DNSSEC

DNSSEC is the abbreviation for 'Domain Name System Security Extensions'. It is a set of extensions to the domain name system (DNS), basically to allow clients to verify the authenticity and integrity of DNS records.

For a domain to make use of DNSSEC, the following is needed:

the domain type (TLD) needs to support DNSSEC (i.e. the registry)
the registrar of the domain needs to allow to activate and configure DNSSEC for a domain
the configured nameservers need to support DNSSEC
the clients (e.g. browsers) need to make use of DNSSEC

You may have a look at Wikipedia or this short tutorial as starters for reading more about these topics.

DNSSEC Support at Joker.com

Joker.com enables you to activate and configure DNSSEC for nearly all of your domains - most domain types (TLDs) do support DNSSEC. The only exceptions at Joker.com currently are .ws and .cn.

Please note: Joker.com supports DNSSEC with standard Joker.com name servers as well as with domains that use external name servers

for Joker.com nameservers: To enable DNSSEC, please go to click on "DNS" next to your domain on your dashboard. There you will find the "Enable DNSSEC" button. If you then click on "Save changes", you are done!
for DNSSEC with own or external name servers: Please use our instructions below.

To find out if your domain is working properly with DNSSEC, you may use the DNSSEC Analyzer.

Resellers will find similar commands to operate DNSSEC using DMAPI and RPanel.

How To use DNSSEC with a Joker.com Domain and a DNS Hosting Provider

This is about:

you want to use DNSSEC with domains from Joker.com
you are using an external name service, like from a service provider, or your own

To make this work, the domain has to be "linked" to the external name service:

1. Set up the DNS zone and records at the DNS hosting provider

Each DNS hosting provider has its own web interface and system for adding records. Here you have to create the zone records you need, like A records to add IPv4 addresses to a hostname.

2. Still at the DNS hosting provider

sign the domain with DNSSEC. This of course requires, that your DNS provider support DNSSEC.

The end result is that you have a signed domain with a DS record. You will need this information (DS record) later at Joker.com.

3. At Joker.com

Change the name servers for the domain to point to the name servers of the DNS hosting provider.

It should look like this now:

change name servers

This change may take some time to propagate through the larger DNS infrastructure. Until the name server change has fully propagated, people may still see DNS records coming from the previous name servers.

At this point, you have a domain signed with DNSSEC at the DNS hosting provider, and you have changed the records at Joker.com to point to the name servers of the DNS hosting provider.

Almost done!

If you now run your domain through the DNSSEC analyzer tool, you will still see a problem: "No DS records found"

This means, you still have to create a so-called Delegation Signer (DS) record at Joker.com.

4. Create DS record at Joker.com

again, visit Joker.com, click "Modify" next to your domain name
You will now find your name servers listed and a DNSSEC section:

change name servers

click on '' at section DNSSEC
it will then look like this - please check if the information corresponds with what you got in step 2 above:

change name servers

tag is derived from the key (provided by DNS operator)
digest type is 1 (SHA-1, deprecated) or 2 (SHA-256)
digest itself: up to 40 hex digits for SHA-1 and up to 64 hex digits for SHA-256
Press "save", and you are done - DNSSEC is enabled on your domain.

5. Finally, verify that DNSSEC works

using a tool such as Verisign Labs’ DNSSEC Analyzer. It should show nice green check marks now - but please keep in mind, that your changes will take some time until they become active.

Having followed these steps, you have DNSSEC working on a domain registered with Joker.com, using name servers from an external name service provider.

Meanwhile, there is good news: You now also are able to use DNSSEC with the regular Joker.com name servers as well, free of charge! This of course is probably much simpler for you, since you do not have to maintain external name server records, and you can make use of DNSSEC fully integrated into Joker.com's web portal.

What is a Domain Name?

What is a Domain Name Registrar?

Who is a Domain Registrant?

What is TLD or Top-Level Domain?

What are Domain Contacts?

What is the Domain Status?

What is Domain Name Service (DNS)?

What are IDN Domains?

What is a Premium Domain Name?

Life Cycle of a Domain

Setting up Your Joker.com Account

What is Two Factor Authentication?

Change and Recover Your Password

Understanding Your Dashboard

Roles and Permissions

Becoming a Reseller

Payment Methods and Invoicing

Possible Problems With Credit Cards

Restore Access to Your Account

Deleting Your Joker.com Account

I Don't See My Domain

Registering a Domain Name

Privacy Services

Adding Privacy Services

Domain Trustee Service

Cancel a Domain Name Registration

Domain Management Section

Domain Renewal

Domain Has Expired - What to Do?

The Redemption Grace Period (RGP)

Deletion of a Domain

Creating and Modifying Contacts

Premium Domain Name Registration

Whois Data Accuracy

Additional Information for Specific TLDs

Adding Name Servers to Your Domain

Creating and Modifying Your Own Nameservers

DNS Records Supported by Joker.com Nameservice

Joker.com Name Service: Adding DNS Records

URL Forwarding and E-mail Forwarding

Dynamic DNS (DynDNS)

DNSSEC

Let's Encrypt SSL Certificates

Specific ccTLDs: Nameservers

Transferring Domains to Joker.com

Bulk Transfer

Internal Transfer

Change of Registrant Procedure

Transferring Domains Away From Joker.com

UDRP Procedures

Specific ccTLDs: Transfers

Responsibilities Of Joker.com Customer

How to Open a Support Ticket: A Checklist

Reporting Domain Name Abuse

DNSSEC

DNSSEC Support at Joker.com

How To use DNSSEC with a Joker.com Domain and a DNS Hosting Provider

1. Set up the DNS zone and records at the DNS hosting provider

2. Still at the DNS hosting provider

3. At Joker.com

4. Create DS record at Joker.com

5. Finally, verify that DNSSEC works