1

In order to enable DNSSEC, is it required to have namesevers set to the domain registrar?

I would like to enable DNSSEC, but my domain registrar doesn't allow me to, unless the nameservers are set to theirs. The problem is that I am using Cloudflare and nameservers are pointing to those of Cloudflare.

enter image description here

bart
  • 14,958
  • 21
  • 75
  • 105

1 Answers1

1

Technically speaking, you can keep your nameservers pointed to Cloudflare and still enable DNSSEC. However, it is possible that your specific registrar has a policy of not allowing this.

Cloudflare has a guide explaining how to enable with many of the most popular registrars. https://support.cloudflare.com/hc/en-us/articles/360006660072

If your registrar has confirmed that you must use their nameservers to enable DNSSEC, there is not much you can do except for complain to them or switch registrars.

Collin Barrett
  • 2,441
  • 5
  • 32
  • 53
  • 1
    I've updated my question with a screenshot of the registrar showing I need to switch to their nameservers in order to enable DNSSEC. – bart Sep 21 '18 at 18:21
  • "However, it is possible that your specific registrar has a policy of not allowing this." Why? Do you have a reference or an example? Especially in gTLDs, registrars are not allowed to constrain owner of domain names regarding their choice of nameservers. I think you are mixing up two different things: DNSSEC as need to be enabled in the DNS zone (with keys, signatures, etc.) which depends only on the DNS **provider** (which can be the registrar or not), AND transmitting the `DS` record to the registry which has to be done through the registrar, even if it is not the DNS provider. – Patrick Mevzek Nov 17 '21 at 03:18