I have a .cz domain set up with Cloudflare for which I have enabled DNSSEC. I’ve published a keyset object at my registrar as told and so the process was successful. However since CF also publishes CDS and CDNSKEY records for automatic setup, after 24 hours my own keyset gets overwritten by one with a randomly generated ID that has the central registry listed as a technical contact. Whenever I change it back to mine, it gets overwritten again after 24 hours.
This new keyset has all the same settings and public key, but a different random ID and contact, and I’d prefer the option to have my own keyset associated with my domain, listing me as the technical contact. How can I stop CF from publishing the CDS and CDNSKEY records to exclude it from automated key management? (English toggle available at the top)