About Self-Managed DNSSEC
Domain Name Security Extensions (DNSSEC) adds an extra layer of security to your domains by attaching digital signature (DS) records to their DNS information. You can self-manage DNSSEC for domains registered with GoDaddy when they are using third-party (not GoDaddy) nameservers that have DNSSEC enabled.
To use DNSSEC successfully and manage DS records, you'll need to ensure your domain and its zone file meet these requirements:
- The domain name is registered through GoDaddy.
- The registry for the domain name must support DNSSEC for the domain name's extension.
- The domain is using third-party (not GoDaddy) nameservers, and you have control over signing your zones. You'll need to review this information with your DNS provider.
- The domain name must be in an active status, not flagged by the registry, and have valid data as shown on the WHOIS directory.
To enable DNSSEC, the zone must be digitally signed by your DNS server. During signing, you create a Delegation of Signing (DS) record. Each DS record contains information the registry uses to authenticate using DNSSEC. You use the DS Record and the information it contains to enable DNSSEC for your zone.
Once you have the DS record information from your DNS provider, you'll be able to add a new DS record in your GoDaddy account.