GoDaddy.com provides an extremely simple web interface to enable DNSSEC with the purchase of their Premium DNS service.
GoDaddy’s “Premium DNS” service is currently (January 2012) priced at $2.99/month or roughly $36/year. This will allow you to configure DNSSEC for up to five domains. You can then purchase additional upgrades if you want to enable DNSSEC for more than 5 domains.
GoDaddy also provides full IPv6 support for domains with both IPv6-enabled name servers and web-based support for adding IPv6 records to domains.
The Internet Society Deploy360 Programme does not recommend or endorse any particular domain registrars. The information provided here is to assist users of this registrar to understand how to sign their domains with DNSSEC and is part of a larger program of gathering this DNSSEC configuration information across all domain registrars known to support DNSSEC. If you know of an additional registrar we should include, please contact us.
Configuring DNSSEC For A Domain At GoDaddy
Once you have purchased a domain from GoDaddy, you can go into the screen for the domain and click the link to launch the domain manager:
Next click on the “Advanced Settings” bar at the top of the screen followed by the “DNSSEC” tab in the window:
If this is the first domain you have configured for DNSSEC, you will need to purchase GoDaddy’s “Premium DNS” service which is currently (January 2012) priced at $2.99/month. This will allow you to configure DNSSEC for up to five domains.
Once you have completed the purchase process (or if you already had purchased the service), your “DNSSEC” tab will now show that DNSSEC is disabled and will have a radio button to enable it:
Simply select the “On” button and you will be prompted for the email address GoDaddy should notify when a key is changed:
After you press “Save” you will receive a message that the changes could take from 1 to 48 hours to take effect. Once the changes take effect, you will see that the domain is now listed as “Signed”:
That’s it!
You can then go to one of the DNSSEC test sites to verify that the domain is correctly set up. For example, here are the test results for the domain “dnssec-test-gd.net” hosted at GoDaddy:
- dnssec-test-gd.net at Verisign Labs DNSSEC Analyzer
- dnssec-test-gd.net at Sandia National Laboratories DNSviz
GoDaddy will handle all further signing of the zones and also key rollover, notifying you via email when such events occur.
Configuring DNSSEC For A Domain With DNS Hosted Elsewhere
If you purchase a domain from GoDaddy (or transfer an existing domain to GoDaddy) and host the DNS records on another service, including your own name servers, you can easily add Delegation Signer (DS) records to your domain. In the Domain Details screen, click on “Manage DS Records”:
Note that you will only be able to access this screen if your nameservers are pointing to a site/service other than GoDaddy’s servers.
Configuring DNSSEC For A Domain Registered Elsewhere
If you have registered a domain with another registrar, but are using GoDaddy to host the DNS records, GoDaddy provides an easy way to get the relevant DS records that you will need to provide to the other registrar. On the Premium DNS tab, click on the link for “View DS Records”:
This will display the DS records and provide an easy “Copy to Clipboard” button:
NOTE: For this to work, of course, the other registrar also needs to support DNSSEC. Once you add these DS records at the other registrar, that registrar should then make those DS records available to higher level name servers, including the TLD name servers.
More Information
GoDaddy provides the following information on their site: