Pre-requirements
- Access to your domain registrar to remove or disable DS (Delegation Signer) records.
- Administrator access to cPanel and the Zone Editor feature.
- Understanding of DNS propagation times (24-72 hours).
Important Warning Before Deleting a DNSSEC Key
Before deleting the DNSSEC key in cPanel, you must first remove or disable the DS record from your domain registrar. Failure to do so may cause DNS resolution issues for your domain.
- After removing the DS record, wait 24-72 hours for the changes to fully propagate across the internet.
- Once the propagation is complete, proceed with deleting the DNSSEC key from cPanel.
Steps to Delete a DNSSEC Key in cPanel
- Log in to your cPanel account.
- Scroll down to the Domains section and click Zone Editor.
- In the Zone Editor interface, locate the domain with the DNSSEC key you wish to delete and click the DNSSEC button next to it.
- Locate the DNSSEC key that you want to delete, and click Delete next to it.
- Confirm the deletion by clicking Continue to permanently remove the DNSSEC key.
Gotchas to Avoid
- Always remove the DS record from your domain registrar before deleting the DNSSEC key in cPanel, or your domain may experience resolution failures.
- Wait for full DNS propagation (24-72 hours) before deleting the key to ensure smooth removal and avoid potential downtime.
- Ensure that you are deleting the correct key, as deleting the wrong key could break the DNSSEC chain of trust.
Linux Commands for DNSSEC Validation
dig +dnssec example.comAfter deleting the DNSSEC key, use this command to verify that the DNSSEC key is no longer active and that the DS records have been removed.
