DNSSEC protection automatically safeguards all Squarespace-managed domains with compatible TLDs against DNS spoofing and malicious redirects. This security feature uses public and private keys stored as DS or DNSKEY records in your DNS settings.

Understanding DNSSEC

Domain Name System Security Extensions (DNSSEC) verifies domain data integrity when visitors access your website through a system of cryptographic keys. These keys are automatically managed through your DNS records.

Managing DNSSEC Settings

To disable DNSSEC:

• Navigate to domain dashboard
• Select your domain
• Go to DNS > DNSSEC
• Toggle off DNS Security Extensions
• Confirm the action

To re-enable DNSSEC:

• Follow the same path
• Toggle on DNS Security Extensions

Adding Third-Party DNSSEC Protection

To implement external DNSSEC:

1. Access domain dashboard
2. Select domain
3. Navigate to DNS > DNSSEC > Add Record
4. Enter provider-supplied values for:
   • Key Tag
   • Algorithm
   • Digest Type
   • Summary
5. Save changes

Note: Only one DNSSEC record can be active per domain.

Troubleshooting Common Issues

1. "Records are not DNSSEC compatible" error:

   • Disable DNSSEC
   • Re-add DNS record

2. "DNSSEC validation failed" error:

   • Reset to Squarespace default nameservers
   • Re-enable DNSSEC

Important: DNSSEC automatically disables when switching to custom nameservers. When reverting to Squarespace nameservers, you'll need to manually re-enable DNSSEC protection through the DNS settings menu.

For enhanced security configuration, refer to DNS Records for Security documentation or consult your third-party DNSSEC provider for specific implementation details.

Related Articles

Previous Articles