DNSSEC automatically protects Squarespace-managed domains with compatible TLDs against DNS spoofing and malicious redirects by using public and private keys stored in DS or DNSKEY records.

How DNSSEC Works with Squarespace Domains

DNSSEC (Domain Name System Security Extensions) verifies domain data authenticity as visitors load your site. The security keys are automatically stored in your DNS records, requiring no manual setup for basic protection.

Disabling DNSSEC

DNSSEC automatically disables when using custom nameservers. To manually disable:

1. Open domains dashboard
2. Select your domain
3. Click DNS > DNSSEC
4. Turn off DNS Security Extensions
5. Confirm the change

Adding Third-Party DNSSEC Protection

To use third-party DNSSEC (like Cloudflare):

1. Open domains dashboard
2. Select your domain
3. Click DNS > DNSSEC > Add record
4. Enter provider's information:
   • Key tag
   • Algorithm
   • Digest type
   • Digest
5. Click Save

Note: Only one DNSSEC record is allowed per domain.

Re-enabling DNSSEC

To re-enable DNSSEC:

1. Open domains dashboard
2. Select your domain
3. Click DNS > DNSSEC
4. Turn on DNS Security Extensions

Troubleshooting Common Issues

Records Incompatible with DNSSEC:

1. Disable DNSSEC
2. Add DNS record again

DNSSEC Validation Failure:

1. Reset to Squarespace default nameservers
2. Re-enable DNSSEC

These steps ensure proper domain security while maintaining flexibility for custom configurations.

Related Articles

Previous Articles