Articles on: Domains

How do I enable DNSSEC for my domain?

DNSSEC (Domain Name System Security Extensions) adds an additional layer of security to DNS by digitally signing DNS records. This helps protect your domain from DNS spoofing and cache poisoning attacks.


DNSSEC is an advanced configuration. If it is configured incorrectly, it can prevent your domain from resolving correctly. If you do not specifically require DNSSEC, it is usually best not to enable it.


We support DNSSEC for most domains, including co.za, org.za, net.za, web.za and international domains (where supported by the registry).


DNSSEC must be enabled in two places:


  1. At your DNS provider (where your DNS records are hosted, for example, cPanel or Cloudflare). This generates the DNSSEC keys for the domain's DNS Zone.
  2. At the domain registry (via our Client Area). This publishes the DS or DNSKEY record for your domain.


Both steps must be completed for DNSSEC to work correctly.


Step 1: Enable DNSSEC at your DNS provider


You must first enable DNSSEC where your DNS zone is hosted.


Enabling DNSSEC when using cPanel


  1. Log in to cPanel
  2. Navigate to Domains
  3. Click Zone Editor
  4. Select DNSSEC
  5. Click Create Key
  6. Click Customize
  7. Under Algorithm select ECDSA Curve P-256 with SHA-256 (Algorithm 13)
  8. Click Create


cPanel will generate the required DNSSEC records.


Enabling DNSSEC when using Cloudflare


  1. Log in to your Cloudflare dashboard
  2. Select your domain
  3. Go to DNS
  4. Open Settings
  5. Find the DNSSEC section
  6. Click Enable DNSSEC


Cloudflare will automatically generate the required DNSSEC records.


Enabling DNSSEC when using another DNS provider


You will need to follow their steps to publish DNSSEC records for your domain (if their name servers support DNSEC)


Step 2: Add DNSSEC records in our Client Area


Once DNSSEC has been enabled at your DNS provider, you must add the DNSSEC records to your domain in our Client Area. This publishes the DNSSEC records at the domain registry and completes the DNSSEC setup.


  1. Log in to the Client Area
  2. Go to Domains
  3. Click Manage next to your domain
  4. Click the DNSSEC tab
  5. Click Autopopulate from DNS (If DNSSEC records are detected from your DNS provider, they will automatically populate in the form.)
  6. Click Add DNSSEC or Add DS Record


Once added, DNSSEC will be enabled for your domain. DNSSEC changes may take some time to propagate. Please allow a few hours for the changes to take effect before testing your domain.


You can verify your DNSSEC configuration using tools such as:



Disabling DNSSEC


If your domain is not resolving correctly due to DNSSEC (for example after changing nameservers), you may need to disable DNSSEC.


To disable DNSSEC:


  • Log in to our Client Area
  • Navigate to Domains
  • Click Manage next to your domain
  • Click the DNSSEC tab
  • Click the Delete All DS/DNSKEY Records (Disables DNSSEC) button under the Disable DNSSEC section


Once all DS records have been removed, DNSSEC will be disabled for the domain. After disabling DNSSEC, please allow some time for DNS changes to propagate.


If you are unsure how to configure DNSSEC or would like assistance verifying your configuration, please contact our support team via a support ticket or by emailing us at helpdesk@elitehost.co.za.

Updated on: 06/03/2026

Was this article helpful?

Share your feedback

Cancel

Thank you!