Steps to enable DNSSEC for zones hosted on ManageEngine CloudDNS
DNSSEC is available on all plans except the free plan. CloudDNS lets you enable DNSSEC for your Primary GeoDNS zones instantly with just a single click.
Get into a Primary GeoDNS zone file by clicking on the zone name for which you'd like to enable DNSSEC.
To enable DNSSEC, click on the DNSSEC button with the icon of an opened lock on the top right corner.
The CloudDNS portal deploys DNSSEC online signing to sign the DNS responses of a particular zone. Click on the Sign button.
After the domain of your choice is signed successfully, a DNSKEY record, a DS record are created automatically within the zone. CloudDNS displays the DNSSEC key tag, algorithm, digest type, digest under DS Records, flags along with a public key, Key Signing Keys(KSK), Zone Signing Keys(ZSK) associated with the particular zone. Copy these details in your clipboard as you'll need these details to update your registrar.
You can also see the Unsign button with a closed lock on the top right corner indicating DNSSEC is enabled for the zone. Once DNSSEC online signing is enabled on a zone and the appropriate information is given to your registrar, DNSSEC supporting resolvers will begin to validate DNS responses returned by CloudDNS nameservers.
You can also revoke DNSSEC for a particular zone by clicking the Unsign button at the top right corner.