: What is the recommend procedure for changing nameservers with DNSSEC enabled? Do I need to disable the DNSSEC DS record and DNSSEC, let that propagate, and then change nameservers only after
Do I need to disable the DNSSEC DS record and DNSSEC, let that propagate, and then change nameservers only after that has well propagated?
More posts by @Shelton105
2 Comments
Sorted by latest first Latest Oldest Best
I found that there is a DNSSEC propagation delay, so the approach is:
Disable DNSSEC at Registrar
Wait 24 hours
Disable DNSSEC at Nameserver
Switch nameservers
This was the answer I was looking for, and eventually found through other resources.
If you use DNSSEC, then when you switch from one DNS provider to another you must take precautions to ensure your DNS resolution continues during the transition.
Your DS record is tied to the specific DNSSEC key that is used to sign your zone. If you move from a DNSSEC provider to a provider that does not support DNSSEC, then you must remove your DS record before switching.
The same rule applies if you switch from one DNS provider with DNSSEC to another DNS provider with DNSSEC. You should remove your DS record first, transition to the new DNS provider, and then have them provide you with the new DS record that you can add to your domain’s registry name servers.
source
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.