DNSSEC issues during transfer

DNSSEC (Domain Name System Security Extensions) is a security protocol that adds an extra layer of protection to domain names, preventing various malicious activities such as DNS spoofing and cache poisoning. However, Enabling DNSSEC during a domain transfer to another registrar can lead to unexpected complications that might hinder the successful completion of the transfer:

We recommend disabling DNSSEC before transferring your domain to SiteHost

A few issues

  1. Verification Delays: Enabling DNSSEC involves creating cryptographic keys and signatures. These need to be verified by both the current and the receiving registrar. This verification process can lead to delays in transferring the domain, as the registrars need to coordinate and ensure that the cryptographic keys are accurately synchronized.

  2. Synchronization Challenges: DNSSEC keys must be in sync between the losing and gaining registrars. Any discrepancy or mismatch between the keys can prevent the domain from resolving correctly after the transfer. Ensuring synchronization can be a technically intricate process that requires careful coordination and attention to detail.

  3. Risk of Downtime: Enabling DNSSEC during a transfer can lead to a temporary period of downtime for the domain. This is because DNS records need to be updated and propagated across the global DNS system, which can take time. During this propagation, the domain might not be reachable, affecting its online presence.

  4. Lack of Standardization: DNSSEC implementation and practices can vary between registrars. Some registrars might have different approaches to managing DNSSEC keys and records, which can cause interoperability issues during the transfer process.

Given these potential challenges, we recommend disabling DNSSEC before a domain transfer. Due to the implementation requirements of DNSSEC, and the potential impacts it can have on customers outside of those that need to utilize it, we've decided not to implement it at SiteHost.