DNSSEC protection automatically safeguards all eligible Squarespace-managed domains, defending against DNS spoofing and malicious redirects by using public and private keys stored in DS or DNSKEY records.

How DNSSEC Works

DNSSEC (Domain Name System Security Extensions) verifies domain data authenticity when visitors access your site through encrypted key pairs, ensuring data integrity and preventing tampering.

Disabling DNSSEC

DNSSEC automatically disables when using custom name servers. To manually disable:

1. Access domain dashboard
2. Select target domain
3. Navigate to DNS > DNSSEC
4. Toggle off DNS Security Extension
5. Confirm to remove DNSSEC information

Adding Third-Party DNSSEC Protection

To implement third-party DNSSEC (like Cloudflare):

1. Open domain dashboard
2. Select domain
3. Go to DNS > DNSSEC > Add Record
4. Enter provider's DS record information:
   • Key Tag
   • Algorithm
   • Digest Type
   • Digest
5. Save changes

Note: Only one DNSSEC record can be added per domain.

Re-enabling DNSSEC

For supported domains, DNSSEC enables automatically. To manually re-enable:

1. Access domain dashboard
2. Select domain
3. Go to DNS > DNSSEC
4. Toggle on DNS Security Extension

Troubleshooting Common Issues

Record Compatibility Error:

1. Disable DNSSEC
2. Re-add DNS records

DNSSEC Validation Failure:

1. Restore Squarespace default name servers
2. Re-enable DNSSEC

When switching from custom to default name servers, enable DNSSEC through the prompt window by clicking "View DNSSEC" and activating DNS Security Extension.

Related Articles

Previous Articles