All Products
Search

This Product

    Domain Names:Configure DNSSEC

    Document Center

    Domain Names:Configure DNSSEC

    Last Updated:May 21, 2024

    Domain Name System Security Extensions (DNSSEC) can provide you with digital signatures to verify the destination URLs to which your domain names are redirected. You can add DNSSEC records to a domain name to authenticate the Domain Name System (DNS) servers that host your domain name. This helps you avoid attacks such as DNS cache poisoning. This topic describes how to add DNSSEC records in and synchronize the DNSSEC records to the Alibaba Cloud Domains console.

    Limits

    • Supported types of domain names

      Alibaba Cloud does not support DNSSEC for all domain names. Supported domain names include .com, .net, .cc, .tv, .name, .biz, .club, .cn, and .top. The DNSSEC Configurations menu item is displayed only for domain names that support DNSSEC.

    • Domain name resolution

      You can follow the procedure in this topic to configure and view DNSSEC of domain names that are not resolved by Alibaba Cloud DNS servers. For more information about how to configure DNSSEC for domain names that are resolved by Alibaba Cloud DNS servers, see

      DNSSEC.

    Procedure

    1. Log on to the Alibaba Cloud Domains console.

    2. On the Domain Names page, find the domain name that you want to manage and click Manage in the Actions column.

    3. On the page that appears, click DNSSEC Configurations in the left-side navigation pane.

      Note

      If DNSSEC Configurations does not appear in the left-side navigation pane, the domain name does not support DNSSEC.

      image

    4. Optional. Click Synchronize DS Record.

      If the domain name is transferred to Alibaba Cloud from another domain name registrar and you have added DNSSEC records, click Synchronize DS Record to synchronize the DNSSEC records to the Alibaba Cloud Domains console.

    5. Click Add DS Record to add a DNSSEC record.

      Note

      You can add up to eight DNSSEC records for each domain name.

    6. In the Add DS Record panel, configure the following parameters and click Submit.

      image

      Parameter

      Description

      Key Tag

      The DNSSEC record used to identify the domain name. You must enter an integer that is less than 65,536.

      Encryption Algorithm

      The encryption algorithm used to generate signatures. Select a value from the drop-down list.

      Digest Algorithm

      The type of the algorithm used to construct the digest. Select a value from the drop-down list.

      Digest

      The digest. Obtain the digest from your domain name registrar and enter it in the Digest field. The digest is a string of integers.

    7. In the dialog box that appears, click Send Verification Code to obtain a verification code. Then, enter the code to complete

      email verification.