DNSSEC error

I enabled DNSSEC on 3 domains of mine; all registrar’d at Google Domains.

2 of the 3 work fine w/out errors; I enabled all 3 the exact same way. 1 of the domains is giving this error using the DNS Analyzer though:


Any ideas why?

What is the domain name?

Have you checked with the tools:

Cloudflare offers DNSSEC with a click.
But, your domain registar needs to support Algorithm 13.

You cannot add KSK to Cloudflare DNS (257), neither any other (older, unsupported, not recommended) algorithm value, if so.

Apart from algorithm 8 all these algorithms either must not be implemented to begin with or are not recommended, whereas the algorithm in question is actually a mandatory one.

Are you sure there is no typo error while copy-pasteing the value for DS record while adding it to the desired domain at Google Domains?

From the screenshot above, you have two DS records for your domain?

As far as .rocks TLD supports DNSSEC as stated:



The domain is a private one so I don’t want to paste it here, but I I added it the exact same way as the other two that give no errors. The only difference between it and the other 2 is they are .com and this is .rocks.

All 3 of them say DNSSEC was successfully enabled. Oddly, while the 2 .com show no errors at
dnsviz.net (which is where the .rocks site does show the error), the .rocks site shows no errors at dnssec-debugger.verisignlabs.com

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.