New to Cloudflare. Tried to Add DS to Godaddy registrar for a domain but there is not an Algo 13 What to do?
I don’t see much documentation about DNSSEC at GoDaddy. You’d have to contact their Support desk for assistance in getting Algorithm 13 configured.
Nope Godaddy says it’s on Cloudflare’s end being that the NS is pointing to them now
DNSSEC still needs to be configured at the registrar. That responsibility is not transferred to Cloudflare with a change of nameservers. You could do that, use Cloudflare as domain registrar, but I can’t believe Godaddy doesn’t support it… maybe, but more likely you got a defective customer support agent.
Nope, the chat jockey said it’s on Cloudflare to enter the DS record since the NS has been pointed to CF there’s no access to the DNS because they are with Cloudflare However 35 bucks for the premium DNS service was an option…
May I suggest another registrar?
Godaddy is a pretty bad company in the first place.
Thank you. I have already thought about it but when I talked to my client about adding a CDN I assured her that it wasn’t a problem. The main issue I’m having is that the site is giving cacheing errors when testing it.
I put in a ticket but I’m not getting a response from support. So after searching to resolve the cache problem is when I discovered about having the DS record confirmed…I mean this was supposed to be easy…Not a great first impression in my opinion…but the again I never set up a CDN this way either…
That’s patently absurd. Why in the world would you have circular DNSSEC? DNSSEC is the authenticated link between the Domain Registry (tied into by your registrar) and the DNS host (Cloudflare, in this case).
Don’t know Just repeating what I was told and without paying the 35 bucks for the “premium DNS” and whether a “third party” is acceptable was another point I didnt understand.
I have had a nightmare with these people from day one so much that I could write a block buster.
At this point, I’m thinking you’re better off not attempting DNSSEC. It’s not going to break anything, except put a small tear in your security blanket.
Here’s a thread from last year. Is their picture what you see at GoDaddy? What are the Algo choices? I don’t see any posts here saying it doesn’t work.
I’m unable to get to the english version because it auto-redirects me (even their website doesn’t work), but I hope it will do the same for you. In GoDaddy’s docs they literally say the opposite of what the agent said.
It’s extremely possible they don’t support algorithm 13 because they simply don’t care.
Here is a Google Translate version from their docs (https://it.godaddy.com/help/informazioni-su-dnssec-autogestito-6114).
To enable DNSSEC, the zone must be digitally signed by your DNS server. When signing, you create a signing delegation record. Each DS record contains information used by the registry to authenticate using DNSSEC. You can use the DS record and the information it contains to enable DNSSEC for your zone.
Once you have received the DS record information from your DNS provider, you can add a new DS record in your GoDaddy account.
Some info on how to add the DS record to GoDaddy (https://it.godaddy.com/help/aggiungi-un-record-ds-23865).
Maybe this is it:
It is, but it still redirects me to the italian version. What if I speak english and I’m living in Italy? I even have my computer language in English. That is web design 101. You don’t select a language based on the IP (unless content is geo-retricted, but even then…).
Ummm…you DO speak English and live in Italy.
GoDaddy knows best.
I do speak Italian better but yeah… you got the point.
They just dont support it because it’s not there
This is what I get when testing the cache
I know how and where to add the record and the option is even available but there just is no algo 13 it runs on all even numbers (screenshot above)
Then the point of this post is null, either you change registrar or you don’t enable DNSSEC.
The whole reason I switched to CF is because of the security for my clients online store and for optimizing reasons. If i would have known this I would not have pointed the name servers here.
Then change nameservers, it’s that easy.