DNSSEC protection automatically secures Squarespace-managed domains with supported TLDs against DNS spoofing and malicious redirects. This security feature uses public and private keys stored as DS or DNSKEY records in your DNS settings.

How DNSSEC Works Domain Name System Security Extensions (DNSSEC) verifies that domain data remains unaltered when visitors access your website through cryptographic key pairs stored in your DNS records.

Managing DNSSEC Settings

To Disable DNSSEC:

1. Navigate to domain dashboard
2. Select your domain
3. Go to DNS > DNSSEC
4. Turn off DNS Security Extensions
5. Click Confirm

To Reactivate DNSSEC:

1. Navigate to domain dashboard
2. Select your domain
3. Go to DNS > DNSSEC
4. Turn on DNS Security Extensions

Adding Third-Party DNSSEC Protection

1. Open domain dashboard
2. Select your domain
3. Go to DNS > DNSSEC > Add record
4. Enter provider's information for:
   • Key Tag
   • Algorithm
   • Digest Type
   • Summary
5. Click Save

Note: Only one DNSSEC record can be added per domain.

Troubleshooting Common Issues

"Records not compatible with DNSSEC":

1. Disable DNSSEC
2. Re-add DNS record

"DNSSEC validation failed":

1. Reset to Squarespace's default nameservers
2. Re-enable DNSSEC

Important: DNSSEC automatically disables when switching to custom nameservers. When reverting to Squarespace's default nameservers, you'll be prompted to reactivate DNSSEC protection.

Related Articles

Previous Articles