How To Set Up Cloudflare DNSSEC Security For Google Domains

Domain name system or DNS converts machine names of website such as Internet protocols into a human legible website name such as mohanmekap.com If these are not well proofed then there are chances that yours website may face cache poison attacks or NDS spoofing that would invite many malicious contents into yours website as well it can provide attacks to the uses who also at yours website.

That is why it is important to enable DNSSEC on yours website so that when these information are exchanged between servers then it will go through a signed process to authenticate website domain name system process. DNSSEC is full form is domain name security extensions that provide easier ways to authenticate sharing of information.

How to protect yours website against forged DNS answers

In order to set up DNSSEC set up on your domain you will have to put information at your domain. Let us put DNSSEC security on a cloudflare enabled website. Before doing this, firs t ensure yours website runs through cloudflare. In simpler term is How to set up cloudflare CDN for your WordPress blog.

go to CloudFlare account and in its dashboard, From its HOME tab click on ADD SITE. Write down the domain name of your site. If your site is https://mohanmekap.com, then write down mohanmekap.com in the SITE space and then click on ADD SITE.

Then for few minutes, it should scan DNS settings of your site. Then it will show two CloudFlare name servers. This is important considering when you decide to use CloudFlare Nameservers you need to change your domain’s authoritative DNS servers, which are also referred to as name servers.

It will assign you by two name servers. You need to change name server of your domain to Cloudflare name servers. Do not change yours hosting name servers.

Generally, name server of the domain is connected with name server of your hosting package. Login to your hosting account. Suppose you buy the domain and hosting from Bigrock hosting registrar, then login to Bigrock Login account of yours. This is different from cPanel hosting package.

Login to hosting registrar account and then open the dashboard and then go to DOMAIN REGISTRATION and then NAME SERVER. Click on it you must find, name server of your hosting. To check this out you can open hosting tab, in my case, it is SINGLE DOMAIN LINUX HOSTING and then clicks on NAME SERVER DETAIL to name server of hosting package.

Now move to NAME SERVERS of DOMAIN REGISTRATION and then change both the name servers to nameservers provided to you from your free CloudFlare account in the new window namely MANAGE NAME SERVERS. Then Click on UPDATE NAME SERVERS. The detailed article can be found here

How to prevent threats like cache poison attacks and NDS spoofing attacks on yours website through DNSSEC records
Enable DNSSEC on Cloudflare dashboard:

• Go to cloudflare dashboard
• From left hand top site click DNS
• Scroll down to reach to DNSSEC and then enable it and it should provide DS record, digest, digest type -2 , algorithm, public key, key tag, flags.
• Then save the DNSSEC records.
• Enable DNSSEC record on Google Domain:

I use Google Domain and that is why the heading is, but this can be done with any domain from any registrar you have.

• Login to Google Domain with yours Google address.
• Select yours website name
• In my case it is mohanmekap.com
• From setting go to DNS
• Scroll down to reach DNSSEC
• You need key tag, algorithm, digest type and digest and these records to be copied from cloudflare’s mohanmekap.com dashboard’s DNSSEC record.
• From Cloudflare’s DNSSEC record copy key tag or just click to copy and then paste it on Google Domain’s DNSSEC record key tag.
• For algorithm you will see a number in cloudflare DNSSEC and from Google Domain DNSSEC select the same number such as 10 or 12.
• In the Digest Type 2 copy the SHA and then from drop down of Google Domain DNS select the number 2 from drop down.
• In the Digest copy the long numbers and alphabets from DNSSEC segment of cloudflare and then move into Google Domain and then from its DNS segment at DNSSEC paste the long code that you have copied and then save DNSSEC.