circle-info
Welcome to the reworked documentation of hostware. If you have any questions, we are happy to help in a support ticket.
Create ticketarrow-up-right
search
WebsiteDashboardFeedback board

DNSSEC

By enabling DNSSEC for your domain, you help prevent attackers from redirecting users to malicious IP addresses by spoofing DNS responses.

We currently have integrated DNSSEC at these domain modules:

hashtag
Opus DNS

At the DNSSEC page of domain, you can enable DNSSEC for a domain provided by Opus DNS, both on the zone side and on the domain side. After enabling, you can see the DS and DNSKEY records listed:

You can also easily disable it by clicking "Deactivate DNSSEC" button, which will disable it for both zone and domain.

It could be the case that your Opus DNS provided domain has an external DNS host like PowerDNS or Cloudflare. You can easily enable DNSSEC in this case too, by just clicking "Enable DNSSEC" button where we enable DNSSEC for the domain`s zone at PowerDNS or CLoudflare.

We automatically retrieve the DS records generated on zone side, and publish the to domain registrar at OpusDNS, so no manual DS entry is required.

hashtag
AutoDNS

To enable DNSSEC for a domain managed by AutoDNS in Hostware, the domain must use an external DNS host (for example PowerDNS or Cloudflare). This is required because, AutoDNS domain DNSSEC is completed from external zone DNSSEC data, without an external DNS host assignment, the DNSSEC page is hidden for AutoDNS domains.

When you click "Activate DNSSEC", Hostware first enables DNSSEC on the external zone provider. After zone signing is active, Hostware retrieves the generated DNSKEY data from the zone and submits it to AutoDNS for the domain. No manual registrar DS entry is needed in this flow.

AutoDNS processes domain updates asynchronously. During processing, the domain-side DNSSEC status is shown as pending, and DNSSEC action buttons are locked until processing completes. Once finished, the final DNSSEC state and related records are shown in the DNSSEC detail view.

You can also deactivate DNSSEC from Hostware. The same asynchronous AutoDNS processing behavior applies during deactivation, so status may remain pending briefly before the final state is reflected.

hashtag
CPS-Datensysteme

To enable DNSSEC for a domain managed by CPS-Datensysteme in Hostware, the domain must use an external DNS host (for example PowerDNS or Cloudflare). In this implementation, CPS handles domain-side DNSSEC, while zone-side DNSSEC must be provided by the external DNS host. If no external DNS host is assigned, the DNSSEC page is not shown for CPS domains. When you click "Activate DNSSEC", Hostware first enables DNSSEC on the external zone provider. After the zone is signed, Hostware reads the generated DNSKEY records and submits them to CPS for domain-side DNSSEC publication. This avoids manual registrar-side key entry in the normal flow. After activation, the DNSSEC status and available DNSSEC records are shown in the domain DNSSEC detail page. Depending on provider processing and API response timing, status updates may not be instantaneous. You can also deactivate DNSSEC from Hostware. Deactivation runs on both sides (zone side and domain side) and the DNSSEC status is updated accordingly after synchronization.

PreviousDomain registration failed, but hostware says “Active”NextIntroduction

Last updated

Was this helpful?