Deploy360 19 January 2012

How To Sign Your Domain With DNSSEC Using GoDaddy.com

GoDaddy.com provides an extremely simple web interface to enable DNSSEC with the purchase of their Premium DNS service.

GoDaddy’s “Premium DNS” service is currently (January 2012) priced at $2.99/month or roughly $36/year. This will allow you to configure DNSSEC for up to five domains. You can then purchase additional upgrades if you want to enable DNSSEC for more than 5 domains.

GoDaddy also provides full IPv6 support for domains with both IPv6-enabled name servers and web-based support for adding IPv6 records to domains.


The Internet Society Deploy360 Programme does not recommend or endorse any particular domain registrars. The information provided here is to assist users of this registrar to understand how to sign their domains with DNSSEC and is part of a larger program of gathering this DNSSEC configuration information across all domain registrars known to support DNSSEC. If you know of an additional registrar we should include, please contact us.


Configuring DNSSEC For A Domain At GoDaddy

Once you have purchased a domain from GoDaddy, you can go into the screen for the domain and click the link to launch the domain manager:

Godaddy dnsmgr 1

Next click on the “Advanced Settings” bar at the top of the screen followed by the “DNSSEC” tab in the window:

Godaddy dnsmgr adv

If this is the first domain you have configured for DNSSEC, you will need to purchase GoDaddy’s “Premium DNS” service which is currently (January 2012) priced at $2.99/month. This will allow you to configure DNSSEC for up to five domains.

Once you have completed the purchase process (or if you already had purchased the service), your “DNSSEC” tab will now show that DNSSEC is disabled and will have a radio button to enable it:

Godaddy dnsmgr adv off

Simply select the “On” button and you will be prompted for the email address GoDaddy should notify when a key is changed:

Godaddy dnsmgr adv on 1

After you press “Save” you will receive a message that the changes could take from 1 to 48 hours to take effect. Once the changes take effect, you will see that the domain is now listed as “Signed”:

Godaddy dnsmgr dnssec success 1

That’s it!

You can then go to one of the DNSSEC test sites to verify that the domain is correctly set up. For example, here are the test results for the domain “dnssec-test-gd.net” hosted at GoDaddy:

GoDaddy will handle all further signing of the zones and also key rollover, notifying you via email when such events occur.

Configuring DNSSEC For A Domain With DNS Hosted Elsewhere

If you purchase a domain from GoDaddy (or transfer an existing domain to GoDaddy) and host the DNS records on another service, including your own name servers, you can easily add Delegation Signer (DS) records to your domain. In the Domain Details screen, click on “Manage DS Records”:

Godaddy dnsmgr 2

Note that you will only be able to access this screen if your nameservers are pointing to a site/service other than GoDaddy’s servers.

Configuring DNSSEC For A Domain Registered Elsewhere

If you have registered a domain with another registrar, but are using GoDaddy to host the DNS records, GoDaddy provides an easy way to get the relevant DS records that you will need to provide to the other registrar. On the Premium DNS tab, click on the link for “View DS Records”:

Godaddy dnssec dsrecords 1

This will display the DS records and provide an easy “Copy to Clipboard” button:

Godaddy dnssec dsrecords 2

NOTE: For this to work, of course, the other registrar also needs to support DNSSEC. Once you add these DS records at the other registrar, that registrar should then make those DS records available to higher level name servers, including the TLD name servers.

More Information

GoDaddy provides the following information on their site:

,

Related Resources

Deploy360 1 March 2019

DNS Privacy Frequently Asked Questions (FAQ)

Almost every time we use an Internet application, it starts with a Domain Name System (DNS) transaction to map...

Deploy360 1 March 2019

IPv6 Security for IPv4 Engineers

This document provides an overview of IPv6 security that is specifically aimed at IPv4 engineers and operators. Rather than...

Deploy360 27 February 2019

Introduction to DNS Privacy

Abstract Almost every time we use an Internet application, it starts with a Domain Name System (DNS) transaction to...