How to set up DNSSEC for the .LY domain

DNSSEC adds an extra layer of authentication to DNS, making sure that visitors go to your domain instead of a spoofed domain.

To configure DNSSEC, first you need to enable DNSSEC for your domain by your DNS Provider. 

If you are using Libyan Spider Premium DNS cloud service, your DNS will be automatically configured after enabling DNSSEC in the Client Area.

If you are using another DNS provider for your domain, you should be able to enable DNSSEC from your provider control panel, and then add a DS record at your domain registrar.


Premium DNS Cloud is a paid service that needs subscription. DNS Manager is available as a Client Area feature only if you have ordered the service.

Setup using Libyan Spider DNS service

  1. Log in to your Client Area account.
  2. Go to Domains > My Domains.
  3. From My Domains list, click on the domain you want to enable DNSSEC for.
  4. In the Manage side menu, click on DNS Manager.
  5. Click on the Enable DNSSEC button.
  6. After enabling DNSSEC successfully, your configuration will be done automatically.

Setup using other DNS provider

In this example, we are using Cloudflare DNS, but the general steps are similar to most providers. If in doubt, please contact your DNS provider customer support.

Step 1 – Enable DNSSEC with your DNS Provider

By enabling DNSSEC first in the Cloudflare dashboard, you’re asking Cloudflare to generate the data necessary for adding a delegation signer (DS) record to your domain at the registrar. To obtain the Cloudflare DS record data:

  1. Log in to the Cloudflare dashboard.
  2. Ensure the website for the DS record you need is selected.
  3. Click the DNS app.
  4. Scroll down to the DNSSEC panel.
  5. Click Enable DNSSEC. You will see a dialog informing you that your configuration is pending until the DS record is added at your registrar.
  6. Next, click to expand the DS Record dropdown in the DNSSEC panel.
  7. Copy the DS Record fields for Step-2

Step 2 – Add the DS record to your registrar

To complete your DNSSEC configuration, it is necessary for your domain to have a DS record in your domain DNS configuration at the registrar. To complete this step:

  1. Log in to your Client Area account.
  2. Open a new Support Ticket requesting to configure DS records for your “.LY” domain. Please include the following information obtained from Step-1 above:
    • Domain Name (Required)
    • DS Record (Required)
    • Digest (Required)
    • Digest Type (Required)
    • Algorithm (Required)
    • Public Key (Optional)
    • Key Tag (Required)
  3. Once your support ticket is processed, you will receive confirmation that DNSSEC has been configured for your “.LY” domain

Step 3 – Verification (Optional)

After you receive confirmation that DNSSEC has been configured for your domain, please allow enough time for DNS propagations to complete, this might take up to 4 hours.

You can use an online tool for DNSSEC validation such as DNSSEC Analyzer to test and verify the configuration for your domain from both the DNS Provider and the Registrar side.

Share this:
FacebookTwitterWhatsAppViberCopy LinkTelegramLinkedIn
Updated on October 8, 2023
Was this article helpful?

Related Articles

Need Support?
Can't find the answer you're looking for?
Contact Support