We offer various options for setting up and activating DNSSEC for your domain. Here we would like to explain the various options to you:
Automatic DNSSEC mode
Note: The automatic mode only works for domains that use the INWX name servers. If you use your own or external name servers, please do not use this function. Your domain will be no longer accessible after activation!
- In your customer area, click on the menu item DNSSEC in the left side menu.
- Click the Add DNSSEC button on the right above the overview.
- In the Domain field, enter the name of the domain that you want to secure with DNSSEC.
- Leave the automatic mode option checked and click Save.
- The DNS zone is now signed and DNSSEC is enabled for your domain. You will receive a further confirmation by email. Activation is now complete.
Set up DNSSEC manually
If you operate your own name server, provide our name server with DNS entries via a hidden primary server or use external name servers from a provider of your choice, you can set up DNSSEC manually. If necessary, ask your name server operator for the DNSSEC key for your domain!
- In your customer area, click on the menu item DNSSEC in the left sidemenu.
- Click on the Add DNSSEC button on the right above the overview.
- In the Domain field, enter the name of your domain that you want to secure with DNSSEC.
-
Deactivate the automatic mode option. Two more fields appear for entering DNSKEY and DS (Digest).
-
Note: Some domain extensions only support DNSKEY and not DS as the DNSSEC method.
If you are not sure which DNSSEC type your domain supports, we recommend setting it up with DNSKEY.
Then leave the option Auto calculate digest activated
-
Note: Some domain extensions only support DNSKEY and not DS as the DNSSEC method.
- In the following we explain the structure of the respective entries. Values that you need to adjust are indicated in curly brackets.
- The syntax of the DNSKEY is as follows:
{example.com}. IN DNSKEY 257 3 {ALG} {PUBKEY}
example.com: your domain name
ALG: algorithm
PUBKEY: the public key - The syntax of the DS (Digest) is as follows:
{example.com}. IN DS {KEYTAG} {ALG} {TYP} {DIG}
example.com: your domain name
KEYTAG: the key tag ID of the digest
ALG: algorithm
TYPE: the type of digest
DIG: the digest itself (public digest)-
Note 1: If you want to insert several DS (Digest), please enter them individually. Multiple DSs cannot be processed at the same time.
In this case, repeat the process several times. - Note 2: The period after your domain name is not an error. This is used for scheduling and must also be specified.
- Note 3: Only the KSK (Key Signing Key) is required for the DNSKEY. You can recognize the KSK by the flag: 257
-
Note 1: If you want to insert several DS (Digest), please enter them individually. Multiple DSs cannot be processed at the same time.
- The syntax of the DNSKEY is as follows:
- Now save the entries by clicking on Save. The keys you entered will now be activated for your domains.
As soon as the process is completed (duration: approx. 10 to 15 minutes), you will receive a confirmation by email. If errors occur while typing, the status of the key is marked as Delayed. In this case, please contact our support.