DS implementation confusion

Hello… I’ve had Couldflare for 3 months and did not have diagnostic errors earlier, but now have errors for DNSSEC and DS configuration. I used their helpful pull down menu for copying and pasting, cut the second Item has me stumped… it says: Name: use @ for root. WHAT DOES THIS MEAN?

Because there is all kinds of catastrophic language about doing this wrong, it’s got me paranoid. Is this something I need to deal with? If so, how? I’m a newbie, but read all the articles which don’t explain what this means.

Thank you!

Assuming your root domain (other word for “APEX Domain”) is “domain.com

then you dont have to type in “domain.com” but you can simply use the character “@” and it will render as “domain.com” in your example “@” will render as “marcicurtis.com”. This will help to not have any typo when wanting to write complex domain names and to not mix things up

Also for the DS Entry please implement it at your registrar, if CloudFlare is your registrar then fine, but chances are that CloudFlare is not your registrar and then you must implement it there, where you are hosting the Domain.

Just checked. Your registrar seems to be “Network Solutions, LLC”. This is where you host the actual domain. Contact them and provide them with the given infos from CloudFlare about DNSSEC

They are not errors, take that more as a prompt. DNSSEC records are entered with your registrar. Cloudflare give you a DS record to give to your registrar.

There are situations where you would need to create a DS record in your Cloudflare account, but never at the root.

While I’m a strong supporter of DNSSEC, configuring it incorrectly can have an impact on your domain. Proceed with caution.


Thanks, Martin :slight_smile:
Just to check… I would fill that out as “[email protected]” or simply just “marcicurtis.com”?

“Also for the DS Entry please implement it at your registrar”… does this mean if I give all the copy and paste info that I can pull down on the menu of DS implementation help (Key Tag, Digest Type 2, etc) to Networks Solutions (it’s actually at web.com, but even they get confused about Network Solutions), they can input all the info from their end and do the implementation? I do nothing at my end with Cloudflare?
Sorry… I warned you I was daft AND cautious… a terrible combo for the DIY site. Thank you again.

Thank you, Michael!
Can you elaborate on why I would need to create a DS record? If I’m giving that DS record to my registar, wouldn’t they be putting in at the root level?
“configuring it incorrectly can have an impact on your domain. Proceed with caution.” Yes, this is what makes me VERY nervous. Would love to be able to ignore the whole thing. Again, thank you.

The “@” thing does not have anything to do with the DS Entry in particular, its something CloudFlare internal which you can use in the whole DNS section.

You want to create a subdomain www then you could write it like this:
[email protected] the “@” gets replaced by CloudFlare with “marcicurtis.com” and the result will be www.marcicurtis.com.

Example 2:

You want to create an A Entry for your rootdomain.
You dont have to write:
A marcicurtis.com 123.123.123 :orange:

But you can simply write:
A @ 123.123.123 :orange:
and it will render as the very same. So “@” will always be replaced with your root domain.

Yes, then please contact them and provide them with exactly ALL the drop down infos as described by you. They must be able to implement it for you. You dont have to do anything.

Thank you, Martin!
They are still pondering wether it’s worth the risk to try to do this or if I should “just ignore it”. Meanwhile, I’m trying to track down why my Cloudflare speed tests are much worse than when I implemented it 2 months ago. Oh, the rabbit holes this has created! Thank you for the amazing clarification. I appreciate your patience!

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.