The DNS is with dnsmadeeasy, I’ve tried to set it up with A records, CNAME, and also with CNAME and ANAME records. I’ve tried the default site as the root and as the subdomain. The site is for tapkit-usa.com and tapkitusa.com. In the publishing page it always shows Issue Detected: DNSSEC validation failure. I’ve tried disabling SSL and re-enabling it. Published the site after any changes for testing, and checked for dns propagation to make sure I was waiting long enough. Can anyone assist? Thank you
Hi David, I am also getting the same issue with your site on my end. WhatsMyDns shows it has propagated in most areas.
Firstly how long have you waited for the propagation?
You can try this as it seems this issue may be from the registrar’s end what I would highly recommend is completely resetting the DNS records on your registrar’s end and then checking on WhatMyDNS that the domain is not connected anymore and then setting up the records again on the registers end.
This can be very annoying and time-consuming but unfortunately, these are steps you have to follow if the DNS has been misconfigured. Do let me know if you run into any further issues!
I also found this which is similar to your issue however this is dependent on how long you have waited for the propagation
@memetican do you have any recommendation for this issue?
The problem is that DNSSEC is enabled at your registrar. It’s NOT directly related to your DNS provider, and you cannot remove it through your DNS zone editor.
Despite that, you can see it in the form of a DS “record” when you query the DNS-
tapkit-usa.com yours looks like this-
This is an oversimplification, but effectively, that “record” prevents Webflow’s certificate provider from successfully provisioning an SSL certificate.
You need to log in to your domain registrar and disable DNSSEC.
If you cannot ( my registrar was clueless and has no way to disable this ), and you recently transferred your domain, you may need to transfer it back to the original registrar so you can disable it where it was first established.
Google Domains seems to like to establish DNSSEC if you purchase domains through them, and if you don’t turn it off before transferring the domain to another registrar, it will create problems for you.
memetican - In all the threads I’ve read on this issue, I haven’t seen anyone give your response. It makes perfect sense. The domain was registered with google, it was transferred to dotster, then dns was transferred to dnsmadeeasy (in an attempt to fix this issue). I don’t think I have access to disable it within dotster, so it looks like I may be transferring it back to google to turn it off.
You got lucky I’ve been dealing with this exact issue this week, and it’s the first time I’ve encountered it, too.
A week ago I transferred a client’s domain from Google Domains to Dreamscape and setup Cloudflare as the DNS provider. Webflow support pointed me in the right direction regarding DNSSEC, but Cloudflare & Dreamscape played a few days of support-pong while each tried to pin the responsibility on the other.
After a few escalated tickets and no joy, I gave up and kicked the domain back to Google, while retaining the Cloudflare NS records and disabling DNSSEC.
The domain began working on Webflow within a few hours after that fix, but it took a few days for Webflow to show all-green.
Learned something new this week. Always disable DNSSEC before a domain transfer, especially from Google Domains.