DNSSEC protection comes automatically enabled for all Squarespace-managed domains under the top-level domain, protecting against DNS spoofing and malicious redirects.

Domain Name System Security Extensions (DNSSEC) uses public and private keys stored as DS or DNSKEY records to verify domain data integrity when visitors access your site.

Disabling DNSSEC

DNSSEC automatically disables when using a custom ad server. To manually disable:

1. Open domain control panel
2. Select domain
3. Navigate to DNS > DNSSEC
4. Turn off DNS Security Extensions
5. Confirm to remove DNSSEC information

Adding Third-Party DNSSEC Protection

To add third-party DNSSEC (like Cloudflare):

1. Open domain control panel
2. Select domain
3. Go to DNS > DNSSEC > Add Record
4. Enter provider's information:
   • Key Tag
   • Algorithm
   • Digest Type
   • Digest
5. Save changes

Note: Only one DNSSEC record can be added per domain.

Re-enabling DNSSEC

To re-enable DNSSEC:

1. Open domain control panel
2. Select domain
3. Go to DNS > DNSSEC
4. Turn on DNS Security Extensions

When reverting from a custom ad server, click "View DNSSEC" in the prompt and enable DNS Security Extensions.

Troubleshooting Common Issues

"Records not compatible with DNSSEC":

1. Disable DNSSEC
2. Re-add DNS record

"DNSSEC validation error" with custom name servers:

1. Reset to Squarespace default name servers
2. Enable DNSSEC

All DNSSEC management is handled through the domain control panel's DNS settings section.

Related Articles

Previous Articles