DNSSEC for Squarespace domains

How DNSSEC protection works with Squarespace Domains.

Last updated January 11, 2025

DNSSEC protection is automatically enabled for all Squarespace-managed domains with a TLD that supports DNSSEC. DNSSEC protects your domain against attacks, like DNS spoofing or redirecting your domain to a malicious site. This guide explains how DNSSEC works and where to find resources on how to add extra DNSSEC protection to your domain.

Watch a video

What is DNSSEC and how does it work with Squarespace domains?

Domain Name System Security Extensions, or DNSSEC, is an advanced form of domain security. It uses a series of public and private keys to ensure data from the domain wasn’t altered as your visitors load the site. These keys are automatically stored in your DNS records as DS or DNSKEY records.

To learn more about adding DS records or DNSKEY records, visit DNS records for security.

Disabling DNSSEC settings

DNSSEC is automatically disabled if you switch to using custom nameservers for your domain. If you don't use custom nameservers but have other complex security needs, you may need to manually disable DNSSEC.

To disable DNSSEC:

  1. Open your domains dashboard.
  2. Click the domain you're editing.
  3. Click DNS, then click DNSSEC.
  4. Switch off the DNS Security Extensions toggle.

Note

If you don't see the DNS Security Extensions toggle, follow our troubleshooting steps.

  1. A confirmation window will appear. Click Confirm. This removes the DNSSEC information from the domain and registry.

Adding third-party DNSSEC protection

If you'd prefer to add third-party DNSSEC protection to your domain instead of using Squarespace's built-in option, you can purchase third-party DNSSEC protection from a provider, like Cloudflare, and add it to your DNS settings using the steps below. You can add third-party DNSSEC protection to your DNS settings using DS records or DNSKEY records.

Tip

In most cases, your domain provider provides DNSSEC. Contact your domain provider to see if you need to add DNSSEC to your domain.

To add third-party DNSSEC protection to your domain:

  1. Open your domains dashboard.
  2. Click the domain you're editing.
  3. Click DNS, then click DNSSEC and Add record.
  4. If your domain is registered to Squarespace Domains, LLC and is using custom nameservers, you can add DS records with these fields in the DNSSEC window:
    • Key tag
    • Algorithm
    • Digest type
    • Digest
  5. Enter information from your third-party DNSSEC provider in the fields, then click Save.

Tip

If you add third-party DNSSEC protection to your domain, keep in mind:

  • You can only add one DNSSEC record to your domain.
  • Contact your third-party DNSSEC provider for the values needed to add a DNSSEC record.

Re-enabling DNSSEC settings

DNSSEC is automatically enabled on any Squarespace Domains LLC domains with a TLD that supports DNSSEC. To manually enable DNSSEC after disabling:

  1. Open your domains dashboard.
  2. Click the domain you're editing.
  3. Click DNS, then click DNSSEC.
  4. Switch the toggle beside DNS Security Extensions on.

If you change back to Squarespace's default nameservers from custom ones, you'll be prompted to re-enable DNSSEC. Click View DNSSEC in the window that appears, then switch on the toggle beside DNS Security Extensions.

Troubleshooting

Here are some issues you may encounter with DNSSEC and how to resolve them.

Error message: Records are incompatible with DNSSEC

If you're adding an advanced DNS record to your DNS settings, you might see this error message in the DNSSEC panel.

To resolve this:

  1. Disable DNSSEC.
  2. Add the DNS record again.

Error message: DNSSEC validation failure

This error can occur if you’re having trouble sending or receiving email while using custom nameservers.

To resolve this issue:

  1. Reset your nameservers back to the Squarespace defaults.
  2. Enable DNSSEC.
Footer Image
  • Get help from our community

  • Get help from our community on advanced customizations.

  • Hire a Squarespace Expert

  • Stand out online with the help of an experienced designer or developer.

DNSSEC for Squarespace domains