DNSSEC Records Not Updating After Domain Transfer

I recently transferred my domain (ct3m.net) from Google Domains to Cloudflare. I believe I forgot to disable DNSSEC before initiating the transfer. As a result, the DNSKEY and DS records from the previous registrar are stuck with the domain.

To solve this, I have tried to disable and then re-enable DNSSEC in the Cloudflare dashboard; this was unsuccessful (even after waiting one week for the entries to update). Furthermore, I have confirmed that the NS entries on the domain are correct (i.e. match the ones on the Cloudflare dashboard).

From the numerous existing threads regarding this problem, it seems that the records must be manually deleted by the registrar (Cloudflare): example here.

I would appreciate any help with resolving this issue.


Hi, I had exactly this issue.

Solved by disabling the DNSSEC at Cloudflare - until it was cleared from the NS record.
Make sure the domain is back up running without DNSSEC enabled.
Then re-enable it.

Cloudflare needs to be the registrar for the domain.

  • Cloudflare is the registrar for the domain.
  • I’ve disabled DNSSEC 24 hours ago and am waiting for the records to be deleted. Hopefully they will be gone within 72 hours of the deletion request.

Yes it can take up to 48 - 72 hours to clear.


Thank you for asking.

I am sorry to hear you are experiencing an issue with the DNSSEC :confused:

Thank you for above feedback.

Just in case, as there were topics and issues similar to your situation, kindly, I’d suggest you to write a ticket to Cloudflare support due to your account and domain issue and share the ticket number here with us so we could escalate this issue:

  • Login to Cloudflare and then contact Cloudflare Support by clicking on the Get More Help button. If you get automatic reply, reply and indicate to it you need more help and reference to this topic
  • Or send an an e-mail to support[at]cloudflare[dot]com from your e-mail associated with your Cloudflare account

Sometimes the DS/DNSKEY knows to stuck if the DNSSEC wasn’t disabled before transfering your domain name.

I waited an additional day to see if the DNSKEY/DS records would be removed; unfortunately, they weren’t.

I’ve e-mailed support and got the following ticket number: 2441296.

Thanks for the help.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.