DNSSEC automatically protects all Squarespace-managed domains with compatible TLDs against DNS spoofing and malicious redirects. This security feature uses public and private keys stored in your DNS records as DS or DNSKEY records.

Managing DNSSEC Settings

To disable DNSSEC:

1. Open domains panel
2. Select your domain
3. Click DNS > DNSSEC
4. Turn off DNS Security Extensions
5. Click Confirm

Note: DNSSEC automatically disables when using custom name servers.

Adding Third-Party DNSSEC Protection

To add external DNSSEC protection:

1. Open domains panel
2. Select domain
3. Click DNS > DNSSEC > Add Record
4. Enter required fields:
   • Key Label
   • Algorithm
   • Digest Type
   • Digest

Important: Only one DNSSEC record can be added per domain.

Re-enabling DNSSEC

To re-enable DNSSEC:

1. Open domains panel
2. Select domain
3. Click DNS > DNSSEC
4. Turn on DNS Security Extensions

When switching back to Squarespace's default name servers, you'll be prompted to re-enable DNSSEC.

Troubleshooting Common Issues

1. "Records not compatible with DNSSEC" error:

   • Disable DNSSEC
   • Re-add DNS record

2. "DNSSEC validation error" with custom name servers:

   • Reset to Squarespace's default name servers
   • Re-enable DNSSEC

Related Articles

Previous Articles