DNSSEC not getting updated after cloudflare has become registrar

DNSSEC not getting updated.
I have transferred my domain to Cloudflare, both nameservers and as registrar.
The main problem is that I forgot to disable DNSSEC at my previous registrar before I set the transfer in motion, so they were not able to update the DNSSEC configuration while the domain was being transferred.

The domain is now transferred and Cloudflare is the registrar, and I would have expected the configuration to be updated automatically as the DNSSEC configuration states at the Cloudflare configuration.

However 24hours have now passed, and the configuration is not updated. So the domain is still not functioning completely as it should. What can I do to get the configuration updated?

Best regards

Can you send the domain so we will check what’s the issue and confirm with you .

its arnbak.com - the domain DS record is the one from the old setup. So I recon it needs to be updated.

Is it showing Cloudflare is protecting your site . ?

All dns records is at Cloudflare yes.
But the DS record is the one from the old dns provider. Not the correct one.

arnbak.com.		82380	IN	DS	23942 8 2 0813EDA741D2B24ADD805BD9E1460E8BABCC614935BC82EE477D6C75 4875E9E1

Would have expected it to be

arnbak.com. 3600 IN DS 2371 13 2 B132DF976CE702A692A3B864BDAA980F91A13BAABF9BC2A89A434D9DF2179555

Which is the new one, generated by Cloudflare. But not yet applied at the registrar.

Its also reported as bogus by the dnsviz tool:


1 Like

Your Records are correctly done . But Can you send a Screenshot from Cloudflare showing your site is protected by Cloudflare ?

I’m not sure I follow here? Protected by Cloudflare?
I’m only using the dns configuration tools from Cloudflare. Cloudflare has Authoritative dns for the domain, and they are registrar as well. The configuration needs to be updated from the registrar.
What specifically in the configuration tool is it you want a screenshot from? Only thing I have setup is DNS configs.

I’m Not Sure about this issue Please wait while any other community member help you

& is this the Nameservers you Added ?

Yes its using Cloudflare nameservers.

~ » dig arnbak.com NS                                                                                                                                                [email protected]

; <<>> DiG 9.10.6 <<>> arnbak.com NS
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9818
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 13

; EDNS: version: 0, flags:; udp: 512
;arnbak.com.			IN	NS

arnbak.com.		86400	IN	NS	plato.ns.cloudflare.com.
arnbak.com.		86400	IN	NS	melany.ns.cloudflare.com.

melany.ns.cloudflare.com. 258	IN	A
melany.ns.cloudflare.com. 258	IN	A
melany.ns.cloudflare.com. 258	IN	A
melany.ns.cloudflare.com. 486	IN	AAAA	2803:f800:50::6ca2:c28a
melany.ns.cloudflare.com. 486	IN	AAAA	2a06:98c1:50::ac40:228a
melany.ns.cloudflare.com. 486	IN	AAAA	2606:4700:50::a29f:268a
plato.ns.cloudflare.com. 425	IN	A
plato.ns.cloudflare.com. 425	IN	A
plato.ns.cloudflare.com. 425	IN	A
plato.ns.cloudflare.com. 886	IN	AAAA	2606:4700:58::adf5:3bdf
plato.ns.cloudflare.com. 886	IN	AAAA	2803:f800:50::6ca2:c1df
plato.ns.cloudflare.com. 886	IN	AAAA	2a06:98c1:50::ac40:21df

;; Query time: 14 msec
;; WHEN: Fri Feb 11 10:59:58 CET 2022
;; MSG SIZE  rcvd: 358

Do you have a Premium Plan ?

I have not, unfortunately. According to their ticket response, this is the way to do it.

Ok someone here can esclate your ticket

Please await for Response .

1 Like


I am sorry to hear you are experiencing an issue.

Sometimes it needs 48 or 72 hours for DNSSEC to clear.

Is DNSSEC option disabled at Cloudflare dashboard? Please disable it.

Kindly, may I ask you to share your ticket number here so we could escalate this for you. Thank you in advance.

Okay, I’ve found it:


Hi there,

I can see that there is no DS record present any more:

% dig DS arnbak.com +short
(empty answer)

So therefore, I think that this issue is resolved already. Can you confirm this @arnbak?

1 Like

Thanks for the reply. Yes I switched off DNSSEC completely from the configuration interface, as suggest in this thread. And the record got deleted some hours later, and the domain started working again.
So thats nice!

I obviously want to enable DNSSEC again, however I’m wondering if the DS record will get applied. It suprised me a little bit, that it didn’t override the old one, after the move to Cloudflare as registrar and I switch it on.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.

You can enable DNSSEC again via these instructions: