What is DNSSEC? Can I use it only on the server and not the domain provider?
In cPanel & WHM version 84, we introduced DNS Security Extensions (DNSSEC) support for PowerDNS nameservers. DNSSEC adds a layer of security to your domains’ DNS records.
A DNS resolver will compare the DNS server’s DNSKEY record to the DS record at the registrar. If they match, then the DNS resolver knows that the record is valid.
DNSSEC uses digital signatures and cryptographic keys to validate the DNS responses’ authenticity. These digital signatures protect clients from various forms of attack, such as Spoofing or a Man-in-the-Middle attack.
Due to this process, many think of DNSSEC as using 2FA for your DNS records which will require you to have DNSSEC enabled on both the server and through your domain provider.