Hi there! It seems, I facing issue similar to this:
TL;DR: I wanted to enable DNSSEC on my site, so I pressed “enable DNSSEC” button.
Then I found that TLD of my domain (.im) does not support DNSSEC, so I disabled DNSSEC by pressing “Cancel DNSSEC” button on CF.
But DNSKEY records are still on CF’s NSes after a 20+ hours.
This leads to resolving failures of my domain on, for example, systemd-resolved (systemd’s stub resolver): it sees DNSKEY on the domain and assumes it is DNSSEC-powered, but then it can’t find any other DNSSEC things and throws a failure.
Isn’t it any way to force CF to remove DNSKEY records?
Sorry for the trouble, @user5751, if you’re still having issues with this, can you contact Support and ask them to assist with removing these records?
To contact Cloudflare Customer Support, login & go to https://dash.cloudflare.com/?account=support and select get more help. Please give Support the complete details and link to your Community post and share the ticket number here.