DNSSEC protection automatically secures all Squarespace-managed domains with compatible TLDs, preventing DNS spoofing and malicious redirects. This security feature uses public and private keys stored as DS or DNSKEY records in your DNS settings.

Managing DNSSEC Settings

To disable DNSSEC:

1. Open domains panel
2. Select your domain
3. Click DNS > DNSSEC
4. Toggle off DNS Security Extensions
5. Click Confirm

To re-enable DNSSEC:

1. Open domains panel
2. Select your domain
3. Click DNS > DNSSEC
4. Toggle on DNS Security Extensions

Adding Third-Party DNSSEC Protection

1. Open domains panel
2. Select your domain
3. Click DNS > DNSSEC > Add record
4. Complete required fields:
   • Key Label
   • Algorithm
   • Digest Type
   • Digest
5. Click Save

Note: You can only add one DNSSEC record per domain.

Troubleshooting Common Issues

"Records are not compatible with DNSSEC":

1. Disable DNSSEC
2. Re-add the DNS record

"DNSSEC validation error" (email issues with custom nameservers):

1. Reset to Squarespace's default nameservers
2. Re-enable DNSSEC

Important Notes:

• DNSSEC automatically disables when using custom nameservers
• When switching back to Squarespace nameservers, you'll need to manually re-enable DNSSEC
• Contact your external DNSSEC provider for specific record values
• Only domains with DNSSEC-compatible TLDs can use this feature

Related Articles

Previous Articles