As we all knows, to enable DNSSEC for a domain, the steps below are performed.
- Click the ‘Enable DNNSEC’ button.
- CloudFlare wants me to upload the DS record to my registrar.
- Then after a few moments after Step 2 was performed, DNSSEC is enabled for the domain.
But for MyNIC .my domains, to enable DNSSEC, the steps below are performed.
- Enable DNSSEC for a .my domain by agreeing to a Term of Service and ticking the ‘Enable’ checkbox.
- Then, go to the registrar’s control panel and retrieve the DS record from the domain’s nameserver.
- Then, manually choose the retrieved DS record and then publish them myself.
- Wait for a while, for DNSSEC is enabled for the domain. This seems to happen hourly.
In other words, Cloudflare and MyNIC workflows are not compatible with each other at all. Cloudflare will not enable DNSSEC until after the DS record has been uploaded to the registrar, and MyNIC will not enable DNSSEC until their system can retrieve from Cloudflare’s nameservers.
Is there anything that can be done to enable DNSSEC for .my domains hosted by Cloudflare? Thanks.