CloudFlare recently announced DNSSEC support for all CloudFlare customers, a move that will potentially increase the number of DNSSEC-enabled DNS zones on the internet by quite a bit. In order for DNSSEC to work, you must be able to add a DS record for your domain which appears in the DNS records in TLD name servers. Starting today you can now add your DS record for any com, net or info domain registered through the DNSimple web site. We will continue adding support for additional TLDs in the future.
Here's how it works:
Enabling DNSSEC DS Records
First you must enabled DNSSEC at your DNS provider. For example, if you are using CloudFlare, then you would need to enable DNSSEC:
Once it is enabled, you will see information about the DS record. We have two ways to enter the information, either field-by-field entry or quick entry, which allows you to paste the entire record into a single field. For CloudFlare you can just click the full DS record and it will be copied to your clipboard.
From there, log into to your DNSimple account and go to the domain's management page. At the bottom of the Domain tab you will see a card for enabling DS records. Click Configure DS Record.
Finally, either enter the details for the DS record in using the field-by-field method, or click on the Quick Entry tab and paste the entire record in.
DS Records for Anyone
You can use any DNS provider that supports DNSSEC, not just CloudFlare. Each DNS provider will be different, so you'll need to consult their documentation to determine how to turn on DNSSEC. You can also use DNSSEC if you run your own authoritative name server with DNSSEC support.
DNSSEC at DNSimple
Currently you can only enable DNSSEC for domains that use name servers outside of DNSimple, however we are working hard to bring DNSSEC support to all DNSimple domains, including those that use our name servers. We do not yet have a release date for this, however we will keep you up-to-date on this blog and Twitter as the feature becomes available.