3.1.15. DNSSEC

We support DNSSEC, but at the moment we have not yet added functionality to fully work with this technology. All requests for adding DS records are made upon request in technical support.

Conditions for adding a DS record (required for DNSSEC to work):

  • The domain zone must support DNSSEC. These areas include:
    • International and Subject — all gTLDs (.COM, .NET, etc.) and New gTLD domains (.CLUB, .AUDIO, etc.) that are on the list available for registration.
    • Ukrainian:
      • .UA.
      • .COM.UA.
      • .KYIV.UA and .KIEV.UA.
      • .POLTAVA.UA and .PL.UA.
      • .UZ.UA.
  • We must be the current domain registrar.
  • The domain must have third party NS (not ours) that support DNSSEC. On our NS support for this technology will appear a little later.
  • The zone file (your domain name) must be signed.

After signing the zone DNS-the service where the domain is directed should provide you with a DS record. This DS record must be provided to us in a request to technicalsupport with the indication of the domain name. For our part, we add a glue DS record to the parent zone. After that, you can check the correctness of the entire chain here.