DNSSEC

Application Security
DNSDNSSEC

Last Updated: April 2025

Overview

Cloudflare offers comprehensive DNS solutions as an Authoritative DNS Provider including Full DNS Setup, CNAME Setup, and Secondary DNS. The globally distributed Anycast network consistently ranks among the fastest DNS providers worldwide. Additionally, DNSSEC adds an extra layer of authentication to DNS, preventing domain spoofing, while DNS Analytics provides detailed insights into your DNS traffic.

NSEC3

Cloudflare's implementation of negative answers with NSEC is protected against zone walking. This implementation removes the need for NSEC3 and has been proposed as an IETF standard. If you must use NSEC3 for compliance reasons, you can enable it via API.

Visit Demo

DNSSEC Settings

Zone DNSSEC Dashboard Settings

DNS Analytics

Public DNS Resolver - Query Examples

Cloudflare also offers a public DNS resolver 1.1.1.1.

DNS Query via DNS over HTTPS (DoH) - JSON Response 

curl -H 'accept: application/dns-json' 'https://cloudflare-dns.com/dns-query?name=automatic-demo.com&type=A' | jq .

DNS Query via DoH - Headers Response

curl -I --doh-url https://cloudflare-dns.com/dns-query https://automatic-demo.com