DNSSec not disabled


I already found two topics regarding similar issues:

Well, I’ve had registered my domain using Cloudflare Registrar, but decided to move to another one. Before moving the domain, I’ve disabled DNSSec in the domain configuration and it said, that the DNSSec setup will be disabled, as soon as my current registrar (Cloudflare) has removed the DS record.

So far, so good. I’ve now moved to the new registrar (that doesn’t support DNSSec), removed the zone at Cloudflare and waited. This was two days ago.

Now, my domain is still inaccessible for most of our clients and according to dig, the DS record still exists:

; <<>> DiG 9.11.5-P4-5.1+deb10u2-Debian <<>> DS mydomain.tld @
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59864
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

; EDNS: version: 0, flags:; udp: 1232
;mydomain.tld.                        IN      DS

mydomain.tld.         86400   IN      DS      2371 13 2 9B864AC6E9C1B27D2CB232352EFE8A3C0BB57593008C5FEB7531250F D83C2CE0

;; Query time: 8 msec
;; WHEN: Mon Sep 28 12:11:08 CEST 2020
;; MSG SIZE  rcvd: 91

I’ve already contacted both, Cloudflare and my new registrar, but I don’t expect an answer from CF within the next week. Is there anything else, I could do? Maybe move the domain back to CF, enable DNSSec and disable it again? This is a business website, so I need a quick solution.

Thank you in advance.

It sounds like you didn’t disable DNSSEC at Cloudflare before you transferred the domain away. So now the TLD (.com, etc) still has that DS record. Since Cloudflare is no longer your registrar, I suspect your new registrar will have to manually request DS record removal from the TLD.


I did. Maybe, I transferred the domain too early. However, my new registrar was able to fix it, by removing the DS entry.