What can I do if my registrar or registry doesn't support DNSSEC?

In order for you to enable DNSSEC, both your registrar and registry (TLD) need to support DNSSEC with Cloudflare's preferred cipher choice, algorithm 13.

Although DNSSEC support is required by ICANN and algorithm 13 has been standardized for years, still some registrars and registries do not support it.

If your registrar does not support DNSSEC or DNSSEC with algorithm 13, you have a few options:

1.You can tweet or email your registrar and let them know it's time for them to support DNSSEC with modern encryption. Many registrars are waiting to add support until they see demand, so by reaching out, you are helping show them there is a need for DNSSEC with algorithm 13.

2. You can transfer your domain to a different registrar that does support DNSSEC with algorithm 13. We keep a short list here.

3. If you've exhausted all other options, you can also file a complaint with ICANN for your registrar's lack of compliance with ICANN policy here:
https://forms.icann.org/en/resources/compliance/complaints/registrars/standards-complaint-form

ICANN requires registrars to support DNSSEC with all available DS algorithm types. (See the ICANN Registrar Agreement for more information).

If your TLD does not support DNSSEC or DNSSEC for algorithm 13, you can do option 1 above. You can find the contact information for your registry here: https://www.iana.org/domains/root/db

Still not finding what you need?

The CloudFlare team is here to help. 95% of questions can be answered using the search tool, but if you can’t find what you need, submit a support request.

Powered by Zendesk