How does DNSSEC still work if a cloudflare site is paused?

I admit I’m still fuzzy on how DNSSEC works but from my understanding, when a site is paused, Cloudflare updates its A record to the origin IP. And if DNSSEC is set up on Cloudflare, won’t that mean an error?

Also, what if some subdomains aren’t using Cloudflare? Because I have NS records set up on some subdomains so that they bypass Cloudflare.

DNSSEC just locks you into a specific set of name servers. It has nothing to do with the proxy service.

As for the subdomains you delegated away from Cloudflare, I’d expect that to be a problem, but I’ve never tested that configuration.

The NS records point to a DNS server that doesn’t support DNSSEC. I understand the security vulnerabilities associated with that. But will those domains break once DNSSEC is enabled on the registrar?

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.