diff --git a/config/locales/en.yml b/config/locales/en.yml
index 2c8062629..a37e6eda0 100644
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -244,6 +244,7 @@ en:
     codes:
       domain_validation: 'Domain validation'
       domain_general: 'Domain general'
+      dnskeys: 'DNS keys'
 
   settings:
     codes:
@@ -251,6 +252,10 @@ en:
       ns_max_count: 'Nameserver maximum count'
       dnskeys_min_count: 'DNS keys minimum count'
       dnskeys_max_count: 'DNS keys maximum count'
+      allow_ds_data: 'Allow DS data'
+      allow_ds_data_with_keys: 'Allow DS data with keys'
+      allow_key_data: 'Allow key data'
+      ds_algorithm: 'DS algorithm'
 
   shared:
     code: 'Code'
diff --git a/db/migrate/20141008134959_add_dnskey_settings.rb b/db/migrate/20141008134959_add_dnskey_settings.rb
new file mode 100644
index 000000000..19ae9868f
--- /dev/null
+++ b/db/migrate/20141008134959_add_dnskey_settings.rb
@@ -0,0 +1,9 @@
+class AddDnskeySettings < ActiveRecord::Migration
+  def change
+    sg = SettingGroup.create(code: 'dnskeys')
+    sg.settings << Setting.create(code: 'ds_algorithm', value: 1)
+    sg.settings << Setting.create(code: 'allow_ds_data', value: 1)
+    sg.settings << Setting.create(code: 'allow_ds_data_with_keys', value: 1)
+    sg.settings << Setting.create(code: 'allow_key_data', value: 1)
+  end
+end
diff --git a/db/schema.rb b/db/schema.rb
index a3e7eaba6..1105d71f5 100644
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -11,7 +11,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 20141006130306) do
+ActiveRecord::Schema.define(version: 20141008134959) do
 
   # These are extensions that must be enabled in order to support this database
   enable_extension "plpgsql"
diff --git a/spec/epp/epp_helper_spec.rb b/spec/epp/epp_helper_spec.rb
index 79f13ec37..b713856c9 100644
--- a/spec/epp/epp_helper_spec.rb
+++ b/spec/epp/epp_helper_spec.rb
@@ -16,19 +16,21 @@ describe 'EPP Helper', epp: true do
                   <domain:hostObj>ns2.example.net</domain:hostObj>
                 </domain:ns>
                 <domain:registrant>jd1234</domain:registrant>
-                <domain:dnssec>
-                  <domain:dnskey>
-                    <domain:flags>257</domain:flags>
-                    <domain:protocol>3</domain:protocol>
-                    <domain:alg>5</domain:alg>
-                    <domain:pubKey>AwEAAddt2AkLfYGKgiEZB5SmIF8EvrjxNMH6HtxWEA4RJ9Ao6LCWheg8</domain:pubKey>
-                  </domain:dnskey>
-                </domain:dnssec>
                 <domain:contact type="admin">sh8013</domain:contact>
                 <domain:contact type="tech">sh8013</domain:contact>
                 <domain:contact type="tech">sh801333</domain:contact>
               </domain:create>
             </create>
+            <extension>
+            <secDNS:create xmlns:secDNS="urn:ietf:params:xml:ns:secDNS-1.1">
+              <secDNS:keyData>
+                <secDNS:flags>257</secDNS:flags>
+                <secDNS:protocol>3</secDNS:protocol>
+                <secDNS:alg>5</secDNS:alg>
+                <secDNS:pubKey>AwEAAddt2AkLfYGKgiEZB5SmIF8EvrjxNMH6HtxWEA4RJ9Ao6LCWheg8</secDNS:pubKey>
+              </secDNS:keyData>
+            </secDNS:create>
+            </extension>
             <clTRID>ABC-12345</clTRID>
           </command>
         </epp>
@@ -52,19 +54,21 @@ describe 'EPP Helper', epp: true do
                   <domain:hostObj>ns2.test.net</domain:hostObj>
                 </domain:ns>
                 <domain:registrant>32fsdaf</domain:registrant>
-                <domain:dnssec>
-                  <domain:dnskey>
-                    <domain:flags>257</domain:flags>
-                    <domain:protocol>3</domain:protocol>
-                    <domain:alg>5</domain:alg>
-                    <domain:pubKey>AwEAAddt2AkLfYGKgiEZB5SmIF8EvrjxNMH6HtxWEA4RJ9Ao6LCWheg8</domain:pubKey>
-                  </domain:dnskey>
-                </domain:dnssec>
                 <domain:contact type="admin">2323rafaf</domain:contact>
                 <domain:contact type="tech">3dgxx</domain:contact>
                 <domain:contact type="tech">345xxv</domain:contact>
               </domain:create>
             </create>
+            <extension>
+            <secDNS:create xmlns:secDNS="urn:ietf:params:xml:ns:secDNS-1.1">
+              <secDNS:keyData>
+                <secDNS:flags>257</secDNS:flags>
+                <secDNS:protocol>3</secDNS:protocol>
+                <secDNS:alg>5</secDNS:alg>
+                <secDNS:pubKey>AwEAAddt2AkLfYGKgiEZB5SmIF8EvrjxNMH6HtxWEA4RJ9Ao6LCWheg8</secDNS:pubKey>
+              </secDNS:keyData>
+            </secDNS:create>
+            </extension>
             <clTRID>ABC-12345</clTRID>
           </command>
         </epp>
@@ -109,9 +113,8 @@ describe 'EPP Helper', epp: true do
         period: nil,
         ns: nil,
         registrant: nil,
-        _other: nil,
-        dnssec: nil
-      })
+        _other: nil
+      }, false)
 
