How to Enable DNSSEC with Cloudflare

by InMotion Hosting Contributor

1 Minutes, 46 Seconds to Read

See our related guide to enable DNSSEC on cPanel servers.

In this article, we cover how to implement domain name system security extensions (DNSSEC) with the Cloudflare content delivery network (CDN). This procedure is meant to work in sync with other DNS tools, whether you are altering your DNS records with a registrar or on you our managed VPS with cPanel.

DNSSEC provides an authentication layer by digitally signing a domain’s DNS records at the authoritative DNS server. With DNSSEC added to a domain, if the DNS cannot be authenticated because of an authorized DNS hop during network route, the requested website won’t display. This protects users against DNS spoofing and man-in-the-middle (MITM) attacks.

When you request DNSSEC with a DNS provider, such as Cloudflare, they sign your DNS zone and provide a resource records set (RRset) including the following:

  • DNSKEY – public key which signs the RRset
  • DS (delegation signer) record – hash of the DNSKEY

Below we’ll cover how to enable DNSSEC in Cloudflare and verify it.

To implement DNSSEC with Cloudflare, your registrar and top-level domain (TLD) must support it and Algorithm 13 (ECDSA Curve P-256 with SHA-256 hashing algorithm).

Enable DNSSEC

  1. Point your domain nameservers to Cloudflare.
  2. Log in to Cloudflare.com.
  3. Click DNS at the top.
  4. Click Enable DNSSEC.
  5. Send the DNSSEC records to your domain registrar to update DNS records.

    Customers with a domain registered with InMotion Hosting, contact our Live Support with the Key Tag, Algorithm Type, Digest Type, and Digest.

Warning: Inputting DNSSEC records incorrectly may cause website downtime.

Verify DNSSEC

After your DNSSEC records are added, Cloudflare should verify it within 10 minutes, but it may take up to 2 hours. You can review your the records by clicking DS Record on the lower-right of the DNSSEC panel.

  1. Refresh your Cloudflare DNS page to check if the status states pending:

    or Success!
  2. Once it states Success! with a green checkmark, check your domain DNS key at DNSViz.net.
  3. You should only see Secure on the left.

Continue to improve website security with HTTP Strict Transport Security (HSTS) in Cloudflare or within your .htaccess file.

InMotion Hosting Contributor
InMotion Hosting Contributor Content Writer

InMotion Hosting contributors are highly knowledgeable individuals who create relevant content on new trends and troubleshooting techniques to help you achieve your online goals!

More Articles by InMotion Hosting
Related Articles
How to Setup an Email Forwarder in cPanel & Webmail
How to Login to cPanel
How to Install WordPress using Softaculous
How to Add Addon Domains in cPanel
How to Create a Subdomain in cPanel
How to Change PHP Version in cPanel
How to Change Your cPanel Password
How to Modify MX Records Using cPanel
How to create a cPanel account within WHM
The Complete Guide to cPanel Backups

Was this article helpful? Join the conversation!

Need More Help?

Current Customers

Chat: Chat with Sales
Call: 757-416-6575 x2
Ticket: Submit a Support Ticket

Get Reliable Web Hosting

Chat: Chat with Sales
Email: [email protected]
Call: 757-416-6575 x1

Get web hosting that grows with your business. Our all-in-one hosting platform gives you everything your website needs to scale - so you can focus on the next big thing for you and your business.