DNSSEC Woes - Request to Remove old DS Record

Hi,

Hindsight is always 20/20 as I realized I forgot to turn off the DNSSEC on my old registrar before transfering my domain to CF.

Now my DNSSEC setup is borked. Google DNS won’t resolve my domain thanks to the unsigned DS records somewhere on the chains, and I got the dreaded “DNSSEC is pending while we automatically add the DS record on your domain.” message despite it was already > 24 H.

Based on cursory looks on this forum, I gather I’d need to ask CF to remove the old, offending DS records.

Is that’s all? Do I need to contact my old registrar?

I opened a support ticket (#2391130)

Cheers,

Arya

Hi @Arya

Yes. DS record configured at your registrar unlike other DNS record which would usually be configured on your nameserver.

Yes. DS record configured at your registrar unlike other DNS record which would usually be configured on your nameserver.

I transferred my domain to Cloudflare registrar already.

Hi @cf-scott I got similar issue here (#2391130), just wanted to confirm, do I need to contact my old registrar as well? Thanks!

I couldn’t log into or contact my old register. But thankfully Cloudflare could fix it for me manually.

3 Likes

Sorry about the issue Arya. I’ve replied on your ticket.

2 Likes

I am in the exact same situation - I transferred my domain to Cloudflare 3 days ago, but forgot to disable DNSSEC first. My domain nickersonm.com has been ‘bogus’ since then. Ticket #2390047 has been sitting without a response since then.

While waiting for a response, I tried toggling DNSSEC in the CF dashboard and waiting 48 hours; no luck. I tried disabling DNSSEC, but DS entries are still being published 24 hours later.

I think the DS entries just need to be removed. Thanks for any help the CF team here on Community can provide!

Note: posted with a different email and account here because the Community confirmation email for my primary account is to mail.nickersonm.com - the mail server is up, but unresolvable.

@nickersonm I’d suggest to open a support ticket. It appears our issue requires CF’s registrar engineer manual intervention. I think by Monday there would be faster response, too.

Thanks for the over the weekend reply @cf-scott. I appreciate that a lot.

1 Like

Thanks for the reply, Arya, and sorry to be hijacking your post :slight_smile:

My support ticket #2390047 unfortunately hasn’t had a human response since I posted it on Thursday. I’ll hope for something better on Monday unless one of the CF team on Community who seem to have been addressing this issue (@cf-scott, @cloonan) happens to be working Sundays!

3 Likes

Thanks for sharing , Someone here will escalate it as soon as possible

Don’t worry the Community MVP Can also escalate your Ticket ! , I’m sure if someone will see this will sure escalate it

Please be patient till you get a Reply on Ticket !

2 Likes

Kindly thank you for sharing your ticket number. We have escalated it.
Just a quick feedback, I see it’s in the “to-do” queue for the week start (tomorrow), please wait for a reply.

2 Likes

Sorry again for this recurring theme. I’m also going to see about having the registration process text updated to remind users about this. I’ve replied on your ticket.

I’m going to close this thread, as it was solved for the previous user.

Generally, not. I’m catching up on some homework, but this issue did catch my eye.

3 Likes