How to install DNSSEC
DNSSEC is a way to digitally "sign" your DNS data, preventing man-in-the-middle DNS attacks. If you have been provided with a DNSSEC record from your DNS provider, you can use the following steps to install it.
Porkbun's authoritative DNS does not support DNSSEC, however, we can install the registry-level record for you as provided by your third-party DNS provider, such as Cloudflare. You can find more information on Cloudflare DNSSEC here.
Please note that not all registries support keyData. If you get an error while creating a DNSSEC record, try creating it without keyData information. If that doesn't work, try creating it with exclusively the keyData information.
Used to identify the DNSSEC for the domain
- Identifies the algorithm used to create the signature
- Digest Type
- Identifies the algorithm used to create the digest
- Digest integer value
Not all registries support keyData. If you get an error while creating a DNSSEC record, try creating it without keyData information.
Max Sig Life
Indicates the amount of time in seconds the signature is valid
Indicates the key type (Zone-signing or Key-signing)
Identifies the protocol for the key match-up
Key Data Algorithm
Identifies the algorithm for generating key data
Key the registry uses to encrypt the DS records