Enable DNSSEC for hidden primary setup

I’m using Cloudflare as a secondary DNS, and those are the only name servers I’m using. I enabled DNSSEC from the UI and used the API to activate it too. with “dnssec_multi_signer”: false,
“dnssec_presigned”: true. But still the DNSSEC is not activated.
According to the documentation I don’t need to add anything at the registrar. But I cannot see any additional parameters to use. What am I missing here.

Welcome to the Cloudflare Community. :logodrop:

Where are you seeing documentation that suggests you don’t need to add DS records at your registrar?

1 Like

It’s in the Enable DNSSEC for hidden primary setup section in the link below [Preformatted](https://developers.cloudflare.com/dns/zone-setups/zone-transfers/cloudflare-as-secondary/dnssec-for-secondary/)

I don’t see anything in that section that suggests you don’t need to create DS records at your registrar. It says that you do not need to enable DNSSEC on your hidden primary. You would still need DS records in the parent zone or you will have an insecure delegation.

3 Likes

Thank you for taking time. I will check it with registrar.

2 Likes

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.