👀 Choose SSD-powered VPS servers for increased speed, power, and security! Now 50% off- starting from only $3.19/mo.
This article provides a guide demonstrating how to enable DNSSEC in cPanel for domains hosted on cPanel hosting account.
Enable DNSSEC in cPanel
To enable DNSSEC for a domain hosted on your cPanel hosting account, follow the guide below:
-
Sign Your Domain
- cPanel » Zone Editor → Manage for your domain.
- Open the DNSSEC tab.
- Click Generate Key. The system signs the zone and shows DS data (Key Tag, Algorithm, Digest Type, Digest).
-
Publish DS at Your Registrar
- Log in to your domain registrar.
- Open the domain’s DNSSEC section.
- Add a DS record using the values from cPanel.
- Save.
-
Verify
dig +dnssec yourdomain.com A @8.8.8.8 delv yourdomain.com A- Look for AD flag or delv “secure”.
-
Rotate Keys Later (optional)
- cPanel » Zone Editor » DNSSEC → Roll Keys (or Generate New Key if provided).
- Update the registrar with the new DS; after propagation, remove the old DS.
-
Common Pitfalls
- Registrar DS doesn’t match your current keys (copy/paste carefully).
- Using third-party nameservers: DNSSEC must be managed where the zone is hosted.
- Host hasn’t enabled DNSSEC on the server—ask support to enable DNSSEC/PowerDNS first.
Conclusion
You now know how to enable DNSSEC in cPanel (for domains on cPanel hosting account).
