DNSSEC protection automatically secures Squarespace domains with supported TLDs against DNS spoofing and malicious redirects. This security feature uses public and private keys stored in DNS records to verify domain data integrity.

How DNSSEC Works

Domain Name System Security Extensions (DNSSEC) uses key pairs to ensure visitors receive unchanged website data. These keys are automatically stored as DS records or DNSKEY records in your DNS settings.

Disabling DNSSEC

DNSSEC automatically disables when using custom name servers. To manually disable:

1. Navigate to domain dashboard
2. Select your domain
3. Go to DNS > DNSSEC
4. Toggle off DNS Security Extensions
5. Confirm to remove DNSSEC information

Adding Third-Party DNSSEC

To implement third-party DNSSEC protection:

1. Access domain dashboard
2. Select domain
3. Go to DNS > DNSSEC > Add Record
4. Enter provider's information:
   • Key Tag
   • Algorithm
   • Digest Type
   • Digest
5. Save changes

Note: Only one DNSSEC record can be added per domain.

Re-enabling DNSSEC

To re-enable DNSSEC:

1. Open domain dashboard
2. Select domain
3. Navigate to DNS > DNSSEC
4. Toggle on DNS Security Extensions

Troubleshooting Common Issues

1. "Record incompatible with DNSSEC" error:

   • Disable DNSSEC
   • Re-add DNS records

2. "DNSSEC validation failed" error:

   • Revert to Squarespace default name servers
   • Re-enable DNSSEC

When switching back from custom to default name servers, you'll be prompted to re-enable DNSSEC through the View DNSSEC option.

Related Articles

Previous Articles