---
title: "How to Enable DNSSEC with Cloudflare"
description: "See our related guide to enable DNSSEC on cPanel servers. In this article, we cover how to implement domain name system security extensions (DNSSEC) with the Cloudflare content delivery network..."
url: https://www.inmotionhosting.com/support/website/cloudflare/enable-dnssec-cloudflare/
date: 2019-10-17
modified: 2026-06-26
author: "InMotion Hosting Contributor"
categories: ["Cloudflare"]
type: post
lang: en
---

# How to Enable DNSSEC with Cloudflare

**See our related guide to [enable DNSSEC on cPanel servers](https://www.inmotionhosting.com/support/product-guides/vps-hosting/dnssec-managed-vps-dedicated/).**

In this article, we cover how to implement domain name system security extensions (DNSSEC) with the [Cloudflare content delivery network (CDN)](/support/website/setting-up-cloudflare/). This procedure is meant to work in sync with other DNS tools, whether you are altering your DNS records with a registrar or on you our [managed VPS with cPanel](https://www.inmotionhosting.com/vps-hosting).

- [Enable DNSSEC](#enable)
- [Verify DNSSEC is working](#verify)

DNSSEC provides an authentication layer by digitally signing a domain’s DNS records at the authoritative DNS server. With DNSSEC added to a domain, if the DNS cannot be authenticated because of an authorized DNS hop during network route, the requested website won’t display. This protects users against DNS spoofing and man-in-the-middle (MITM) attacks.

When you request DNSSEC with a DNS provider, such as Cloudflare, they sign your DNS zone and provide a resource records set (RRset) including the following:

- **DNSKEY** – public key which signs the RRset
- **DS (delegation signer) record** – hash of the DNSKEY

Below we’ll cover **how to enable ****DNSSEC**** in ****Cloudflare**** and verify it**.

To implement DNSSEC with Cloudflare, your registrar and [top-level domain (](https://dnssecready.net/)[TLD](https://dnssecready.net/)[) must support it](https://dnssecready.net/) and Algorithm 13 (ECDSA Curve P-256 with SHA-256 hashing algorithm).

## Enable DNSSEC

![](https://www.inmotionhosting.com/support/wp-content/uploads/2019/10/cloudflare-dnssec-records-188x300.png)

1. [Point your domain nameservers to Cloudflare](/support/website/setting-up-cloudflare/).
2. Log in to [Cloudflare.com](https://cloudflare.com/).
3. Click **DNS** at the top.
4. Click **Enable DNSSEC**.![](https://www.inmotionhosting.com/support/wp-content/uploads/2019/10/cloudflare-dnssec-enable-1024x212.png)
5. Send the DNSSEC records to your domain registrar to update DNS records.[Customers with a domain registered with InMotion Hosting, contact our Live Support with the Key Tag, Algorithm Type, Digest Type, and Digest](/support/amp/how-to-get-great-technical-support/).

**Warning:** Inputting DNSSEC records **incorrectly** may cause website downtime.

## Verify DNSSEC

After your DNSSEC records are added, Cloudflare should verify it within 10 minutes, but it may take up to 2 hours. You can review your the records by clicking **DS**** Record** on the lower-right of the DNSSEC panel.

![](https://www.inmotionhosting.com/support/wp-content/uploads/2019/10/dnsviz-secure-status-143x300.png)

1. Refresh your Cloudflare DNS page to check if the status states *pending*: ![](https://www.inmotionhosting.com/support/wp-content/uploads/2019/10/cloudflare-dnssec-waiting-1024x262.png)or *Success!* ![](https://www.inmotionhosting.com/support/wp-content/uploads/2019/10/cloudflare-dnssec-enabled-1024x254.png)
2. Once it states *Success!* with a green checkmark, check your domain DNS key at [DNSViz.net](https://dnsviz.net/).
3. You should only see **Secure** on the left.

Continue to improve website security with [HTTP Strict Transport Security (HSTS)](/support/website/hsts-using-cloudflare/) in Cloudflare or [within your .htaccess file](/support/website/force-hsts-using-htaccess/).
