- 新しい順
- 投票が多い順
- コメントが多い順
Please see instructions here under
Adding public keys for a domain https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/domain-configure-dnssec.html
If you are getting 400 - that probably means you are creating DS record for your domain in your domain - not parent domain. For sub-domain, my understanding is DS should be created in its parent domain; and for root domain, DS should be created in its parent TLD. e.g. DS for example.com should go into .com TLD. and DS for subdomain.example.com should go into example.com
The documentation link below did not help me as I had a stale DS record by previous registrar. https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/domain-configure-dnssec.html
In your case, the old console might be able to provide a way to create a DS record for cloudflare as required. If there is only one DS record, the issue should resolve for you. Do NOT remove other DS records if there are no other issues.
You can use troubleshooting tools to help navigate to solution. Please post here if you were able to resolve your DNSSEC issue.
AWS has a new Route53 console, and some options are missing than old one. If you "Switch to old console" on the bottom left until it is available; there is a link "Manage keys" under "DNSSEC status" for your registered domain - the documentation was not updated for the new console.
I was able to add a DS record for my domain there.
Troubleshooting tools I used: linux command line tool "dig": e.g. dig example.com DS @8.8.8.8 https://dnsviz.net https://dnssec-analyzer.verisignlabs.com
関連するコンテンツ
- AWS公式更新しました 1年前
- AWS公式更新しました 1年前
- AWS公式更新しました 2年前
- AWS公式更新しました 6ヶ月前
It asks me to create KSK keys, but when I try to enable signing, I'm getting an error:
I can't spot anything related to adding the DS record Cloudflare asks for.