DNSSEC protection provides automatic security for Squarespace-managed domains with supported TLDs by preventing DNS spoofing and malicious redirects. It uses public and private keys stored in DNS records as DS or DNSKEY records.

For domains managed by Squarespace:

• DNSSEC is enabled by default when TLD supports it
• Protection automatically disables with custom nameservers
• Only one DNSSEC record can be added per domain

Disabling DNSSEC:

1. Navigate to domains dashboard
2. Select your domain
3. Go to DNS > DNSSEC
4. Turn off DNS Security Extensions
5. Click Confirm in the popup window

Adding Third-Party DNSSEC:

1. Access domains dashboard
2. Choose domain to edit
3. Go to DNS > DNSSEC > Add record
4. Input provider's information:
   • Key Tag
   • Algorithm
   • Digest Type
   • Digest
5. Save changes

Re-enabling DNSSEC:

1. Open domains dashboard
2. Select domain
3. Navigate to DNS > DNSSEC
4. Enable DNS Security Extensions

Common Issues and Solutions:

• "Records not compatible with DNSSEC": Disable DNSSEC, then add DNS record
• "DNSSEC validation error": Revert to Squarespace nameservers and enable DNSSEC

Note: When using custom nameservers, you'll need to manually manage DNSSEC settings. Contact your third-party DNSSEC provider for specific configuration values.

Related Articles

Previous Articles