What Is DNSSEC and How Do I Use It on Gandi Domains?¶
DNSSEC is a security extension of the DNS protocol. It digitally signs the information published by DNS with a set of cryptographic keys, making it harder to fake, and thus more secure.
It is strongly recommended that you do not enable this option unless you have a good understanding of what it is and does: you could easily make your domain name inoperative.
The interface for managing DNSSEC is available on the management page of your domain name. If your extension is eligible, you will see a “DNSSEC” entry in your domain’s the navigation menu.
If you do not see “DNSSEC”, in the menu, it means your domain is not using our LiveDNS nameservers or is in an extension that does not allow us to use DNSSEC.
What is DNSSEC?¶
DNSSEC, or Domain Name Security Extensions, are a set of protocols that allow website owners to digitally sign the DNS information they make available on the internet. This ensures that information that is corrupted, either by error or by a third party, can be spotted and rejected by the recipients.
In order for DNSSEC to operate it must be enabled both by the host of the website and by the network administrators (your internet service provider) of the recipient. The receiving network will check the data received against the public key you provide for any mismatch.
You can learn more from ICANN’s explanation of DNSSEC.
How to Install DNSSEC on Your Domain Name with LiveDNS¶
If you are using our LiveDNS our interface has been made very easy to use, as the entire process is automatic.
To enable DNSSEC, follow these steps:
After logging in, click on “Domain” in the left navigation menu.
Click on the domain name you want to manage
Select the “Nameservers” tab
Click the button that says “Go to DNSSEC” near the bottom of the page.
We will then automatically set up the domain with the service.
Warning
Please don’t change your nameservers until the propagation has been completed, from 12-24 hours, or it may become unreachable.
You can disable DNSSEC by following the same steps, then clicking “Disable DNSSEC”.
How to Install DNSSEC on Your Domain Name With External Nameservers¶
You must first generate your keys. The most common method is to use the command-line tool called dnssec-keygen, distributed by the SAI, which you can run in a console session. Tutorials are available online that describe the use of this command.
Once you have generated your key, please test the server to be sure that it is working properly before continuing. When you are sure that it is behaving as expected, then submit the public key to the Registry, via the DNSSEC interface at Gandi.
The system will validate your key, and then send it to the registry associated with your domain name.
We left open the possibility of injecting up to 4 keys via the interface at Gandi. It is possible to delete a given key at any time, or you can delete all keys at once by clicking “Delete all keys”. When at least one key is active, you can add a new one just below the last.
Once your key is accepted by the registry, signed DNS requests will be honored.
Note
You can not add DS keys as we compute it for you with the KSK or ZSK, then we send it to the registry.
DNSSEC-Enabled Extensions at Gandi¶
abogado
ac
academy
accountant
accountants
actor
adult
ae.org
aeroport.fr
africa
ag
agency
airforce
alsace
amsterdam
apartments
app
archi
army
art
asia
associates
at
attorney
au
auction
audio
auto
autos
avocat.fr
baby
band
bank
bar
barcelona
bargains
basketball
bayern
be
beauty
beer
berlin
best
bet
bible
bid
bike
bingo
bio
biz
black
blackfriday
blog
blue
boats
bond
boston
bot
boutique
br.com
broker
brussels
build
builders
business
buzz
bz
bzh
ca
cab
cafe
cam
camera
camp
capetown
capital
car
cards
care
career
careers
cars
casa
case
cash
casino
cat
catering
cc
center
ceo
cfd
ch
chambagri.fr
charity
chat
cheap
chirurgiens-dentistes.fr
