DNSSEC protects your domain from attacks like DNS spoofing by using public and private keys stored in your DNS records. For Squarespace-managed domains with supported extensions, DNSSEC protection is automatically enabled.

How DNSSEC Works

• Uses public and private keys to verify domain data
• Stores security information in DS or DNSKEY records
• Prevents malicious redirects and DNS spoofing
• Activates automatically for supported domain extensions

Managing DNSSEC Settings

To disable DNSSEC:

1. Access Domains dashboard
2. Select target domain
3. Navigate to DNS > DNSSEC
4. Disable DNS Security Extensions
5. Confirm the change

To reactivate DNSSEC:

1. Access Domains dashboard
2. Select target domain
3. Navigate to DNS > DNSSEC
4. Enable DNS Security Extensions

Adding Third-Party DNSSEC Protection

For domains using custom name servers:

1. Access Domains dashboard
2. Select target domain
3. Navigate to DNS > DNSSEC > Add Record
4. Enter provider's information:
   • Key Tag
   • Algorithm
   • Digest Type
   • Digest
5. Save changes

Troubleshooting Common Issues

Records not compatible with DNSSEC:

1. Disable DNSSEC
2. Re-add DNS record

DNSSEC validation failed:

1. Restore Squarespace default name servers
2. Re-enable DNSSEC

Note: DNSSEC automatically disables when switching to custom name servers. Only one DNSSEC record can be added per domain.

Related Articles

Previous Articles