The domain participatorystrategy.com was formerly registered at Cloudflare, then transferred out to NetworkSolutions but something went wrong with disabling DNSSEC, or else the person who initiated the transfer didn’t realize they needed to disable it before transferring. When they checked again, it was marked as Pending so they just deleted the domain from Cloudflare thinking that would help.
So now there is a DS record at the .com space that is not finding a corresponding RRSIG. So the chain of trust is broken, which means the domain fails to resolve in some cases when dns-over-https is in use, which is the default on a lot of browsers now. You can see the issue here: dnsviz.net/d/participatorystrategy.com/dnssec/
So I have been trying to figure out how to get the DS record unpublished for almost 4 weeks. And now the domain is locked at networksolutions (due to a contact info change to get support from NetworkSolutions) for 60 days so I cannot transfer the registration back to Cloudflare, and since it was deleted from Cloudflare I’m not sure that would help anyway, except maybe that they might be able to provide support.
I’ve tried to contact Cloudflare support twice but the first ticket was abruptly marked as solve because Cloudflare is not the current registrar, and the second ticket automatically solved without any interaction. I’ve been trying to work with networksolutions–6 chats/calls so far–but no one there knows what I am talking about when I mention a DS record. Right now the nameservers are pointed to Rackspace cloud DNS, but networksolutions told me to point them back to them before they can help with DNSSEC, but now I’m wondering if I should re-setup the domain in Cloudflare just to use the nameservers, so that maybe I can get support from Cloudflare. But I don’t know if that will qualify the domain for support, and I have been getting conflicting advice from NetworkSolutions.
Does anyone know what I can do about this? Should I keep pressing NetworkSolutions since they are the current registrar? Or do I need to work with Cloudflare somehow since they published the DS key? Any help or advice would be much appreciated, because the site was supposed to launch last week and we can’t launch it until the domain is resolving correctly. I’m losing sleep over this!
Thanks in advance!
-Matt