DNSSEC is pending while we wait for the DS to be added to your registrar

Here is the status.


My domain wert.ws was bought at internetbs.net at 2021-01-03.

About DNSSEC, they told me:

Staff:
You are using CloudFlare nameservers for your domain name, and you should be adding the DNSSEC records with them

Me:
Are you sure? I believe “No DS records found for wert.ws in the ws zone” means registrar has to do something.

Staff:
As the NS and Zone record for the domain name is being provided by CloudFlare, you will have to add it with them.
Also, the DNSSEC records you have added with us updated fine.

Looks like they have done their part.
Am I wrong? How can I “adding the DNSSEC records with CloudFlare”?

It sounds like you went through the steps. As long as you added the correct DNSSEC info at your registrar, it shouldn’t say Pending for more than a day.

You may want to double-check the DNSSEC data in the Cloudflare Dashboard and make sure it matches what you added at your registrar.

Yes I have checked many times, every string matched except TTL.
CloudFlare shows me 3600, but after I added it to the setting page provided by Internetbs, it changes to 86400.

I have also waited for a few days already.

How can I know if Internetbs really done their jobs except their statement?

Yes, I have also enabled DNSSEC for another domain by same steps with another registrar.
It only took a few minutes.

Can’t figure out why it becomes a totally different story at Internetbs.

This is what happening.
After page reloading, TTL was changed from 3600 to 86400.

Does TTL matter for DNSSEC?

DNSSEC is a special DNS record, so TTL does matter. Instead of caching/verifying any changes every 1 hour, it will be 24 hours. Not a big deal if DNSSEC is correctly set, but if you want to disable or change it, you’ll need to plan a day in advance. Usually disable it in preparation for a name server change.

I got reply from “Level 2 Support Team” of InternetBS.

Dear xxxx,

Sorry but currently we do not support DNSSEC for .ws domain names under us and hence you see the error.

Best regards,

I have requested support for 3+ times for DNSSEC, they just keep telling me different stories, after many days has passed then I got this result. :joy:

1 Like

That must be some deep dark secret there, because .ws supports DNSSEC.