Cloudflare last week announced the One-Click DNSSEC. Cloudflare users can now enable DNSSEC with a single click if their domain is registered with Cloudflare Registrar. Cloudflare says is working to support DNSSEC by default for sites on Cloudflare.
To activate DNSSEC, users need to visit the DNS tab in the Cloudflare dashboard, click “Enable DNSSEC”, and Cloudflare will handle the rest.
Historically, enabling DNSSEC required that users generate a DS record from a service like Cloudflare, copy it down, and then save it to the registrar so they could send it to your registry. Cloudflare removed those steps when Cloudflare is the registrar.
The records will be set in the next 24-36 hours with One-Click DNSSEC. Cloudflare says it’s free, it’s one-click, and it helps secure your site.
What is the purpose of DNSSEC?
DNS Security Extensions (DNSSEC) addresses DNS security weaknesses. DNSSEC works by digitally signing the DNS records at the authoritative DNS server with public-key cryptography. The key guarantees that visitors are not directed to a site that can be used for phishing or other malicious purposes.