Found DNSKEY, but no RRSIG, for algorithm 8

sina · March 3, 2025, 10:04pm

What is the name of the domain?

hyperlane.xyz

What is the error message?

What is the issue you’re encountering

The error “Found DNSKEY, but no RRSIG, for algorithm 8” on dnssec-debugger

What steps have you taken to resolve the issue?

Disabled DNSSEC for a few hours to no avail.
Users have reported that the domain (Hyperlane.xyz) does not load up when trying to connect to it through Wi-Fi in multiple regions.

What feature, service or problem is this related to?

DNSSEC

GeorgeAppiah · March 4, 2025, 4:24am

I believe Cloudflare only supports Algo-13.

So curious where the additional key is coming from:

$ dig DNSKEY hyperlane.xyz +short @1.1.1.1
256 3 8 AwEAAdJqB0BIa9ONhfMacADbbRpoPc3Mo1wd2uHMprgqz1bjnxyXu2ng
256 3 13 oJMRESz5E4gYzS/q6XDrvU1qMPYIjCWzJaOau8XNEZeqCYKD5ar0IRd8 KqXXFJkqmVfRvMGPmM1x8fGAa2XhSA==
257 3 13 mdsswUyr3DPW132mOi8V9xESWE8jTo0dxCjjnopKl+GqJxpVXckHAeF+ KkxLbxILfDLUT0rAK9iUzy1L53eKGQ==

sina · March 4, 2025, 11:48am

@GeorgeAppiah I also disabled DNSSEC for a couple of hours and then re-enabled it to no avail, in the hopes that the additional key would be wiped out, but it’s still there.
Any solutions come to your mind?

cscharff · March 4, 2025, 12:57pm

You need to open a registrar ticket to have that algo removed.

sina · March 4, 2025, 12:59pm

@cscharff Thank you very much for your attention. This domain was initially registered with Google Domains, then automatically transferred to Squarespace, and then I moved it to Cloudflare.
I cannot open tickets with Squarespace as they say this is not on their plate anymore.
Should I attempt to remove the key manually?

cscharff · March 4, 2025, 1:01pm

You should open a ticket with Cloudflare Registrar as that who is the current registrar for your domain.

sina · March 4, 2025, 1:03pm

@cscharff Understood! Will do today and update you, thank you very much.
Just out of curiosity, you don’t think something like DNSKEY record found but no DS record found - #6 by user15716 will solve my problem, no?

cscharff · March 4, 2025, 1:18pm

You can certinly try it. It won’t hurt anything… Cloudflare’s registrar support and integration is nominal.

sina · March 4, 2025, 2:12pm

@cscharff Manually deleting DNSSEC records worked!
I first disabled DNSSEC on the dashboard, then manually deleted the records immediately, and then re-enabled DNSSEC and it’s clean now. Thanks!

system · March 6, 2025, 2:13pm

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
DNSSEC: no DS RR matched a DNSKEY with algorithm 8 that helps signs the zone's DNSKEY RRset DNS & Network	5	2638	June 24, 2022
Error 9223 DNS & Network	2	1655	May 30, 2022
Trying to enable DNSSEC, but still pending after more than 24 hours - Cloudflare as Registrar Registrar	10	2437	December 23, 2021
Problemas DNSKEY DNS & Network	5	2472	February 23, 2022
DNSSEC Error : "No DNSKEY matches DS RRs of lunariaweb.com" DNS & Network	10	205	October 9, 2024

Found DNSKEY, but no RRSIG, for algorithm 8

What is the name of the domain?

What is the error message?

What is the issue you’re encountering

What steps have you taken to resolve the issue?

What feature, service or problem is this related to?

Related topics