Today Cloudflare just rolled out DNSSEC for all customers. This means that the complex process of enabling it yourself has no longer been placed on your shoulders.
CloudFlare launched just five years ago with the goal of building a better Internet. That’s why we are excited to announce that beginning today, anyone on CloudFlare can secure their traffic with DNSSEC in just one simple step.
This follows one year after we made SSL available for free, and in one week, more than doubled the size of the encrypted web. Today we will do the same with DNSSEC, and this year, we’ll double the size of the DNSSEC-enabled web, bringing DNSSEC to millions of websites, for free.
If DNS is the phone book of the Internet, DNSSEC is the unspoofable caller ID. DNSSEC ensures that a website’s traffic is safely directed to the correct servers, so that a connection to a website is not intercepted by a man-in-the-middle.
I enabled it this morning and it took me about five minutes. The only drawback was that I wasn’t able to enable DNSSEC on my .co and .supply domains because I couldn’t select algorithm 13 for both domains.
As of November 10th 2015. GoDaddy only supports algorithm 12 for .co domains, and algorithm 8 for .supply domains.
Other than that, everything else went smoothly. I contacted CloudFlare about the discrepancy between different domain extensions and their DNSSEC algorithms to see if there’s anything they can do. But unfortunately, I can foresee them pointing me in the direction of Godaddy’s support team. And if that’s the case, wish me luck 😀
Update: Dani from CloudFlare just replied back. Apparently GoDaddy only supports algorithm 13 for .com and .net domains. Classic Godaddy.