DNSSEC secures your Squarespace domain by automatically protecting against DNS spoofing and malicious site redirections. This security feature is enabled by default on all Squarespace-managed domains with compatible TLDs.

How DNSSEC Works DNSSEC (Domain Name System Security Extensions) uses public and private key pairs to verify domain data authenticity. These keys are automatically stored in your DNS records as DS or DNSKEY records.

Managing DNSSEC Settings

Disabling DNSSEC:

1. Open Domains panel
2. Select your domain
3. Navigate to DNS > DNSSEC
4. Disable DNS Security Extensions
5. Confirm the action

Re-enabling DNSSEC:

1. Open Domains panel
2. Select your domain
3. Navigate to DNS > DNSSEC
4. Enable DNS Security Extensions

External DNSSEC Protection

To add third-party DNSSEC (like Cloudflare):

1. Open Domains panel
2. Select your domain
3. Go to DNS > DNSSEC > Add Record
4. Enter provider's information:
   • Key Tag
   • Algorithm
   • Digest Type
   • Digest
5. Save the record

Note: Only one DNSSEC record can be active per domain.

Troubleshooting Common Issues

Records Incompatible with DNSSEC:

1. Disable DNSSEC
2. Re-add DNS record

DNSSEC Validation Failure:

1. Restore Squarespace default nameservers
2. Re-enable DNSSEC

Important Notes:

• DNSSEC automatically disables with custom nameservers
• When switching back to Squarespace nameservers, you'll need to re-enable DNSSEC
• Contact your third-party DNSSEC provider for specific record values

Related Articles

Previous Articles