hi, last Friday Nov 18 I changed the nameservers at my client’s registrar not realizing that there were DS records that needed to be deleted. I just found out today after reading many docs.
I do have access to the registrar and I can see the old DS records. I’m not sure if I delete those DS records if anything will happen to their website, like going down.
Is it too late to delete the old DS records at the registrar now that Cloudflare is controlling the DNS?
Hello there,
As long as the nameservers are intact, those records shouldn’t let down the site if I’m correct
Not too late I assume.
Thanks for your reply but it doesn’t sound like you’re 100% sure.
Is there anyone who can explain what will happen if I now go back in and delete the DS record?
My fear is that the DNS will not get signed by anyone – registrar nor Cloudflare – and the entire site will go down.
Can anyone confirm this?
Removing the DS record will just ensure that any DNSSEC-respecting resolver will no longer attempt to validate the DNS responses, thus it won’t cause any downtime removing it, you just won’t get the benefit of DNSSEC once you remove it.
Note that having your domain set up with the wrong DS record (as you do right now) will prevent some clients from resolving your domain, so you should fix this by removing the DS record as soon as you can. This will also prevent Certificate Authorities such as those used by Cloudflare’s Universal SSL from validating certificates and issuing them for your domain, so it will also probably stop SSL from working for your domain until you fix your DNSSEC configuration one way or the other.
What I’d recommend is removing the DS record right now and then enabling DNSSEC on Cloudflare by following this guide:
Thanks so much Simon! I greatly appreciate you taking the time to respond and explain.
I’ll go over this information you provided and hopefully all will be good in the land of DNS.
I’m happy to report this fixed the problem, and now, once again, everything in DNS land is wonderful.
Thanks again Simon.
Wherever you are in the world, take the rest of the day off!!!
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.