Yes, Total Uptime Cloud DNS fully supports Domain Name Security Extensions (DNSSEC).
You can find the full details on DNSSEC Implementation here.
DNSSEC (Domain Name Security Extensions) is an enhancement to standard DNS which has been around for a long time. It enhances DNS by creating a secure chain of trust and provides assurance to the requestor that the record received in a DNS response is legitimate and authorized.
It’s pretty simple. Domain owners sign their zone after creating it with their preferred DNS provider, or on an authoritative DNS Server (if self-hosting). They then take information created by the signing process (A DS or “Delegation Signer” record) which is based on the DNSKEY and provide it to the domain registrar. Most registrars have a panel for entering this configuration information. The registrar uses this information to create a chain-of-trust from the root servers (parent zone) down to the name servers authorized to serve the domain (child zone).
DNSSEC can only be used if the DNS resolver (often called a recursive DNS server or stub resolver) is security-aware and validates DNSSEC. This means it is configured to look for and validate the DNSSEC chain-of-trust. If it is, then it will only provide a DNS response if the zone both is DNSSEC signed and the chain is validated.
If a DNS resolver is not configured to look for the DNSSEC chain-of-trust, then it doesn’t matter if a zone is DNSSEC signed or not. It will provide an answer if one is available. If it is configured and the CD flag is not set to disable validation, the DNS resolver will provide a SERVFAIL response if the answer is not properly signed. If it is properly signed, the correct response will be returned.
If you have enabled DNSSEC on your zone, there are a few handy tools out there for testing. The most popular are Verisign Labs’ DNS Analyzer and Sandia National Laboratories’ DNSViz. They will give a very nice detailed response so you can better understand the chain-of-trust and confirm your domain is properly signed and functional.
There are a few. The most common consist of Google Public DNS (their 8.8.8.8 and 8.8.4.4 servers) as well as Cloudflare’s 1.1.1.1. There are others too which you’ll quickly find with an internet search.