DNSSEC protection is automatically enabled for all Squarespace-managed domains with top-level domain support. This security feature prevents DNS spoofing and malicious domain redirects through public and private key verification stored as DS or DNSKEY records.

How DNSSEC Works

DNSSEC (Domain Name System Security Extensions) verifies domain data authenticity when visitors access your site. The system uses encrypted keys stored in your DNS records to validate domain information and prevent tampering.

Disabling DNSSEC

DNSSEC automatically disables when switching to a custom ad server. To manually disable:

1. Access domain control panel
2. Select target domain
3. Navigate to DNS > DNSSEC
4. Turn off DNS Security Extensions
5. Confirm the action

Adding Third-Party DNSSEC Protection

To implement third-party DNSSEC (like Cloudflare):

1. Open domain control panel
2. Select domain
3. Go to DNS > DNSSEC > Add Record
4. Enter provider's information:
   • Key Tag
   • Algorithm
   • Digest Type
   • Digest
5. Save changes

Note: Only one DNSSEC record can be added per domain.

Re-enabling DNSSEC

To re-enable DNSSEC:

1. Access domain control panel
2. Select domain
3. Go to DNS > DNSSEC
4. Enable DNS Security Extensions

Troubleshooting Common Issues

Records Not Compatible:

1. Disable DNSSEC
2. Re-add DNS record

DNSSEC Validation Error:

1. Reset to Squarespace default name servers
2. Re-enable DNSSEC

For domains using custom name servers experiencing email issues, reset to Squarespace defaults before enabling DNSSEC.

Related Articles

Previous Articles