       generated = Nokogiri::XML(xml).to_s.squish
       expect(generated).to eq(expected)
diff --git a/spec/support/epp.rb b/spec/support/epp.rb
index ac23f8edd..9555fe976 100644
--- a/spec/support/epp.rb
+++ b/spec/support/epp.rb
@@ -52,7 +52,7 @@ module Epp
 
   ### REQUEST TEMPLATES ###
 
-  def domain_create_xml(xml_params = {})
+  def domain_create_xml(xml_params = {}, dnssec_params = {})
 
     defaults = {
       name: { value: 'example.ee' },
@@ -62,16 +62,6 @@ module Epp
         { hostObj: { value: 'ns2.example.net' } }
       ],
       registrant: { value: 'jd1234' },
-      dnssec: [
-        {
-          dnskey: {
-            flags: { value: '257' },
-            protocol: { value: '3' },
-            alg: { value: '5' },
-            pubKey: { value: 'AwEAAddt2AkLfYGKgiEZB5SmIF8EvrjxNMH6HtxWEA4RJ9Ao6LCWheg8' }
-          }
-        }
-      ],
       _other: [
         { contact: { value: 'sh8013', attrs: { type: 'admin' } } },
         { contact: { value: 'sh8013', attrs: { type: 'tech' } } },
@@ -81,6 +71,17 @@ module Epp
 
     xml_params = defaults.deep_merge(xml_params)
 
+    dsnsec_defaults = {
+      keyData: [
+        flags: { value: '257' },
+        protocol: { value: '3' },
+        alg: { value: '5' },
+        pubKey: { value: 'AwEAAddt2AkLfYGKgiEZB5SmIF8EvrjxNMH6HtxWEA4RJ9Ao6LCWheg8' }
+      ]
+    }
+
+    dnssec_params = dsnsec_defaults.deep_merge(dnssec_params) if dnssec_params != false
+
     xml = Builder::XmlMarkup.new
 
     xml.instruct!(:xml, standalone: 'no')
@@ -91,6 +92,11 @@ module Epp
             generate_xml_from_hash(xml_params, xml, 'domain')
           end
         end
+        xml.extension do
+          xml.tag!('secDNS:create', 'xmlns:secDNS' => 'urn:ietf:params:xml:ns:secDNS-1.1') do
+            generate_xml_from_hash(dnssec_params, xml, 'secDNS')
+          end
+        end if dnssec_params != false
         xml.clTRID 'ABC-12345'
       end
     end