DNSSEC (Domain Name System Security Extensions) are a domain DNS feature that adds an additional layer of security to the domain name lookup process. It works by adding digital signatures to DNS data, allowing domain owners to sign their DNS records cryptographically and then verifying the digital signatures to confirm the integrity and authenticity of the DNS data.
If your domain is registered at Hostinger or any other provider, and pointing to our nameservers, we have built-in features to protect your records. Therefore, DNSSEC is not supported.
How to Add DNSSEC Records
In case your domain is registered at Hostinger, pointing elsewhere by nameservers and your domain's extension (TLD) supports DNSSEC, you can add DNSSEC records by following these steps:
Navigate to the Domains section and click on the domain in question, or click on the ellipsis button and select Manage:
Select the DNS / Nameservers option the left sidebar:
Go to the DNSSEC tab:
Enter the required values for the DNSSEC record: key tag, algorithm, digest type and digest value. When all is good to go, click on Add
If you cannot find the DNSSEC option or is otherwise disabled, it means that your domain's TLD does not support DNSSEC 💡
Where to Obtain DNSSEC Record Values
The values for your DNSSEC record must be generated by the provider where your domain is pointing via nameservers.
For example, if your domain is pointing to Cloudflare, you can obtain the DNSSEC records by following this guide: Enabling DNSSEC in Cloudflare.
How to Delete DNSSEC Records
To permanently remove an existing DNSSEC record, simply click on delete next to the record:
If needed, you can add a new record afterward. If you leave it empty to disable DNSSEC altogether, make sure to also disable DNSSEC from your domain's DNS management.