Please note that the DNSSEC is still a protocol under significant change. As such, we are not compliant with all possible options available under the DNSSEC protocol. We are working to make sure we stay up to date with that.

What is DNSSEC?

Briefly, DNSSEC is a means of securing your domain from certain types of man-in-the-middle attacks by attaching encrypted signatures to the records that are served for it. A digit signature is attached to each piece of the domain’s DNS information – this requires keys (private and public) which will be used to verify the signature and ensure the information in the DNS response you receive is the same information the domain administrator wants you to receive.

Not all types (TLDs) of domains can be signed. Please contact support to see if we support DNSSEC service for your domain type. All service levels support DNSSEC.

It is required that easyDNS be the registrar of the domain for DNSSEC V2 to be supported.

DNSSEC should be strongly considered for domains [zones] that deal with financial, medical, and personal information. Also for domains that handle any other sensitive information or at risk of malicious activity.

We currently support the following key sizes across all our service levels:

  • 2048 bit (default)
  • 3072 bit
  • 4096 bit
  • 5120 bit
  • 6144 bit
  • 7168 bit
  • 8192 bit

We currently support DNSSEC RSA SHA256 & ECDSAP256 SHA256.

Setting Up DNSSEC V2

To access the DNSSEC V2 feature on your control panel, please do the following:

1. Log into your easyDNS account.
2. Click on MANAGE.

3. Click on the TOOLS.
4. Within the ADVANCED field, click on DNSSEC V2.

5. Select your Algorithm and Key Size and click on NEXT.

6. Confirm the signing results are successful and click on DONE.

Note that it can take up to 30 minutes for your zone to be signed successfully. However, after you should see both the signed zone and your DS keys published. You can also click on SHOW ADVANCED to see the complete results.

NOTE: For help on DNSSEC troubleshooting, please visit the analysers at Verisign or DNSVIZ websites.


Please note that our DNSSEC feature is currently only available for the following domain extensions:


Leave a Reply