No DS records found

Even though I’ve enabled DNSSEC I have this message that hasn’t gone away “DNSSEC is pending while we wait for the DS to be added to your registrar. This usually takes ten minutes, but can take up to an hour.”

Cloudflare is acting as my registrar so the DS configuration is set on CF, I went to my Godaddy to see if I can set the DS but they don’t have this option because I’m on CF.

Any ideas on how to get this working? Everything is green except:
“No DS records found for solaradvice.co.za in the co.za zone”
https://dnssec-debugger.verisignlabs.com/solaradvice.co.za

Cloudflare is not your registrar. Cloudflare is just your authoritative DNS server in this case.

Your registrar is 1API GmbH.

2 Likes

Not relevant to the question, but there are two different SPF records on the zone which should be examined and corrected.

1 Like

Thanks for the spot Michael :+1:

Ok thanks, my registrar is Godaddy but I can’t seem to add a DS record because Cloudflare is set as the NS, I might be wrong but I can’t see where to add the DS record, any ideas?

It doesn’t look like your registrar is GoDaddy. What makes you think so? Did you purchase this domain on GoDaddy?

From the information given by whois lookup we can see that your registrar is https://www.1api.net/.

1 Like

Yes I purchased through Godaddy, it’s currently managed via Godaddy.

If that’s the case, kindly try this:

https://sg.godaddy.com/help/add-a-ds-record-23865

I did follow this but it doesn’t give the option in the Godaddy management, I’ve contacted Godaddy to see what’s going on.

Looks like you can’t have DS records with Godaddy, they also said that because Cloudflare handle the DNS that I can set it there?

Enabling DNSSEC requires coordination between authoritative DNS server and registrar. You can’t just enable DNSSEC in Cloudflare but not adding DS records in registrar.

@sdayman any ideas? Whois check shows that his registrar is 1API but he claims that his registrar is GoDaddy.

That “Add a DS record” document is most likely for subdomains with their own name servers, so GoDaddy can “extend” DNSSEC to subdomains using other name servers. That’s not applicable, nor feasible in this case because 1) GoDaddy isn’t providing DNS for that domain, and 2) This isn’t a subdomain NS delegation.

As for the registration itself, I’d be surprised if it’s GoDaddy. 1API looks to be a German reseller of Hexonet (also German). I don’t see why GoDaddy would “step down” to a German reseller for a ccTLD clearly not owned by a German organization.

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.