Help with setting up DS record for DNSSEC

So, i’m just trying to setup a DS record for DNSSEC. When attempting to add this record in the Zone Records of cloudflare, it throws a wobbly fit and tells me I need to add this record with my registrar.

However, my registrar I have set to use the Cloudflare nameservers and is not managing my zone records.

How can this be?


Where did you get this DS record you are trying to add to your zone?

1 Like

If the DNSSEC material was provided by Cloudflare, your registrar needs to update the parent zone, not your zone.

1 Like

From cloudflare dashboard

Those entries are to be added at your registrar, not in your Cloudflare DNS. In order to validate that records are properly signed by Cloudflare the registrar needs those values to communicate to the recursive resolver asking for a particular record.

1 Like

Ok thanks,

Also I read that only some TLDs support DNSSEC, mine being may not support DNSSEC correct?

The .nz TLD and the public second-levels have been fully signed since 2012, and the SRS has accepted DS records since May 2011.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.