BuycPanel Blog

BuycPanel Blog

Latest news and updates

DNSSEC-How to Enable and Disable it

Posted by Allura on 09 03 2018.

What is DNSSEC?
This feature only appears if the System Administrator installs Power Domain Name System(DNS) in either of the following interfaces:

 	Web Host Manager’sInitial Setup Assistant.
 	Web Host Manager’sNameserver Selection Interface (WHM >> Home >> Service Configuration >> Nameserver Selection).

DNS Security Extensions (DNSSEC) add a layer of security to the domains’ DNS records. DNSSEC uses digital signatures and cryptographic keys to validate that DNS responses are authentic. These digital signatures help to protect clients from various forms of attacks, such as Spoofing or a Man-in-the-Middle attack. DNSSEC keys remain on a server after you terminate an account.

Restoration and Transfer of User Account
If you restore an account on the same server from which you deleted it, the account’s DNSSEC keys are restored .

If the user transfers the account to another server, he must reconfigure DNSSEC for the domains and update the domain server records on the registrar. The system does not include DNSSEC keys in an…

What is DNSSEC?

This feature only appears if the System Administrator installs Power Domain Name System(DNS) in either of the following interfaces:

DNS Security Extensions (DNSSEC) add a layer of security to the domains’ DNS records. DNSSEC uses digital signatures and cryptographic keys to validate that DNS responses are authentic. These digital signatures help to protect clients from various forms of attacks, such as Spoofing or a Man-in-the-Middle attack. DNSSEC keys remain on a server after you terminate an account.

Restoration and Transfer of User Account

If you restore an account on the same server from which you deleted it, the account’s DNSSEC keys are restored .

If the user transfers the account to another server, he must reconfigure DNSSEC for the domains and update the domain server records on the registrar. The system does not include DNSSEC keys in an account’s backup file.

To transfer an account with DNSSEC enabled domains, the following steps are to be performed for each domain:

  • Remove the Domain Server (DS) records from the registrar.
  • Wait for the changes to propagate (up to 72 hours).
  • Disable DNSSEC on the domain (optional).
  • Transfer the account to the new server.
  • Enable DNSSEC on the new server.

If the old DNS records are not removed from the registrar, the domains may produce DNS resolution issues due to invalid DNSSEC responses.

How to Enable DNSSEC

To enable DNSSEC for a domain, the following steps are to be performed:

  • If this account owns more than one domain, select the domain that the user wishes to manage from the Domain menu.
  • Click Enable.The system will generate a new DNSSEC key, and a new line will appear that contains the following information:

 

Column Description
Key Tag An integer value that identifies the domain’s DNSSEC record.
Algorithm The record’s encrypted signature.
Digest Type The algorithm type that constructs the digest. Select the Digest Type that your registrar supports.
Digest An alpha-numericstring that the algorithm generates.

 

Disable DNSSEC

To disable DNSSEC for a domain, the following steps are to be performed:-

  • If this account owns more than one domain, select the domain that you wish to manage from the Domain menu.
  • Click Disable.

Conclusion

DNNSEC is a part of Simple Zone Editor in CPANEL. It is a key component of CPANEL as it helps to get  a knowledge of old DNS records and it adds a layer of security to the domains’ DNS records. So it is a very helpful feature in CPANEL.