Guide for transferring a DNSSEC enabled domain to Route 53

Question

Hello, I have a DNSSEC enabled domain with another registrar and managed by another cloud service. Is there a guide to move a DNSSEC enabled domain to be managed by Route-53, without disabling DNSSEC (or should I disable DNSSEC first)?

Accepted Answer

See below from the [documentation](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/domain-transfer-to-route-53.html#domain-transfer-to-route-53-change-registrar-settings-dnssec)

************************

**Disable DNSSEC for the domain**

If you use DNSSEC with a domain and you transfer the domain registration to Route 53, **you must disable DNSSEC at the former registrar first**. Then, after you transfer the domain registration, take steps to set up DNSSEC for the domain in Route 53. Route 53 supports DNSSEC for domain registration and for DNSSEC signing. For more information, see [Configuring DNSSEC signing in Amazon Route 53](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-configuring-dnssec.html)

**Important**

If you transfer a domain registration to Route 53 while DNSSEC is configured, the DNSSEC public keys are transferred, too. If you transfer DNS service to a provider that doesn't support DNSSEC, DNS resolution fails intermittently until you delete the DNSSEC keys from the domain. For more information, see [Deleting public keys for a domain](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/domain-configure-dnssec.html#domain-configure-dnssec-deleting-keys).

Guide for transferring a DNSSEC enabled domain to Route 53

Contenuto pertinente