Domain Name System Security Extensions (DNSSEC)
The domain name system (DNS) translates domain names into numeric Internet addresses. However, DNS is a fundamentally insecure protocol. It does not guarantee where DNS records come from and accepts any requests given to it.
DNSSEC creates a secure layer to the domain name system by adding cryptographic signatures to DNS records. By doing so, your request can check the signature to verify that the record you need comes from the authoritative name server and was not altered along the way. .
- Log in to the , and click Registrar.
- Click Manage on the domain you want to activate DNSSEC.
- Click Configuration.
- Enable DNSSEC.
Cloudflare publishes DS details in the form of for a domain delegated to Cloudflare. Cloudflare Registrar scans those records at regular intervals, and gathers those details and sends them to your domain’s registry.
This process can take one to two days after you first enable DNSSEC.
When DNSSEC has been successfully applied to your domain, Cloudflare shows you a confirmed status. Navigate to in the Cloudflare dashboard, and scroll down to DNSSEC. You can also confirm this by reviewing the WHOIS information for your domain. Domains with DNSSEC will read
signedDelegation in the DNSSEC field.