How to install DNSSEC

DNSSEC is a way to digitally "sign" your DNS data, so that you know it has not been interfered with by would-be attackers. It verifies the authenticity of your DNS Records. If you have been provided with a DNSSEC record, you can use the following steps.

⚠️️ Warning

Porkbun's authoritative DNS does not support DNSSEC, however, we can install the registry-level record for you as provided by your third-party DNS provider (such as Cloudflare).

1
Log in. You should arrive at the Domain Management screen. If you're already logged in, click your username in the top-right corner and select Domain Management.
2
Locate your domain and click the drop-down list to the right. On the menu that appears, click the "Manage" option next to "DNSSEC".
3
The following step should lead you to the "Domain Name System Security" screen. Here, you can enter the required information, then select the green "Create" button at the bottom left of the page.
That's it! The DNSSEC is created. The following is a brief explanation of what each entry means.

    Key Tag

    Used to identify the DNSSEC for the domain

    Algorithm
    Identifies the algorithm used to create the signature

    Digest Type
    Identifies the algorithm used to create the digest   

    Digest
    Digest integer value  


    Key Data

    Not all registries support keyData. If you get an error while creating a DNSSEC record, try creating it without keyData information. 

    Max Sig Life

    Indicates the amount of time in seconds the signature is valid

    Flags
    Indicates the key type (Zone-signing or Key-signing)

    Protocol
    Identifies the protocol for the key match-up

    Key Data Algorithm
    Identifies the algorithm for generating key data

    Public Key
    Key the registry uses to encrypt the DS records