1 minute read

It seems a general thing that if your using IONOS as your domain registrar enabling DNSSEC in Cloudflare is frustratingly difficult with the main recommend way according to the official IONOS documentation is to e-mail to setup DNSSEC. There is another way which is to use the API.

To begin manage your API key using the developer portal. If you get a message sayings its not enabled on your account, follow the instructions to enable it. There is no charge at the time of writing.

API Developer Window

Once you have your API get you can either use CURL or simply use this web builder if your just doing a single domain. The web builder example did not work for me when using Cloudflare I had to include additional attributes. Below is the schema with an example.

  "secDns": {
    "dsData": [
        "keyTag": 2371,
        "alg": 13,
        "digestType": 2,
        "digest": "E127287FCA4E940B8F667931A1C7594DA3C927BFF70C4A350FB732C1F0CA7E75",
        "keyData": {
          "flags": 257,
          "protocol": 3,
          "alg": 13,
          "pubKey": "mdsswUyr3DPW132mOi8V9xESWE8jTo0dxCjjnopKl+GqJxpVXckHAeF+KkxLbxILfDLUT0rAK9iUzy1L53eKGQ=="

You can match all the information using the data in the Cloudflare control panel. The digest type should be submitted to IONOS as 2 rather than 256.


While this method is not the easiest compared to some providers, its arguably far easier and faster than doing it over e-mail.

Leave a comment