christmas
church
city
claims
cleaning
click
clinic
clothing
cloud
club
cn
cn.com
co.com
co.uk
coach
codes
coffee
college
cologne
com
com.de
community
company
compare
computer
condos
construction
consulting
contact
contractors
cooking
cool
coop
corsica
country
coupons
courses
credit
creditcard
cricket
cruises
cx
cymru
cyou
dad
dance
date
dating
de
de.com
dealer
deals
degree
delivery
democrat
dental
dentist
desi
design
dev
diamonds
diet
digital
direct
directory
discount
doctor
dog
domains
download
durban
earth
eco
education
email
energy
engineer
engineering
enterprises
equipment
es
esq
estate
eu
eu.com
eus
events
exchange
expert
experts-comptables.fr
exposed
express
fail
faith
family
fan
fans
farm
fashion
feedback
fi
film
finance
financial
fish
fishing
fit
fitness
flights
florist
flowers
fm
foo
football
forex
forsale
forum
foundation
fr
frl
fun
fund
furniture
futbol
fyi
gal
gallery
game
games
garden
gay
gb.net
gd
gent
geometre-expert.fr
gg
gift
gifts
gives
glass
global
gmbh
gold
golf
gr
gr.com
graphics
gratis
green
gripe
group
gs
guide
guitars
guru
gy
hair
hamburg
haus
health
healthcare
help
hiphop
hiv
hn
hockey
holdings
holiday
homes
horse
hospital
host
hosting
house
how
ht
hu.net
icu
ie
immo
immobilien
in
in.net
inc
industries
info
ing
ink
institute
insurance
insure
international
investments
io
irish
ist
istanbul
je
jetzt
jewelry
jobs
joburg
jp.net
jpn.com
juegos
kaufen
ki
kim
kitchen
kiwi
koeln
kyoto
la
land
lat
law
lawyer
lc
lease
legal
lgbt
li
life
lighting
limited
limo
link
live
llc
loan
loans
lol
london
love
lt
ltd
ltda
lu
luxe
luxury
madrid
maison
makeup
management
market
marketing
markets
mba
me
me.uk
medecin.fr
media
melbourne
memorial
meme
men
menu
miami
mobi
moda
moe
mom
money
monster
mortgage
motorcycles
mov
movie
museum
music
mx
nagoya
name
navy
net
network
new
news
nexus
nf
ngo
ninja
nl
no
notaires.fr
nrw
nu
nyc
nz
observer
okinawa
one
ong
onl
online
ooo
org
org.uk
organic
osaka
page
paris
partners
parts
party
pe
pet
pharmacien.fr
phd
photo
photography
photos
pics
pictures
pink
pizza
pl
place
plumbing
plus
pm
poker
porn
port.fr
pr
press
pro
productions
prof
promo
properties
property
protection
pub
pw
qpon
quebec
quest
racing
radio
re
realestate
realty
recipes
red
rehab
reise
reisen
reit
rent
rentals
repair
report
republican
rest
restaurant
review
reviews
rich
rip
ro
rocks
rodeo
ru.com
rugby
ruhr
run
ryukyu
sa.com
saarland
sale
salon
sarl
sb
sbs
sc
school
schule
science
scot
se
se.net
security
select
services
sex
sexy
sg
sh
shiksha
shoes
shop
shopping
show
singles
site
sk
ski
skin
soccer
social
software
solar
solutions
soy
spa
space
sport
srl
storage
store
stream
studio
study
style
sucks
supplies
supply
support
surf
surgery
swiss
sx
sydney
systems
taipei
tattoo
tax
taxi
tc
team
tech
technology
tel
tennis
tf
theater
theatre
tickets
tienda
tips
tires
tirol
tl
today
tokyo
tools
top (can only be used with external nameservers. NOT Gandi’s LiveDNS)
tours
town
toys
trade
trading
training
travel
trust
tube
tv
tw
uk
uk.com
uk.net
university
uno
us
us.com
us.org
vacations
vc
vegas
ventures
vet
veterinaire.fr
viajes
video
villas
vin
vip
vision
vlaanderen
vodka
vote
voting
voto
voyage
wales
wang
watch
watches
webcam
website
wedding
wf
whoswho
wien
wiki
win
wine
work
works
world
wtf
xn–2scrj9c
xn–3ds443g
xn–3hcrj9c
xn–45br5cyl
xn–45brj9c
xn–45q11c
xn–55qx5d
xn–5tzm5g
xn–6frz82g
xn–6qq986b3xl
xn–80asehdb
xn–80aswg
xn–9dbq2a
xn–c1avg
xn–clchc0ea0b2g2a9gcd
xn–czr694b
xn–czrs0t
xn–czru2d
xn–e1a4c
xn–fiq228c5hs
xn–fjq720a
xn–fpcrj9c3d
xn–g2xx48c
xn–gecrj9c
xn–h2breg3eve
xn–h2brj9c
xn–h2brj9c8c
xn–hxt814e
xn–i1b6b1a6a2e
xn–io0a7i
xn–kpry57d
xn–mgbab2bd
xn–mgbbh1a
xn–mgbbh1a71e
xn–mgbgu82a
xn–mk1bu44c
xn–ngbc5azd
xn–nqv7f
xn–nyqy26a
xn–q9jyb4c
xn–qxa6a
xn–qxam
xn–rhqv96g
xn–rvc1e0am3e
xn–s9brj9c
xn–ses554g
xn–t60b56a
xn–tckwe
xn–unup4y
xn–vhquv
xn–xkc2dl3a5ee0h
xn–yfro4i67o
xxx
xyz
yachts
yoga
yokohama
yt
za
za.com
zip
zone
zuerich