DNSSEC not turned off before domain transfer - Cloudflare Showing Invalid NameServe

antony7 · March 6, 2025, 5:36am

What is the name of the domain?

towprogroup.co.nz

What is the issue you’re encountering

After domain transfer away from Squarespace DNS propogation isnt working fully. The domain name was transferred away from Squarespace to a local registrar - Crazy Domains around a week ago, since then there have been issues with emails bouncing and some users unable to access the website.

What steps have you taken to resolve the issue?

I contacted Crazy Domains a few times, they changed name servers each time to try and get the propagation working, it didnt help.
I then tried to use Cloudflare DNS in case there was an issue with Crazy Domains, after adding the dns to Cloudflare over 48 hours ago the CP is still showing invalid name servers.
I have just found and run the cf.sjr.dev utility: https://cf.sjr.dev/tools/check?2cef97c696c84ed49190cf56cf312c99
It shows an error that resolving the host fails when using DNSSEC.
DNS Viz shows a lot of errors No valid RRSIGs made by a key corresponding to a DS RR were found covering the DNSKEY RRset, resulting in no secure entry point (SEP) into the zone
towprogroup.co.nz | DNSViz

The issue is now that the domain has been removed from Squarespace so I am unable to tell if DNSSEC was turned on or not, if it was what are my options to get DNS working correctly (presuming that DNSSEC is in fact causing issue?)

Any help would be appreciated!

Thank you

What feature, service or problem is this related to?

DNSSEC

sjr · March 6, 2025, 6:05am

You need to contact the new registrar and ask them to disable DNSSEC for you.

antony7 · March 6, 2025, 6:13am

DNSSEC is definitely disabled with the new registrar

sjr · March 6, 2025, 6:20am

The WHOIS and DNS show the registry is still returning a DS record for your domain…
https://cf.sjr.dev/tools/check?c46f338fcfb94f91a459ce218ffaf626#dns

You can try to enable DNSSEC with your new registrar using the DS record from Cloudflare, that process may cause the registrar record to be replaced. Or just contact your new registrar and ask them to remove the record at the registry.

antony7 · March 6, 2025, 6:38am

Ok thanks for the advice, I will enable and see how we go.

antony7 · March 6, 2025, 8:56am

Thanks @sjr Enabling DNSEC at my registrar and DS record from Cloudflare worked.
I appreciate your help!

Antony

system · March 8, 2025, 8:57am

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Pending Nameserver Update - Verified Nameservers via dnschecker.org DNS & Network	2	44	October 21, 2024
Domain transferred out before DNSSEC disabled - what to do? Registrar	1	1123	November 4, 2022
Can't control DNSSEC DNS & Network	6	1783	April 24, 2022
DNSSEC is pending, possibly enabled at previous registrar Registrar	5	1835	April 30, 2022
DNSSEC enabled at Fasthosts Dashboard	11	140	December 23, 2024

DNSSEC not turned off before domain transfer - Cloudflare Showing Invalid NameServe

What is the name of the domain?

What is the issue you’re encountering

What steps have you taken to resolve the issue?

What feature, service or problem is this related to?

Related topics