Solved: DNS propagation issue due to incorrect dnssec for ...

fdfahueo313 · 02-28-2024 07:05 PM

I have registered a cloud domain with google but since the beginning it had a problem with global propagation. Domain can be accessed only from some areas. I deduced that a possible reason for this is a problem with dnssec. I have never set any DS records so I'm not sure why there's an issue with it. I have tried disabling/enabling DNSSEC in Cloud Dns zone for my domain but it didn't change anything. Where can I report this issue? Officially domain registrar is not Google but Squarespace, yet when I log in to Squarespace I don't see my domain and there's no way to add it. In Google Cloud Dns I also don't have any way to clear dnssec records which seem already absent. I don't care if DNSSEC is on or off, my main concern is to make the domain resolve correctly.

AI

Hey @fdfahueo313

Thanks for sharing the current configuration. Below I will try to explain how I would go about fixing this, assuming that you probably do no want to use DNSSec. Since your original configuration was with Cloud DNS as your DNS provider and it is a recommended setup, lets try configuring that again.

Go to your Cloud DNS zone (should you not have it anymore please re-create it). Click on the 'REGISTRAR SETUP' in the top right corner. Note the name servers responsible for your zone.

Under the Cloud Domains, change the DNS provider back to Cloud DNS and choose the zone.

Go to Google Domains and into the DNS configuration for your domain. Click on 'Custom name servers' near the top of the screen, click on manage name servers and populate name server with what you gathered in the last step (make sure only those four server from "Registrar setup" are configured here and nothing else), then click save. Make sure that DNSSec below is also disabled. If the notification at the top of the screen is yellow-ish and says 'your domain isn't using these settings', click on 'Switch to these settings', otherwise you should be done. After the changes propagate, you should be able to resolve records in Cloud DNS zone.

Alternatively, if you want to use Google Domains (which you probably don't) and choose to keep Google Domains as your DNS provider, you can try to just go to Google Domains and under the DNS configuration and Default name server create dns records under 'Custom records', similar to the one you have in Cloud DNS.

If that doesn't help, please share more of your configs - the content of your 'Registrar setup' in Cloud DNS, your 'default name server' configuration and 'custom name servers' configuration including which one is active in Google Domains and whatever else you think is relevant.

View solution in original post

Marvin_Lucero

Hi @fdfahueo313 ,

Your domain is now owned by Squarespace, as per checking and using this DIG tool. As per article, your domain will be managed using Squarespace, so I recommend contacting and reaching out to Squarespace support for this matters.

AI

Hi @fdfahueo313

let me know if you managed to solve this or if you still need help with this, I might have a thought or two about what could be wrong.

fdfahueo313

Hi Al,
Thanks for reaching out. The issue is still unresolved. I've tried enabling and disabling DNSSEC but that did not help. This week I also tried changing DNS details in Cloud Domains from "Use Cloud DNS" to "Use Google domains" and disabling DNSSEC there but the domain is still inaccessible.

I reached out to Squarespace and here's the response I've got:
"It looks like your domain is still with Google Domains and not with Squarespace yet."

Current domain settings:

AI

Hey @fdfahueo313

Thanks for sharing the current configuration. Below I will try to explain how I would go about fixing this, assuming that you probably do no want to use DNSSec. Since your original configuration was with Cloud DNS as your DNS provider and it is a recommended setup, lets try configuring that again.

Go to your Cloud DNS zone (should you not have it anymore please re-create it). Click on the 'REGISTRAR SETUP' in the top right corner. Note the name servers responsible for your zone.

Under the Cloud Domains, change the DNS provider back to Cloud DNS and choose the zone.

Go to Google Domains and into the DNS configuration for your domain. Click on 'Custom name servers' near the top of the screen, click on manage name servers and populate name server with what you gathered in the last step (make sure only those four server from "Registrar setup" are configured here and nothing else), then click save. Make sure that DNSSec below is also disabled. If the notification at the top of the screen is yellow-ish and says 'your domain isn't using these settings', click on 'Switch to these settings', otherwise you should be done. After the changes propagate, you should be able to resolve records in Cloud DNS zone.

Alternatively, if you want to use Google Domains (which you probably don't) and choose to keep Google Domains as your DNS provider, you can try to just go to Google Domains and under the DNS configuration and Default name server create dns records under 'Custom records', similar to the one you have in Cloud DNS.

If that doesn't help, please share more of your configs - the content of your 'Registrar setup' in Cloud DNS, your 'default name server' configuration and 'custom name servers' configuration including which one is active in Google Domains and whatever else you think is relevant.

fdfahueo313

Manually setting nameservers did the job! Even though they seemed to be the same. The dns started working very quickly and missing ssl certificate provisioned shortly after. Do you think I should now reset dns provider back to "Cloud DNS"?

AI

You totally can. You'd just have make sure that the authoritative name servers for that zone in Cloud DNS are the same as what is configured under the custom name servers in Google Domains (and that the custom name server tab is "active").

DNS propagation issue due to incorrect dnssec for cloud domain?