Frequently asked questions
Yes, we support DNSSEC for most top level domains, including .com and .net.
DNSSEC is a standard that was developed to make domain name lookups more secure and resistant to attacks. DNSSEC protects against several known weaknesses in the DNS protocol, including "DNS spoofing" or "cache poisoning". For more information about DNSSEC, how it works and why it is a good idea to have it turned on for your domains, please see Wikipedia.
If you are using Domainnameshop's nameservers, then configuration of DNSSEC is fully automatic. All you need to do, is to select that you want DNSSEC turned on in the control panel. If, on the other hand, you are using your own nameservers, then you will have to handle key generation, key rollover and zone signing yourself, and upload DNSSEC data manually via the control panel each time you change DNSSEC keys.
DNSSEC is turned on by default for all domains that are using Domainnameshop's nameservers. To switch on/off DNSSEC manually for a particular domain, please do the following:
- Login at www.domainnameshop.com/login
- Click "My domains"
- Click on the domain in question
- Click on the tab "Nameservers" at the top
- Check (or uncheck) the option "Use DNSSEC"
- Click the "Change" button
If you are using your own nameservers, then the option "Use DNSSEC" is not available. Instead, click on "Manage DNSSEC" at the bottom of the page. Here you may add, modify and delete DS records to be published in the domain's parent zone.