How-To Enable DNSSEC on a Domain

This article walks you through enabling DNSSEC on a single domain using the cPanel UI.

If you instead need to enable DNSSEC on all the domains on your server, you may wish to use the command line and follow the steps in this article: How to enable DNSSEC for all domains on a server.

General information regarding DNSSEC and cPanel, including pre-requisites for setting it up, can be found in our Documentation.

Procedure

To enable DNSSEC for a domain:

Note: PowerDNS must be the active/enabled nameserver to use DNSSEC. If a DNS cluster is in use, all cluster members, including the local server, must use PowerDNS. 

1. Navigate to the cPanel interface for the domain
2. Select the Zone Editor
3. Click on the DNSSEC button in the row of the domain you wish to enable DNSSEC on
4. On the righthand side, there is a "Create Key" button.  A pop-up will appear.
5. Click Create on the pop-up box.  It will be dismissed and you will see an interface with your DS records.
6. Copy those records to the proper interface in your domain's registrar.  Every registrar is a little different, so we can't provide step-by-step instructions for this process.
   • If you instead need the public key, not the digest records, navigate back to the DNSSEC page within the Zone Editor. Clicking the View Details arrow on the left edge of the DNSSEC record will allow you to export your public key.

Resources

Zone Editor (cPanel Docs)

DNSSEC (cPanel Docs)