Setting up DNSSEC with subdomains and forwarding

I am setting up DNSSEC for our websites (via Cloudflare and our registrar Namecheap), but I cannot find clear information about if I need to do something separately for the subdomains that are forwarded to the main website.

For example, I set up DNSSEC for the website example.com, but we have a few old domains that we now forward all traffic to this domain (e.g. olddomain*(dot)com and olderdomain(dot)*com). The redirects happen through our web hosting company (Kinsta). Should I set up DNSSEC for these forwarded domains via Cloudflare and the domain registrar even though they get forwarded?

Additionally, we have a subdomain of the main domain let’s call it https://sub.example.com. This domain is a separate Wordpress installation from the main domain. Do we need to do anything special with the DNSSEC to support this?

DNSSEC applies to example.com’s authoritative DNS server. It’s the link between the domain registry and DNS for your domain. All subdomains are included (but don’t ask me about delegating a subdomain away to some other DNS…dunno if that’s impacted). It has nothing to do with any old domains, or any domain that forwards to your domain. Or any domain you forward to.

Every domain is independent with DNSSEC. It’s up to you if you want to activate DNSSEC for other domains.

2 Likes

It isn’t a problem.

If you delegate a subdomain away using NS records and want DNSSEC there then you also need to set up DNSSEC entirely separately for the subdomain. But only if you want it, if you just create NS records everything works fine, but those delegations remain insecure.

1 Like

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.