Setting up DNSSEC for domain

We offer DNSSEC only for CZ and EU domains and only those which are registered with us. Later, we will offer DNSSEC also for generic domains.

Using DNSSEC and all changes in its settings are completely free.

Setting up DNSSEC

To set up DNSSEC for your domain, follow these steps:

  1. Log in to your account in the customer center (
  2. Select tab Domains
  3. Open the detail of specific domain
  4. In the left column, click on the link DNSSEC settings

There are 3 options of DNSSEC:

  1. Do not use DNSSEC – default option domain is not protected by DNSSEC.
  2. Use DNSSEC WEDOS – can be used only for domains that use our DNS servers. In this case, activates DNSSEC, DNS records are signed by our keys and will be set our KEYSET for the domain. We also care about the appropriate replacement of keys. The customer need not to worry about anything.
  3. Use your own KEYSET – can be used only for domains that do NOT use our DNS servers. Here the customer can set up the domain for any KEYSET, but the signing DNS records on DNS servers must take care of himself.
  4. Create and use your own KEYSET – identical to the previous option, except that it is possible to create a KEYSET directly by entering your own DNSSEC keys.
  5. Use your own DNSSEC keys – can only be used for domains that do not use our DNS servers and do not support KEYSETs (generics domains). Here you can set your own DNSSEC keys (type Digest or DNSKEY) for the domain, which must be obtained from the DNS server provider of the domain (if it supports DNSSEC). The DNS service provider or the customer himself must take care of the signing of DNS records on the DNS servers.

Setting up DNSSEC is a time-consuming procedure. It may take several hours before any change in the settings will take effect. So after setting you to need to wait patiently.

Multiple DNSSEC setting

In the customer center is also possible to set DNSSEC for multiple domains simultaneously. In the list of domains, you can mark domains where you want to make the change, and the bottom of the drop-down menu, select action with the selected items: DNSSEC Setting and follow the instructions.

Check DNSSEC functionality

To check the settings and the proper functionality of DNSSEC for the domain, we recommend the following tools:

  • DNSSEC Validator – plug-in for Firefox, developed by Czech organization CZ.NIC
  • DNS visualization tool – tool for analysis and graphical representation of DNS records and of DNSSEC keys and their status