DNS Propagation Not Complete after 48 Hours

My domain is oldcodemarketing.com. The registrar for this domain is BlueHost. Last Saturday – August 5, 2023 – I imported this domain to Cloudflare and updated the registrar to use the assigned DNS servers. Almost immediately, my domain stopped working. I could use the nslookup and/or dig commands (macOS/Linux) to query the domain records as long as I pointed them at one of the Cloudflare name servers. However, no other DNS was recognizing my domain. So, I waited for the DNS change to propagate.

It has now been approximately 48 hours and DNS propagation is only at about 50% worldwide according to the DNS Propagation Checkers at both WhatsMyDNS.net and the DNS.org.

I think this might have something to do with the fact that DNSSEC was enabled at BlueHost when I started this process. However, I can not longer get to any DNS settings at BlueHost unless I change my DNS servers back. (Their telephone support pointed the finger at Cloudflare… :thinking:)

I also enabled DNSSEC at Cloudflare at the beginning of this process.

Can someone help me out of this mess?


That should be oldcodermarketing.com… sorry…

You need to disable DNSSEC

% whois oldcodermarketing.com | grep DNSSEC
   DNSSEC: signedDelegation
   DNSSEC DS Data: 20999 13 4 CB70568E4DB428598E5CAC8CEE2932DE032AD9D8A495929637C35F28E5044BB74B0E33CD4D38104E31AA336067AAA2E6
   DNSSEC DS Data: 20999 13 1 A9C9DCF46EA30CBF5978F28F089A10CCB3238B14
   DNSSEC DS Data: 20999 13 2 105FB5A9D0F586D381E2077A7FB3DFC177B0ED98A71439B1DDCBDD8DB20A78B2

At BlueHost or at Cloudflare or both?

You need to disable it at the registrar before changing the nameservers.

1 Like

OK. Off to try that. I’ll have to switch my nameservers back to Bluehost to edit any DNS settings there.

Don’t do that. It will only cause you needless delay. You aren’t editing any DNS settings. You are removing DNSSEC from your registrar. They are not related. Removing DNSSEC at the registrar removes the DNSSEC records from the parent zone, com. The records are not in your DNS zone.

1 Like

GAH! Too late. I already switched the dns servers at the registrar…

After switching the DNS Servers back to BlueHost, I found that, indeed, DNSSEC was enabled at BlueHost. So, I disabled DNSSEC, deleted my domain from Cloudflare and started over.I changed the DNS servers again to the Cloudflare DNS servers and things are starting to propagate… much faster than they did before… and I don’t have DNSSEC enabled this time at Cloudflare.


You really should. It’s a key security measure that should be viewed as standard.

To follow-up on my last post here, I think I have this resolved. Going back to the Bluehost DNS servers allowed me to turn off DNSSEC at Bluehost. I also deleted my domain from Cloudflare and added it back. Propagation seems to be going much more smoothly this time.

@epic.network, yes, definitely. Going without DNSSEC is simple a temporary situation to get DNS Propagation to complete.

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.