blank
Account Closed (Disallowed)
- Impact
- 627
Noticed some weird situation with some of my recently transferred domains:
cloudflare notified me that the configuration is not valid because I have a DS-Record
I never set a DS-Record for any of my domains because, at this point, DS Records are a pain in the a**.
If you have a DS-Record and you are no longer with the registrar where it was set, your domain name will no longer resolve on most modern browsers because, basically, the NS is no longer authoritative for the zone.
I did a little bit of an investigation and I noticed that quite a few of my domains were affected.
For most of them, I backtracked the issue with LCN. For some reason they set DNSSEC records without asking you.
I had a discussion with them and they are just plain idiots. They don't really understand how this works at all. I don't suspect them of doing this intentionally just to keep the customer or to take vengeance.
On the other hand, there is at least one situation where the DSSEC record did not originate with LCN but with a very popular registrar amongst us domainers.
It is very interesting that it was set after expiry, during the grace period, just when the NS change too.
If this is intentional, it is a very very mean way to f**k with customers that will transfer out.
cloudflare notified me that the configuration is not valid because I have a DS-Record
I never set a DS-Record for any of my domains because, at this point, DS Records are a pain in the a**.
If you have a DS-Record and you are no longer with the registrar where it was set, your domain name will no longer resolve on most modern browsers because, basically, the NS is no longer authoritative for the zone.
I did a little bit of an investigation and I noticed that quite a few of my domains were affected.
For most of them, I backtracked the issue with LCN. For some reason they set DNSSEC records without asking you.
I had a discussion with them and they are just plain idiots. They don't really understand how this works at all. I don't suspect them of doing this intentionally just to keep the customer or to take vengeance.
On the other hand, there is at least one situation where the DSSEC record did not originate with LCN but with a very popular registrar amongst us domainers.
It is very interesting that it was set after expiry, during the grace period, just when the NS change too.
If this is intentional, it is a very very mean way to f**k with customers that will transfer out.
Last edited: