On my Cloudflare dashboard, it says that my website is protected with DNSSEC.
But DNSSEC is not properly working, and my website is not reachable.
Based on troubleshooting, keys are not signed properly and algorithm is different. I would like to get a confirmation because I contacted my domain registrar, and they said that they have nothing wrong on their end, and they asked me for my DNS records and based on the setup nature I think they did something wrong.
Please, all I want is a confirmation from you if anyone has a good knowledge about this topic.
Thank you so much.
Yes, the DS record at your registrar is broken for both domains.
$ dig +short @a.tld.ma byte.ma DS
257 5 2 F8B704D2365728F79F2C59383691CD40164080C715FCE03BB518ECE8 DA5DAA19
$ dig +short @a.tld.ma pie.ma DS
2371 5 2 552F16F904AEF9080414A6F2D9968C319E731519522CFE4EE9A3BECC 5E6D52F8
You, respectively your registrar, need to enter what Cloudflare provided on the DNSSEC screen. In the case of
pie.ma it’s at least the algorithm which is incorrect.
Thank you so much, I will inform my domain registrar about what you mentioned and see what they can say about it. I appreciate your time and efforts.
You can check it yourself too
The returned values need to match exactly the values on Cloudflare’s screen.
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.