Share This Post

Share on facebook
Share on linkedin
Share on twitter
Share on email

Overview

DNS (Domain Name System) converts human-readable domain names (for example, example.com) to computer-readable IP addresses (for example, 192.0.0.1). DNS relies on zone records that exist on your server to map domain names to IP addresses.

Several different types of records reside in a domain’s zone file. This feature allows you to create, edit, and delete the following records:

  • A

  • AAAA

  • CAA (Certificate Authority Authorization Record)

  • CNAME (Canonical Name Record)

  • DMARC (Domain-based Message Authentication, Reporting, and Conformance)

  • MX (Mail Exchanger)

  • SRV (Service Record)

  • TXT (Text Record)

Domains

This interface displays your account’s domains. For each domain in the list, you can perform some actions directly. Click the text to perform that action.

  • A Record — Add an A record for this domain.
  • CNAME Record — Add a CNAME record for this domain.
  • MX Record — Add an MX record for this domain.
  • DNSSEC Record — Manage DNSSEC (Domain Name System Security Extensions) for this domain.
  • Manage — Add or edit additional records for this domain.

To refresh the list of domains, click the gear icon and select Refresh List.

Manage Zone

This interface displays the zone records for the selected domain. To filter the list of zone records, enter a name in the text box or select one of the record type filters.

Add a record

To add a record, perform the following steps:

  1. Click Manage next to the domain that you wish to modify.
  2. Click the arrow next to Add Record to select a record type:
    • Add A Record — This record maps hostnames to IP addresses. A records allow DNS servers to identify and locate your website and its various services on the Internet. Without appropriate A records, your visitors cannot access your website, FTP site, or email accounts.
    • Add AAAA Record — This record maps hostnames to IPv6 addresses.
    • Add CAA Record — This record allows you to specify which certificate authority (CA) will issue an SSL certificate for a domain.

Add CNAME Record — This record creates an alias for another domain name, which DNS looks up. This is useful, for example, if you point multiple CNAME records to a single A record in order to simplify DNS maintenance.

  • Add DMARC Record — This record indicates the action for a mail server to take when it receives mail from this domain, but that message fails SPF and DKIM checks. If you select this option, the system creates a TXT record with a default DMARC record. The system also displays a form that allows you to specify the domain’s DMARC policy (None, Quarantine, or Reject), as well as the following optional parameters:
    • Add MX Record — This record allows you to route a domain’s incoming mail to a specific server. Changes that you make to a domain’s MX (Mail Exchanger) control where the system delivers email for a domain.

    • Add SRV Record — This record provides information about available services on specific ports on your server.

    • Add TXT Record — This record contains text information for various services to read. For example, TXT records can specify data for the SPF, DKIM, or DMARC email authentication systems. Click the links below to view examples of each TXT record:

  1. Enter the appropriate information for the record type that you selected.

  2. Click Add Record.

Edit a record

To edit a record, perform the following steps:

  1. Click Manage next to the domain you want to modify.

  2. Click Edit next to the record that you wish to edit.

  3. Change the information in the text boxes as necessary.

  4. Click Edit Record to save your changes, or click Cancel to discard them.

Delete a record

To delete a record, perform the following steps:

  1. Click Manage next to the domain you want to modify.

  2. Click Delete next to the record that you wish to remove.

  3. Click Delete in the confirmation dialog box.

Reset zone files

To reset your DNS zone files to the defaults that your hosting provider specifies, perform the following steps:

  1. If this account owns more than one domain, click Manage next to the domain that you wish to reset.

  2. Click the gear icon and select Reset Zone.

  3. Read the warning about the consequences.

  4. Click Continue to reset your zone, or Cancel to return to the Manage Zone interface.

DNSSEC

DNSSEC can protect clients from various forms of attack, such as spoofing or a Man-in-the-Middle attack. A DNS resolver will compare the DNS server’s DNSKEY record to the DS record at the registrar. If they match, then the DNS resolver knows that the record is valid.

DNSSEC uses digital signatures to strengthen DNS authentication. These digital signatures use public key cryptography to sign the DNS data. However, these digital signatures do not sign the DNS queries and responses.

In the Zone Editor interface, click DNSSEC in a domain’s row to display the DNSSEC interface.

For more information about DNSSEC, read our DNSSEC documentation.

Create a DNSSEC key

Quick DNSSEC key creation

To quickly create a pair of DNSSEC keys that most registrars will accept, perform the following steps:

  1. Click Create Key. A confirmation message will appear.

  2. Click Create. The DS Records interface will appear with the keys’ details.

Custom DNSSEC key creation

If you wish to create a customized key with a stronger algorithm, perform the following steps:

  1. Click Create. A confirmation window will appear.

  2. Click Customize. The Create DNSSEC Keys interface will appear.

  3. Select the desired key setup for the DNSSEC key:

    • Classic — Creates a ZSK (Zone Signing Key) and a KSK (Key Signing Key).

    • Simple — Creates a CSK (Combined Signing Key), which the system will use as both the ZSK and KSK.

  4. Select the desired algorithm from the Algorithm menu.

        5. Select whether to activate the newly-generated key.

       6. Click Create Key. The DNSSEC Key Details interface will appear with the key’s details.

To validate the DNSSEC configuration for a domain, use Verisign’s DNSSEC Anaylzer website.

Import DNSSEC key

To import a DNSSEC key for a domain, perform the following steps:

  1. Click Import Key. The Import DNSSEC Key interface will appear.

  2. Select the key type that you wish to import:

    • ZSK — Zone Signing Key.

    • KSK — Key Signing Key.

  3. Enter the key information in the Key text box.

  4. Click Import.

Keys table

The Keys table lists the DNSSEC security keys for the domain.

  • Key Tag — An integer value that identifies the domain’s DNSSEC record.

  • Key Type — Whether the key is a ZSK, CSK, or KSK.

  • Algorithm — The algorithm type that constructs the digest. Select the type that your registrar supports.

  • Created — The key’s creation date.

  • tatus — Whether the security key is active.
    • Actions

      • Activate — Activates the security key.

      • Deactivate — Deactivates the security key. This will not delete the security key.

      • View DS Records — Display DS records for your domain.

      • Delete — Delete the security key.

      • Public DNSKEY — Display the public DNSKEY record.

To delete a DNSSEC key, perform the following steps:

  1. Click Delete next to the appropriate record.

  2. Click Continue to confirm that you wish to delete the security record.

Subscribe To Our Newsletter

Get updates and learn from the best

More To Explore

Email

Email Deliverability in cPanel

Use this interface to identify problems with your mail-related DNS records for one or more of your domains. The system uses these records to verify that other servers can trust it as a sender.

Virus Scanner

Overview The Virus Scanner interface scans your cPanel account for security threats. If ClamAV® Virus Scanner identifies a security threat, the system prompts you to perform an

Do You Want To Boost Your Website?

Share your requirements with us and we will get in touch with you shorlty.

ask
anything...

Get in touch