Hello,
After enabling DNSSEC yesterday on my registrar (bluehost) and then on Cloudflare, my website is not reachable over the Comcast network. (browser shows “This site can’t be reached” ERR_NAME_NOT_RESOLVED")
I confirmed this both by connecting to my own comcast network at home, and to the public xfinitywifi network. In both cases, the website is NOT reachable over any devices.
When I switch to using cellular on my phone and to using Google Public DNS on multiple devices (even still using the Comcast internet connection), then the website IS reachable. So it appears to me something to do with Comcast DNS resolution.
Anybody run into this issue before and know how to fix it please?
Thank you.
Talking to bluehost right now to try to remove the records. They say:
“I see the domain nameserver is pointing to the CloudFlare so to remove the DNSSEC records you will need to remove the records on their end.”
Is this correct? I am trying to manage the DS records here Web Hosting, Domain Names, E-commerce - Bluehost but there is no option to delete the three invalid records
You might also want to change host if this is what your host said
DS records are set at the registry by the registrar. Cloudflare can’t do anything here. Your DNSSEC setup will be broken as long as you can’t get rid of these invalid DS records.
What bluehost said: “I have checked and I see that our specialist need some time to remove the records, I’ll escalate the Case so that our specialist will be back to you via email once it is removed.”
In another situation, if you cannot access Fastdomain or do not remember credentials (worse situation), it is possible you paid hosting and domain to the BlueHost while they used Fastdomain to register your domain?
And as already stated by @sandro, first disable DNSSEC in the Cloudflare dashboard and also remove the DS record which is added to your domain via contacting your register.
Then check if your Websites get back “online”.
Once it resolves correctly, hopefully, if you added A records and pointed them to the right IP address and having them proxied via Cloudflare, then proceed with the steps to add DNSSEC if you want.
Here is the output for DNSSEC misconfiguration for your domain:
Well that was a disaster! Bluehost proceeded to delete the one valid DS record provided by clooudflare rather than deleting the 3 bluehost DS records that I requested deleted!
So I am in the process of transferring the domains from bluehost to cloudflare so I can directly manage them at cloudflare.