DNS records for security

Set up advanced security DNS records.

Last updated December 13, 2024

All Squarespace sites include free SSL certificates for automatic domain security. If you have advanced security needs, you can purchase additional DNS records from third-party providers for more protection. This guide shares resources on how to add multiple security DNS records to your DNS settings.

Use this guide to find where you can add more DNS records to your DNS settings. You'll only need to edit these records if you're using a third-party service that needs access to your domain. If your domain is connected via DNS Connect, edit your DNS settings in your account with your third-party domain provider instead of following this guide.

Tip

If your third-party domain is connected via DNS Connect, edit your DNS settings in your third-party domain provider account instead of following this guide.

Note

Our scope of support for DNS records is limited. We can help with showing you where to add records to your DNS settings. We can’t provide technical advice about DNS records or information about how DNS records work with other services. If you need more help, you can get peer-to-peer help in the Domains section of the Squarespace Forum or contact the service you're trying to connect, using our sample message.

Before you begin

To start editing your DNS records, you'll open your domains dashboard and click the domain name. If you have multiple Squarespace domains, you'll manage their DNS records separately.

CAA

A Certification Authority Authorization (CAA) is a security record that provides additional confirmation for Certification Authorities (CA) when they’re validating an SSL certificate associated with your site. In most cases, you don’t need CAA records because Squarespace protects your site and its content with free, automatic SSL certificates for all domains.

If you have advanced security needs, you can purchase additional protection from a provider like Cloudflare. You’ll need the CAA record from your provider to add to the Data field. CAA records contain a flag, tag and CA domain. They look something like this: 0 issue “example.org”.

To add a CAA record:

  1. Click DNS, and then click DNS Settings.
  2. Scroll down to Custom Records.
  3. Click Add record.
  4. In the Type dropdown menu, select CAA.
  5. In the Host field, enter @. In the Data field, enter data from your provider. It should be in flag, tag and value format: 0 issue “example.org".
  6. Click Save to add the record to your settings.

DS and DNSKEY

Delegation signer (DS) and Domain Name System key (DNSKEY) records contain security keys automatically added to your domain when DNSSEC protection is enabled.

DNSSEC protection is automatically included with all Squarespace-managed domains with a TLD that supports DNSSEC. DNSSEC protects your domain against attacks, like DNS spoofing or redirecting your domain to a malicious site.

If you need custom DNSSEC protection, you can purchase DS records from a third party, like Cloudflare, and add them in your domain's DNSSEC panel.

To add custom DS or DNSKEY records, add custom nameservers from your provider, which will automatically disable DNSSEC protection.

After you add custom nameservers, you can add a total of up to eight DS records or DNSKEY records to your DNS settings.

Tip

You can add a maximum of eight records to the DNSSEC panel.

To add DS records:

  1. Open your domains dashboard.
  2. Click the domain you're editing.
  3. Click DNS, then click DNSSEC and Add record.
  4. If your domain is registered to Squarespace Domains, LLC and is using custom nameservers, you can add DS records with these fields in the DNSSEC window:
    • Key tag
    • Algorithm
    • Digest type
    • Digest
  5. Enter information from your third-party DNSSEC provider in the fields, then click Save.

Note

Due to regulatory reasons, DNSKEY records are only available for migrated .de and .nl domains migrated from Google and use these fields:

  • Key Tag
  • Algorithm
  • Digest Type
  • Digest

HTTPS

All Squarespace domains come with free SSL certificates which provides basic HTTPS protection. Most Squarespace sites don’t need additional HTTPS protection. If you have advanced security needs, you can reach out to a third-party provider, like Cloudflare, to purchase additional HTTPS protection.

You’ll need the HTTPS record from your provider to add to the Data field.

To add an HTTPS record:

  1. Open your domains dashboard.
  2. Click the domain name. If you have multiple Squarespace domains, you'll manage their DNS records separately.
  3. Click DNS, and then click DNS Settings.
  4. Scroll down to Custom Records.
  5. Click Add record.
  6. In the Type dropdown menu, select HTTPS.
  7. In the Host field, enter @.
  8. In the Data field, enter data from your provider.
  9. Click Save to add the record to your settings.

PTR

DNS pointer records, or PTR records, are used for the reverse DNS record lookup. PTR records confirm the validity of your domain’s IP addresses, and are often used when setting up a mail server for a site. You’ll need the PTR record from your provider to add to the Data field.

To add a PTR record:

  1. Click DNS, and then click DNS Settings.
  2. Scroll down to Custom Records.
  3. Click Add record.
  4. In the Type dropdown menu, select PTR.
  5. In the Host field, enter @.
  6. In the Data field, enter the PTR record from your provider.
  7. Click Save to add the record to your settings.

SSHFP

A Secure Shell Fingerprint (SSHFP) record verifies the trustworthiness of the internet devices you’re connecting to through Secure Shell (SSH). SSHFP records are an option if you have advanced security needs. You can reach out to a third-party provider, like Cloudflare, to generate an SSHFP record.

You’ll need the SSHFP record from your provider to add to the Data field.

Note

SSHFP is only available for domains registered with Squarespace. At this time, SSHFP is unavailable for domains that are registered with a third party and connected to Squarespace using Nameserver Connect.

To add an SSHFP record:

  1. Click DNS, and then click DNS Settings.
  2. Scroll down to Custom Records.
  3. Click Add record.
  4. In the Type dropdown menu, select SSHFP.
  5. In the Host field, enter @.
  6. In the Data field, enter the PTR record from your provider. It should be in this format: 2 1 123456789abcdef. (spaces included)
  7. Click Save to add the record to your settings.

SVCB records

A Service Binding (SVCB) record adds multiple security certificates to a site. Most Squarespace sites don’t need SVCB records because because Squarespace protects your site and its content by offering free SSL certificates for all domains. If you have advanced security needs, you can reach out to a third-party provider, like Cloudflare, to generate an SVCB record.

You’ll need the SVCB record from your provider to add to the Data field.

To add an SVCB record:

  1. Click DNS, and then click DNS Settings.
  2. Scroll down to Custom Records.
  3. Click Add record.
  4. In the Type dropdown menu, select SVCB.
  5. In the Host field, enter @. (If you’re adding records to a subdomain, enter the subdomain here instead).
  6. In the Data field, enter data from your provider.
  7. Click Save to add the record to your settings.

TLSA

A Transport Layer Security Authentication (TLSA) record helps validate any SSL or TLS certificates added to your site. TLSA records provide an additional layer of protection that verify your servers are secure. Most Squarespace records don’t need TLSA records because because Squarespace protects your site and its content by offering free SSL certificates for all domains. If you have advanced security needs, you can use a third-party provider, like Cloudflare, to generate a TLSA record.

You’ll need the TLSA record from your provider to add to the Data field.

To add an TLSA record:

  1. Click DNS, and then click DNS Settings.
  2. Scroll down to Custom Records.
  3. Click Add record.
  4. In the Type dropdown menu, select SSHFP.
  5. In the Host field, enter @.
  6. In the Data field, enter the TLSA record from your provider.
  7. Click Save to add the record to your settings.

Troubleshooting

For help with fixing DNS issues, visit Troubleshooting issues with DNS records.

Footer Image
  • Get help from our community

  • Get help from our community on advanced customizations.

  • Hire a Squarespace Expert

  • Stand out online with the help of an experienced designer or developer.

DNS records for security