DNSSEC stands for DNS Security Extensions, and it is designed to protect Internet resolvers (clients) from forged DNS in order to prevent DNS tampering. DNSSEC works by digitally signing the DNS records at the authoritative DNS server. By checking the digital signature, a DNS resolver knows whether the information it receives is identical (correct and complete) to the information on the authoritative DNS server. This attests to the validity of the address, and ensures that the site you visit is the one you intended to go to rather than a site where your personal information could be compromised. If the DNS cannot be authenticated, your browser won't display the site.

Your DNS provider supplies the DNSSEC values that you enter for your domains.
Note: OpenSRS does not do any DNSSEC validation; we simply pass the DNSSEC values on to the registry.

You cannot assign DNSSEC values to the domain at the time that you register it, but once the domain is registered, you can modify it and add the DNSSEC values. There is no charge for this service.

Transfers in

For domains being transferred in, DS records will be maintained and carried over to OpenSRS.

This section contains the following:

Example requests and responses can be found for the following commands:

📘

Note

DNSSEC commands are only available to certain TLDs. Please check the TLD reference chart and look under the column "Reseller managed DNSSEC"

Please also see Configuring DNSSEC for more detailed overview of DNSSEC.