DNSSEC automatically protects all Squarespace-managed domains with top-level domains against DNS spoofing and malicious redirects. This security feature uses public and private keys stored as DS or DNSKEY records in your DNS configuration.

How DNSSEC Works on Squarespace

Domain Name System Security Extensions (DNSSEC) verifies domain data integrity when visitors access your site by using encrypted keys. These are automatically maintained in your DNS records.

Managing DNSSEC Settings

To disable DNSSEC:

1. Access domain control panel
2. Select your domain
3. Navigate to DNS > DNSSEC
4. Toggle off DNS Security Extensions
5. Confirm the change

DNSSEC automatically disables when using custom ad servers. To re-enable:

1. Access domain control panel
2. Select your domain
3. Navigate to DNS > DNSSEC
4. Toggle on DNS Security Extensions

Using Third-Party DNSSEC Protection

You can add third-party DNSSEC protection (like Cloudflare) by:

1. Open domain control panel
2. Select your domain
3. Go to DNS > DNSSEC > Add Record
4. Enter provider's information:
   • Key Tag
   • Algorithm
   • Digest Type
   • Digest
5. Save changes

Note: Only one DNSSEC record can be active per domain.

Troubleshooting Common Issues

Records Not Compatible with DNSSEC:

1. Disable DNSSEC
2. Re-add DNS record

DNSSEC Validation Error:

1. Reset name servers to Squarespace defaults
2. Re-enable DNSSEC

These steps ensure proper domain security while maintaining compatibility with your DNS configuration.

Related Articles

Previous Articles