of the domain’s DNS information – this requires keys (private and public) which will be used to verify the signature and insure the information in the DNS response you receive is the same information the domain administrator wants you to receive.

To utilise our DNSSEC V2 which is in Beta, you will need to enable Beta access within your easyDNS account. For instruction, please reference this help article.

Not all types of domains can be signed. Please contact support to see if we support DNSSEC service for your domain type.

It is required that easyDNS be the registrar of the domain for DNSSEC V2 to be supported.

DNSSEC should be strongly considered for domains [zones] that deal with financial, medical and personal information. Also for domains that handle any other sensitive information or at risk of malicious activity.

We currently support the following key sizes across all our service levels:

  • 2048 bit (default)
  • 3072 bit
  • 4096 bit
  • 5120 bit
  • 6144 bit
  • 7168 bit
  • 8192 bit

We currently support DNSSEC RSA SHA256 & ECDSAP256 SHA256.

Setting Up DNSSEC V2

To access the DNSSEC V2 feature on your control panel, please do the following:

1. Log into your easyDNS account
2. Click on MANAGE for said domain (this will bring you to the DOMAIN ADMINISTRATION page)

3. Click on the TOOLS tab
4. Within the ADVANCED field, click on DNSSEC V2

5. Select your Algorithm and Key Size and click on NEXT

6. Confirm the signing results are successful and click on DONE


8. You should now see both the signed zone and your DS keys published. You can also click on SHOW ADVANCED to see the complete results.

Please note that our DNSSEC feature is currently only available for the following domain extensions:


Leave a Reply