DNSSEC V2 (Beta)

Please note that the DNSSEC is still a protocol under significant change. As such, we are not compliant with all possible options available under the DNSSEC protocol. We are working to make sure we stay up to date with that.

What is DNSSEC?

Briefly, DNSSEC is a means of securing your domain from certain types of man in the middle attacks by attaching encrypted signatures to the records that are served for it. Not all types of domains can be signed.

Please contact support to see if we support DNSSEC service for your domain type. While it is easiest when we are the registrar for the domain, this is NOT required.

DNSSEC should be strongly considered for domains [zones] that deal with financial, medical and personal information. Also for domains that handle any other sensitive information or at risk of malicious activity.

We currently support the following key sizes across all our service levels:

  • 2048 bit (default)
  • 3072 bit
  • 4096 bit
  • 5120 bit
  • 6144 bit
  • 7168 bit
  • 8192 bit

We currently support DNSSEC RSA SHA256 & ECDSAP256 SHA256.

Setting Up DNSSEC V2

To access the DNSSEC V2 feature on your control panel, please do the following:

1. Log into your easyDNS account
2. Click on MANAGE for said domain (this will bring you to the DOMAIN ADMINISTRATION page)

3. Click on the TOOLS tab
4. Within the ADVANCED field, click on DNSSEC V2

5. Select your Algorithm and Key Size and click on NEXT

6. Confirm the signing results are successful and click on DONE


8. You should now see both the signed zone and your DS keys published. You can also click on SHOW ADVANCED to see the complete results.

Please note that our DNSSEC feature is currently only available for the following domain extensions:


Leave a Reply