How to setup DNSSEC for DNS records on AWS

Question

Model:

I have my domain registered in provider subreg.cz and he have ability of DNSSEC. I am pointing domain to AWS Route 53 with AWS nameservers. Trying setup DNSSEC on DNS records. Without any success.

Why I am doing it?

I have for domain ALIAS on AWS Cloudfront with offered certificate.

I want enable DNSSEC for this ALIAS and don't know what is the best way without loosinng possibility of Certificate.

Can you please, share your suggestions, how I can achieve solution?

score 2 · Answer 1 · answered Jan 08 '21 at 19:55

2

DNSSEC is now supported by AWS Route 53 for both DNSSEC signing (Hosting service) and domain registration (Registrar service).

answered Jan 08 '21 at 19:55

chenrui

4,410
1
21
34

score 1 · Accepted Answer · answered Jan 03 '20 at 13:55

1

Sadly, Amazon AWS' Route 53 service does not, currently, support your workflow.

Route 53 supports DNSSEC for domain registration but does not support DNSSEC for DNS service.(from AWS Route 53 Support docs)

answered Jan 03 '20 at 13:55

Shai

138
5

score 0 · Answer 3 · answered Jan 08 '21 at 23:01

0

(click) your hostedzone -> DNSSEC signing tab -> Enable DNSSEC signing

answered Jan 08 '21 at 23:01

David Webster

1,496
1
11
22

How to setup DNSSEC for DNS records on AWS

3 Answers3