I have a registered EU domain on OVH. From some days I can’t add DS record to my registar (even using API). I’m constantly getting the following error: Error while checking DNSKEYS for itholic.eu founded in name server ingrid.ns.cloudflare.com. What could I do in this situations?
DNSSEC from OVH is disabled and DNS servers from Cloudflare are fully propagated.
i have a similar issue i contact ovh and they comfirmed the same issue.
The following comment has been added to your support ticket by your support team:
We appreciate your patience with this case.
Our administrators have detected this error "Error while checking DNSKEYS for wglc.at founded in name server rachel.ns.cloudflare.com", they asked us if you checked that Cloudflare server with Cloudflare support.
If not, please check that DNS server with Cloudflare support, then we can relaunch the task from our side.
We will be waiting for your details.
The OVHcloud team
I have the exact same issue with domains that are register via OVH
I activate the DNSSEC on Cloudflare side and when I add the DS record on OVH side I get the exact same error.
Error while checking DNSKEYS for XXXX founded in name server kay.ns.cloudflare.com
I previously use Gandi in place of OVH and it was working well.
Do you have a clue on that issue ?
(I also ask to the OVH team and liked this issue on my ticket)
Thanks, it’s been 2 weeks for me and it’s driving me crazy.
Exact same error here in 2 different domain names registered at OVH. I used the API, I used their “DS Records” tab and everything ends with this error.
So far, the support has told me :
Suite aux vérifications, je constate que ces deux domaines pointent bien vers les DNS de Cloudflare.
wich I already knew and was nothing close to what I asked. After a full week without new answer I got today :
Je vous invite à annuler les opérations depuis ‘Opérations en cours’ sous ‘Nom domaine’ puis créer de nouveau les champs DNS en suivant ce process :
Les enregistrements DS contiennent les éléments de données suivants:
Key Tag: Une valeur numérique courte qui peut aider à identifier rapidement l'enregistrement DNSKEY référencé.
Algorithme: algorithme de l'enregistrement DNSKEY référencé.
Type Digest: algorithme de hachage cryptographique utilisé pour créer la valeur Digest.
Digest: une valeur de hachage cryptographique de l'enregistrement DNSKEY référencé.
Pour créer un nouvel enregistrement DS, cliquez avec le bouton droit de la souris sur une zone dans la liste de gauche Enregistrements DNS et sélectionnez “Autre nouvel enregistrement” dans le menu contextuel.
Ce type d’enregistrement est défini dans la RFC4034.
which I knew for the “DS records” part and doesn’t exist anywhere for the “fixing the problem” part.
I’m starting to question the choice of OVH as registrar even if I’ve never encountered any problem before.
Yes it’s driving me crazy too, and they gave me the same answer.
BTW it’s not even possible to do a right clic as they suggest on their manager interface.
I managed to have DNSSEC enabled but with the zoneDNS on OVH. this way it’s just a click in the manager interface. And when the zoneDNS is on OVH their is no way to manage the DS records.
I have the exact same issue, here. I did it with API of OVH, and same problem. I ask them and I have as an anwser
Following the checks carried out, I see that your domain name “margotdesign.ovh” is currently configured on Cloudflare’s DNS:
margotdesign.ovh. 86400 IN NS curt.ns.cloudflare.com.
margotdesign.ovh. 86400 IN NS oaklyn.ns.cloudflare.com.
For this, the update of the DNS fell in error.
You are trying to put DNS that are already configured.
Please cancel the operation from your customer area:
Click on “Domains” in the left column then on “Operations in progress”,
Click on “cancel the operation”
Regarding the activation of the DNSSEC service, the operation is canceled because the domain is not configured on our NS records.
Last answer from OVH
Puisque le DNSSEC est associé au domaine et la modification de la zone a la zone DNS. Il doivent donc être chez le même fournisseur.
Translate: OVH support team says that it’s not possible to have DNSSEC if your DNS zone and your domain are not on the same provider.
Yes I have exact same answer
Having read through the thread, it seems that the issue here is with OVH. Even though there is nothing technically preventing this, they do not seem to allow or understand DNSSEC configurations unless you are using them for DNS as well.
The weird thing is that I have 2 others domains that works perfectly, for the same configuration
After writing to support they asked me if I could delete the DS entry in Cloudflare. After that it was removed from Ovh’s website. Then I was allowed to reinsert the entry in Cloudflare and in ovh. But this via the customer panel in the DS TAB.
Now it is active and working.
I think they finally fixed their servers/process because today I was able to validate both DS Records I need for my domains via their API. I didn’t try with their web interface though.
But it’s fixed. Thanks all for your informations.
Yeah it is solved for me too