DNS verification fails for custom domain (also using NetlifyDNS)

I already have 1 site with a custom domain working using another DNS provider. I tried the same setup with another site (www.butterflyrecruits.com), however, when attempting to add a certificate for HTTPS I got the error message DNS verification failed. www.butterflyrecruits.com doesn’t appear to be served by Netlify.
I had read through the troubleshooting guide. Executing curl -s -v http://butterflyrecruits.com 2>&1 | grep Server (and it’s www. domain) confirms that the site is hosted by Netlify. After attempting many different things, and contacting my DNS provider, they refreshed their DNS settings for the domain. Still no luck.

I now switched over to NetlifyDNS, hoping the issue was the DNS provider. Unfortunately, I am still not able to add an HTTPS certificate. I still get the error DNS verification failed. www.butterflyrecruits.com doesn’t appear to be served by Netlify. I have waited 2 days since moving to NetlifyDNS, so propagation times should not be an issue.

I have read a lot of troubleshooting guides while attempting to solve the issues with my old DNS provider. I was hoping NetlifyDNS would ‘automatically’ work. I’m hoping someone can help. Thank you.

Netlify site: butterflyrecruits-prod.netlify.app
Custom Domain butterflyrecruits.com

@ehoehmann Try turning off DNSSEC.

@gregraven thank you. I can’t find the setting for this. I will contact the registrar for assistance to turn it off. I will comment on this post, once it succeeded or if the issue still persists then.

There might be other issue but Netlify DNS does not support DNSSEC. DNSSEC is enabled for the domain so this is causing issues. There could be other issues but the DNSSEC issue should definitely be addressed first.

I have asked the owner of the domain to contact the registrar to help him disable DNSSEC. Still waiting for a response. I will give an update once that is complete.

DNSSEC was disabled and the site now functions as expected. Thank you for your help tracking down this issue with DNSSEC.