How to Manage DS Records from SWPanel

Guide to Creating a DS Record in SWPanel

Introduction to DS Records and DNSSEC

DNSSEC (Domain Name System Security Extensions) is a security extension for DNS that allows DNS records to be digitally signed and protected against attacks such as DNS response spoofing. A key element in DNSSEC is DS (Delegation Signer) records, which ensure the chain of trust between a DNS zone and its parent zone.

A DS record contains a hash of the KSK (Key Signing Key) of the delegated zone and is stored in the parent zone to authenticate the domain delegation. This process enhances security and prevents manipulated DNS responses from being accepted as valid.

Note: Managing DS records in SWPanel is available exclusively in Professional and Reseller modes. To learn about the differences between these modes and how to switch between them, consult the following manual:

📃 Manual: SWPanel Modes of Operation

Creating a DS Record for Your Domain

A DS record consists of the following parameters:

Parameter Definition
Key Tag Numeric identifier of the key. Value between 0 and 65535.
Algorithm Signature algorithm. Examples: 8 (RSA/SHA-256), 13 (ECDSA/SHA-256), 14 (ECDSA/SHA-384). Default value: 13.
Digest Type Type of hash used. Examples: 1 (SHA-1, obsolete), 2 (SHA-256), 4 (SHA-384). Default value: 2.
Digest Hexadecimal hash of the domain's public key.

Steps to Create a DS Record

  1. Log into SWPanel:

    • Access your SWPanel account.

  2. Navigate to the domains section:

    • In the side menu, select Domains & SSL > Domain Portfolio.

    The screenshot is for guidance only. It was taken on version 2025.02.0002 with date 10/03/2025. It may differ from what the current version of SWPanel displays.

  3. Select the domain:

    • Search for and click on the domain where you want to configure DNSSEC.
    • Click on [···] > DSSec Records.

    The screenshot is for guidance only. It was taken on version 2025.02.0002 with date 10/03/2025. It may differ from what the current version of SWPanel displays.

  4. Create the DS Record:

    • Click Create Record.

    • Enter the DS record details. Example:

      DS 12345 13 2 BB7B6D12702FC08769B5D3BA0383F5625EFD2688C04B67DEA74C1D44555D9F88

    The screenshot is for guidance only. It was taken on version 2025.02.0002 with date 10/03/2025. It may differ from what the current version of SWPanel displays.

  5. Save the changes:

    • Click Create Record to save the configuration.

    The screenshot is for guidance only. It was taken on version 2025.02.0002 with date 10/03/2025. It may differ from what the current version of SWPanel displays.

Activating DNSSEC on Your Hosting

If you have not yet activated DNSSEC on your hosting service, follow this manual to enable it in SWPanel:

📃 Manual: How to activate DNSSec on my hosting

Once activated, it is recommended to verify the propagation of changes using specialized tools such as:

Glossary of Terms

Term Definition
DNSSEC Security extension for DNS that protects against spoofing attacks.
DS Record Record that stores a hash of the KSK key to maintain trust in the delegation.
KSK (Key Signing Key) Key used to sign the ZSK and establish the authenticity of the domain.
ZSK (Zone Signing Key) Key used to sign DNSSEC records in the zone.
Key Tag Identifier of the DNSSEC key within the DS record.
Algorithm Cryptographic algorithm used to sign DNS records.
Digest Cryptographic summary of the public key used in the DS record.

With this guide, you can correctly configure DNSSEC on your domain and enhance the security of your website.

Legal Notice Cookie Information Data Protection Policy
2025 DeepThink Software SLU. All rights reserved. The prices shown on the website do not include any applicable taxes.