I’d like to share about enabling DNSSEC on Cloudflare.

Preparation: Learning DNSSEC

I deepened my understanding of DNSSEC by reading the following articles introduced in Cloudflare’s DNSSEC 保護・DNSSECの自動プロビジョニング article.

• ユニバーサルDNSSEC
• DNSSECの仕組み
• DNSSECルート署名セレモニー
• ECDSA：DNSSECに欠けている部分
• DNSSECの複雑さと考慮点
• レジストラのDNSSEC
• Expanding DNSSEC Adoption

I also read the following articles to deepen my understanding of DNSSEC.

• インターネット10分講座：DNSSEC - JPNIC
• DNSSEC 関連情報 ～よくある質問～ / JPRS

Enabling DNSSEC on Cloudflare

After understanding DNSSEC, I enabled DNSSEC on Cloudflare.

DNSSEC protects against DNS response forgery. DNSSEC-protected zones are cryptographically signed to ensure the identity of DNS records received matches the DNS records published by the domain owner.

Clicking [Enable DNSSEC] will automatically enable DNSSEC for your domain within 24 hours.

####What DNSSEC does

For information about what DNSSEC does, see the following article: DNSSEC の機能

####How to test that DNSSEC is working on your website

Use https://dnsviz.net/d/example.com/dnssec/ to check if DNSSEC is working.

Since this site codenote.net also has DNSSEC enabled, you can check it at https://dnsviz.net/d/codenote.net/dnssec/.

Above, I enabled DNSSEC on Cloudflare. That’s all from the Gemba.