DNSSEC (Domain Name System Security Extensions) adds an extra layer of protection to your domain by ensuring that DNS information can’t be manipulated or forged. However, not all top-level domains (TLDs) currently support DNSSEC.
This article explains how to check whether a specific TLD supports DNSSEC within our system, so you can confirm compatibility before enabling it on your domain.
The first step is to check the article for the specific TLD in our knowledge base. Look in the “TLD supports” section to see if there is a green label that explicitly says "DNSsec". For instance, our KB article for .COM, which does support DNSSEC:
https://kb.centralnicreseller.com/domains/tlds/com
If there is no such label, we most likely do not support DNSSEC for that particular TLD.
Additionally, you can check via the GetZoneInfo command. For instance:
command = getzoneinfo
zone = com- As a reminder, you can submit any command via Direct API Console, in your Control Panel.
Scroll down and find the following properties:
property[supports dnssec][0] = 1This property relates to KEY data. A value of 1 means that KEY data is supported.
property[supports dnssec dsdata][0] = 1This other property relates to DS data. A value of 1 means DS data is supported.
If both properties have a value of 0, DNSSEC is not supported for that TLD.
In the example above, .COM supports DNSSEC, with both KEY data and DS data supported.
You can find more information about DNSSEC in our knowledge base article:
https://kb.centralnicreseller.com/dns/dnssec