Domain Name System Security Extensions (DNSSEC) can provide you with digital signatures to verify the destination URLs to which your domain names are redirected. You can add DNSSEC records to a domain name to authenticate the Domain Name System (DNS) servers that host your domain name. This helps you avoid attacks such as DNS cache poisoning. This topic describes how to add DNSSEC records in and synchronize the DNSSEC records to the Alibaba Cloud Domains console.

Limits on DNSSEC configurations

  • Supported types of domain names

    Currently, Alibaba Cloud does not support DNSSEC for all domain names. Supported domain names include .com, .net, .cc, .tv, .name, .biz, .club, .cn, and .top. The DNSSEC setting menu appears in the left-side navigation pane only for domain names that support DNSSEC.

  • Domain name resolution

    You can follow the procedure in this topic to configure and view DNSSEC of domain names that are not resolved by Alibaba Cloud DNS servers. For more information about how to configure DNSSEC for domain names that are resolved by Alibaba Cloud DNS servers, see Configure DNS Security Extensions.

Procedure

  1. Log on to the Alibaba Cloud Domains console.
  2. On the Domain Name List page, find the target domain name and click Manage in the Action column.
  3. In the left-side navigation pane, click DNSSEC setting to go to the DNSSEC setting page.
    Note If DNSSEC settings does not appear in the left-side navigation pane, your domain name does not support DNSSEC.
  4. Optional:Click Synchronize DS Record.
    If the domain name is transferred to Alibaba Cloud from another domain name registrar and you have added DNSSEC records, click Synchronize DS Record to synchronize the DNSSEC records to the Alibaba Cloud Domains console.
  5. Click Add DS Record to add a DNSSEC record.
    Note You can add up to eight DNSSEC records for each domain name.
  6. In the Add DS Record pane, set related parameters and click Submit.
  7. In the dialog box that appears, click Get Verification Code to obtain a verification code. Then, enter the code to complete email verification.