DNSSEC provides essential security for domain names by preventing DNS spoofing and malicious redirects. For Squarespace domains that support it, DNSSEC protection is automatically enabled and managed through a system of public and private keys stored as DS or DNSKEY records.

Managing DNSSEC Settings:

1. Automatic Protection:

• Enabled by default for supported domain extensions
• Stores security keys in DNS records
• Protects against DNS spoofing and redirects

2. Disabling DNSSEC:

• Automatically disabled when using custom name servers
• Can be manually disabled through Domains dashboard > DNS > DNSSEC
• Requires confirmation to remove security information

3. Third-Party DNSSEC Protection:

• Compatible with providers like Cloudflare
• Added through DS or DNSKEY records
• Requires provider-specific settings:
  • Key tag
  • Algorithm
  • Hash type
  • Digest

4. Reactivating DNSSEC:

• Access Domains dashboard
• Navigate to DNS > DNSSEC
• Enable DNS Security Extensions
• Automatic prompt when returning to default name servers

Troubleshooting Common Issues:

1. "Records not compatible with DNSSEC":

• Disable DNSSEC
• Re-add DNS records

2. "DNSSEC validation failed":

• Restore Squarespace default name servers
• Re-enable DNSSEC

For complex security configurations or custom name servers, you may need to manage DNSSEC settings manually through your domain dashboard. Always ensure compatibility when making DNS changes, and consult your third-party provider for specific configuration details if using external DNSSEC protection.

Related Articles

Previous Articles