Home Domain & DNS Management Troubleshooting DNSSEC: How to Resolve Common Domain Configuration Challenges

Troubleshooting DNSSEC: How to Resolve Common Domain Configuration Challenges

Last updated on Aug 08, 2025

Troubleshooting DNSSEC: How to Resolve Common Domain Configuration Challenges

**Description:**A step-by-step guide to understanding DNSSEC, identifying configuration issues, and safely disabling or reconfiguring DNS settings for shared hosting customers.

What is DNSSEC?

DNSSEC (Domain Name System Security Extensions) is a security protocol that adds a layer of cryptographic authentication to DNS, helping to protect your domain from certain types of attacks (like DNS spoofing). However, if it’s misconfigured or not supported by your DNS provider, it can cause domain resolution problems.

Common DNSSEC Issues on Shared Hosting

  • Website not loading or showing “Server not found” errors
  • Email delivery failures
  • Intermittent domain accessibility
  • DNSSEC validation errors in domain check tools

Step 1: Check Your Domain’s DNSSEC Status

You can check your DNSSEC status using online tools:

Look for:

  • “DNSSEC signed” status
  • Errors like “insecure”, “bogus”, or “no DS record found”

Step 2: Understand Your DNS Hosting Situation

  • **If your domain uses Eco Web Hosting nameservers:**DNSSEC is not supported on our shared hosting nameservers. Enabling DNSSEC at your domain registrar will cause resolution issues.
  • **If your domain points to third-party DNS (like Cloudflare or external registrars):**DNSSEC should only be enabled if your DNS provider supports it and you have added the correct DS records at your domain registrar.

Step 3: Troubleshooting and Resolving DNSSEC Issues

A. My Domain is Down or Inaccessible

Symptoms:

  • Domain does not resolve
  • You see DNSSEC validation errors in online tools

Actions:

  1. Check if DNSSEC is enabled:
    • Login to your domain registrar’s control panel.
    • Look for DNSSEC settings (may be called “DNSSEC”, “DS records”, or “DNS Security”).
  2. If DNSSEC is enabled and you are using Eco Web Hosting nameservers:
    • Disable DNSSEC immediately (see instructions below).
  3. If using third-party DNS (e.g., Cloudflare):
    • Make sure the DNS provider supports DNSSEC.
    • Confirm the DS records at your registrar exactly match the values provided by your DNS provider.

B. How to Disable DNSSEC at Your Domain Registrar

General Steps (may vary by registrar):

  1. Log in to your domain registrar’s dashboard.
  2. Go to the DNS management or DNSSEC section.
  3. Locate the active DS records or DNSSEC settings for your domain.
  4. Remove all DS records or set DNSSEC to “Off”.
  5. Save your changes.

> Note: DNS changes may take up to 24–48 hours to propagate.

Example: Disabling DNSSEC at Namecheap

  • Go to Domain List > Click Manage next to your domain
  • Click the Advanced DNS tab
  • Scroll to DNSSEC section
  • Click Remove All Records or toggle DNSSEC “Off”

C. Reconfiguring DNSSEC (If Using Third-Party DNS)

If you wish to use DNSSEC with an external DNS provider (NOT Eco Web Hosting):

  1. Enable DNSSEC in your DNS provider’s panel (e.g., Cloudflare)
  2. Copy the generated DS record(s)
  3. Add these DS records to your domain registrar’s DNSSEC section
  4. Save changes and allow time for propagation
  5. Test with MXToolbox or DNSViz for validation

Step 4: Test and Confirm Resolution

After disabling or updating DNSSEC:

  • Use MXToolbox DNSSEC Test to confirm your domain is now “insecure” (DNSSEC off) or “secure” (if properly configured)
  • Check your website and email functionality

Example Troubleshooting Scenarios

Example 1: Accidentally Enabled DNSSEC While Using Eco Web Hosting Nameservers

Result: Website and email down.

Solution:

  • Disable DNSSEC at registrar (remove DS records).
  • Wait for DNS propagation (up to 48 hours).
  • Retest domain.

Example 2: Using Cloudflare DNS with DNSSEC

Result:

  • Website down, DNS validation errors.

Solution:

  • Ensure Cloudflare DNSSEC is enabled.
  • Copy DS record from Cloudflare.
  • Add DS record at your domain registrar.
  • Save and wait for propagation.

Tips & Best Practices

  • Never enable DNSSEC unless your DNS provider supports it and you know how to configure DS records.
  • Always back up your DNS settings before making changes.
  • Use DNS check tools before and after changes to verify status.
  • For shared hosting with Eco Web Hosting nameservers, keep DNSSEC disabled.

Still Need Help?

If you’ve followed these steps and your domain is still not resolving, please:

  • Gather details of what you’ve tried
  • Take screenshots of DNSSEC settings and errors
  • Submit a support ticket via your Eco Web Hosting client area

Our support team is here to assist you!