DNSSEC Pending, Registrar added records, flags not supported

Hello!

We have our nameservers pointed to Cloudflare. Our registrar is Network Solutions. I have enabled DNSSEC on Cloudflare, had my registrar add the DNSSEC records as given by Cloudflare. My domain is resolving and accessible, but Cloudflare still shows DNSSEC pending. The registrar did tell me that they do not support flags, which Cloudflare provides as part of their record to add to the registrar. What am I missing here?

Greetings,

Thank you for asking.

From the screenshot you’re sharing, seems like the DS record hasn’t been added at your domain registrar, so far (yet).

I’d wait for 24-48 hours to see if anything changes.

If not, then it might be your domain registrar doesn’t support the Algorithm 13 or something else might be related, therefore you couldn’t use DNSSEC feature with them.
Some other domain registrars might support DNSSEC and Alg 13 :thinking:

Helpful docs to send to them, just to re-check if they do support it or rather not → Under the section “Limitations”:

Nothing actually. As you write, I am afraid your domain registrar has the issue and you cannot use DNSSEC feature from Cloudflare :thinking:
Either an option to lookup for some other domain registrar which does support DNSSEC and Algorithm 13.

Nevertheless, if it wouldn’t work, kindly ask them to remove any DS records for your domain name and you should disable DNSSEC at Cloudflare dashboard.

Otherwise, if you try to switch your domain nameservers again in future, you’d have an issue with NXDOMAIN error and your website wouldn’t resolve correctly because some DS record realted to the DNSSEC was stuck in the air.

1 Like

Thank you very much for confirming my suspicion. Time to navigate the phone tree and be on hold for another hour. I will confirm if they support Alg 13, but something tells me your immediate intuition is correct. We may have to switch from them after over 15 years.

Thank you @fritex

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.