How to enable DNSSEC In cPanel & Cloudflare

Domain Name System Security Extensions (DNSSEC) adds an additional layer of security to the old DNS system. There are two steps for using it:

1. Create the DNSSEC record on your cPanel account or Cloudflare
2. Let your domain registrar know that you want to use DNSSEC

To create a DNSSEC record in cPanel:

From cPanel > Zone Editor

click on DNSSEC next to your domain name:

NOTE: If you don’t see DNSSEC button next to your domain names, then the option is not available on your hosting and you should contact the provider to enable it.

Click on the Create Key button to create a new key

and again Create on the popup

New key will be created and you will see the following fields:

• Key Tag
• Algorithm
• Digest Type (Algorithm 2 and 13)

Copy this information and send it to your domain registrar to add these records for you:

After your domain registrar adds the records you should receive a notification from the main registry.

If you are using Cloudflare nameservers, then the DNSSEC has to be created there.

From the Cloudflare dashboard go to your domain name, then DNS, and scroll down to the DNSSEC section. Click on the Enable DNSSEC button.

The record will be created and you need to copy and send the DS record to your domain registrar:

Click on the Confirm button and the status of the DNSSEC section will show pending.

Send the DS record to your domain registrar and after they add it, Cloudflare will show the status protected.