DNSSEC is a security extension of the DNS protocol. It digitally signs the information published by DNS with a set of cryptographic keys, making it harder to fake, and thus more secure.
The interface for managing DNSSEC is available on the management page of your domain name. If your extension is eligible, you will find a link called “Manage DNSSEC” in the “Name Servers”, section, in the bottom right. You must first generate your keys. The most common method is to use the command-line tool called dnssec-keygen, distributed by the SAI, which you can run in a console session. Tutorials are available online that describe the use of this command.
Once you have generated your key, please test the server to be sure that it is working properly before continuing. When you are sure that it is behaving as expected, then submit the public key to the Registry, via the interface at Gandi:
The system will validate your key, and then send it to the registry associated with your domain name.
We left open the possibility of injecting up to 4 keys via the interface at Gandi. Obviously, it is possible to delete a given key at any time. When at least one key is active, you can simply add a new one just below the last.
Once your key is accepted by the registry, signed DNS requests will be honored.
This list has been moved to our v5 wiki at the following page: https://docs.gandi.net/en/domain_names/advanced_users/dnssec.html