DNSSEC (The Domain Name System Security Extensions) establishes a chain of trust from the root key which signed by ICANN (.) and down through each key. Given DNSSEC is enabled and an ETH address is put into the subdomain of the domain you own (eg: _ens.yourdomain.tld), ENS manager allows anyone to submit the hash of the chain to DNSSEC Oracle smart contract
When you first land on ENS manager, you will see something like below.
If your DNS provider already supports DNSSEC-signed domains, all you do is to enable the option on the DNS manager. If they don’t, you’ll need to migrate to someone who does.
We recommend either EasyDNS or Google Cloud DNS. EasyDNS’s setup guide for DNSSEC is here, while Google’s is here. Whatever provider you need, make sure you select RSA signatures and SHA256 hashing to not incur the high gas fees of trying to link your ENS name with ECDSA keys.
- Native ENS integration
- RSA/SHA-256 / ECDSA
- ECDSA only
- No DNSSEC support
- Wordpress when used as the DNS provider.
The DNS Registrar on ENS looks for a TXT record with a specific name and format in order to verify what Ethereum address should be given ownership of the domain. To claim ownership of mydomain.xyz, create a TXT record in your DNS zone, _ens.mydomain.xyz, with text data of the form a=0x1234... where 0x1234... is the Ethereum address you want to give control of the ENS record to.
Once you get to this stage, you can complete the rest from ENS manager. Simply press "Register" and send the transaction.
