How to activate DNSSEC if your domain's registrar is GoDaddy

We have had several cases in which our customers who are using GoDaddy as a domain registrar are facing issues activating DNSSEC for their Master DNS zones here. Many users encounter issues with GoDaddy’s system timing out during validation. This guide provides a step-by-step workaround to help you activate DNSSEC successfully.

Why does DNSSEC activation fail with GoDaddy domains? 

After our investigation we found out that the issue is caused by GoDaddy's system. That’s because, it looks like GoDaddy has two separate systems:

1) Domain management system
2) DNS validation system

Suppose you’ve set up all four of our Premium Name servers for your domain in GoDaddy’s system. When you use multiple name servers, GoDaddy’s DNS validation system (System 2) performs DNSKEY checks on each name server to validate your DS record. However, this process takes some time, and the validation can’t always complete before GoDaddy’s Domain Management System (System 1) times out. As a result, System 1 triggers an error message:

"An unexpected error occurred. If this issue continues, contact support."

This delay between systems is what causes the DNSSEC activation issues.

Step-by-Step Solution to Activate DNSSEC on GoDaddy

Follow these steps to bypass the validation timeout and activate ClouDNS DNSSEC:

Step 1: Temporarily Remove Two Name Servers

Go to your GoDaddy domain settings and remove two of your name servers (e.g., pns33.cloudns.net and pns34.cloudns.net) and save the settings.

Step 2: Wait for System Updates

Wait a few minutes to allow GoDaddy’s system to refresh and recognize the new settings.

Step 3: Add DS Records with Two Name Servers

  • Head to the DNSSEC management panel in your GoDaddy account.
  • Add the DS records with the remaining two name servers.
  • Verify that everything is functioning correctly.

Step 4: Re-add the Removed Name Servers

  • Return to the name servers page in GoDaddy.
  • Re-add the two name servers you initially removed (in our example, pns33.cloudns.net and pns34.cloudns.net).

After completing these steps, your DNSSEC should be active, and your domain is secure with 4 Premium Name servers. This workaround resolves the timeout issue between GoDaddy's Domain Management and DNS Validation systems.

Additional Tips for Successful DNSSEC Activation

To ensure a smooth DNSSEC activation process with GoDaddy and ClouDNS, here are some extra tips and reminders:

  • Double-Check Each Setting: After completing each step, confirm that your changes were saved correctly. Small errors in configuration can lead to DNS validation issues.
  • Allow Time for DNS Propagation: DNS changes, including DS records, can take up to 48 hours to propagate globally. During this time, your DNSSEC setup may show as pending or incomplete, which is normal.
  • Monitor DNSSEC Status: Check that your DNSSEC records are configured correctly and that activation is progressing as expected. Look out for any issues with name server or record settings.
  • Reach Out if Problems Persist: If errors continue, consult support with your configuration details for further assistance.

Last modified: 2024-11-12
Cookies help us deliver our services. By using our services, you agree to our use of cookies. Learn more