**Important:** DNSSEC cannot be fully activated for **.dk domains** directly through the Joker.com interface. To enable DNSSEC for your **.dk domain**, please follow the instructions provided [**HERE**](https://joker.com/faq/books/jokercom-faq-en/page/specific-cctlds-nameservers#bkmrk-adding-dnssec)
## DNSSEC Support at Joker.com Joker.com enables you to activate and configure DNSSEC for nearly all of your domains - most domain types (TLDs) do support DNSSEC. The only exceptions at Joker.com currently are .ws and .cn. **Please note:** Joker.com supports DNSSEC with standard Joker.com name servers as well as with domains that use external name servers - **for Joker.com nameservers:** To enable DNSSEC, please go to click on "DNS" next to your domain on your [dashboard](https://joker.com/faq/books/jokercom-faq-en/page/understanding-your-dashboard). There you will find the "**Enable DNSSEC**" button. If you then click on "**Save changes**", you are done! - **for DNSSEC with own or external name servers:** Please use our instructions below. To find out if your domain is working properly with DNSSEC, you may use the [DNSSEC Analyzer](http://dnssec-debugger.verisignlabs.com/ "DNSSEC Analyzer"). Resellers will find similar commands to operate DNSSEC using **DMAPI** and [**RPanel**](https://rpanel.io). ## How To use DNSSEC with a Joker.com Domain and a DNS Hosting Provider This is about: - you want to use DNSSEC with domains from Joker.com - you are using an **external name service**, like from a service provider, or your own To make this work, the domain has to be "linked" to the external name service: ##### 1. Set up the DNS zone and records at the DNS hosting provider Each DNS hosting provider has its own web interface and system for adding records. Here you have to create the zone records you need, like A records to add IPv4 addresses to a hostname. ##### 2. Still at the DNS hosting provider **sign the domain with DNSSEC**. This of course requires, that your DNS provider support DNSSEC. The end result is that you have a **signed domain with a DS record**. You will need this information (DS record) later at **Joker.com**. ##### 3. At Joker.com [**Change the name servers**](https://joker.com/faq/books/jokercom-faq-en/page/adding-name-servers-to-your-domain#bkmrk-1.-on-your-dashboard) for the domain to point to the name servers of the DNS hosting provider. It should look like this now:  This change may take some time to propagate through the larger DNS infrastructure. Until the name server change has fully propagated, people may still see DNS records coming from the previous name servers. **At this point, you have a domain signed with DNSSEC at the DNS hosting provider, and you have changed the records at Joker.com to point to the name servers of the DNS hosting provider.** Almost done! If you now run your domain through the [**DNSSEC analyzer tool**](https://dnssec-analyzer.verisignlabs.com/ "https://dnssec-analyzer.verisignlabs.com/"), you will still see a problem: "***No DS records found***" This means, you still have to create a so-called ***Delegation Signer (DS)*** record at **Joker.com**. ##### 4. Create DS record at Joker.com - again, visit Joker.com, click "Modify" next to your domain name - You will now find your name servers listed and a DNSSEC section:  - click on '' at section **DNSSEC** - it will then look like this - please check if the information corresponds with what you got in step 2 above:  -