is not resolvable with a resolver that validates DNSSEC

Hey guys, I have this following error message: is not resolvable with a resolver that validates DNSSEC

I already contacted my domain registrar GoDaddy and they removed the DNSSEC stuff from the domain 24 hours ago. How long should I wait and will it work? Or GoDaddy’s Support told me I should ask you that you can check on your end why it doesn’t work and if GoDaddy has to do anything else to the Domain?

DNSSEC is still active on the domain according to .ch whois. It appears the name servers are currently set to those of Netlify. You’ll need to configure the default GoDaddy name servers in order to disable DNSSEC. Once it is disabled you can then add the name to Netlify DNS.

As Netlify doesn’t support DNSSEC at any level unfortunately (see feature request opened in 2019 and this topic) the other option is to use external DNS configuration so you can continue to use DNSSEC.

Hey, thank you so much already!

So, a GoDaddy Support guy did that for me on sunday 12 pm GTM +1. We set the nameservers to GoDaddy Default and he removed DNSSEC and told me I can check the name servers back to the netlify servers in one hour, which I did then. This is now almost 48 hours ago. Do I have to do that again and wait until the DNSSEC is removed before changing the name servers back to netlify or can it still happen now within 72 hours?

Yes. Until DNSSEC is disabled you cannot make any changes.

pefect thank you so much!

And you said in the whois check I can see if it is enabled? Where would I find that?

I provided the link for the whois above.

the guy from godaddy writes me that…

Everything appears broken. There are no name servers that I can see. Using DNSViz I can see DNSSEC and there are errors and warnings.

There is also mention of multi Netlify name server configurations:

  • dns?; and
  • dns?

One of these is possibly correct, or neither.

If you haven’t, set the name servers for back to the GoDaddy default and remove the domain from Netlify DNS (on your team’s Domains page). When you can reliably determine that DNSSEC is disabled start the process of delegating the domain to Netlify again.

Alternatively (as I previously mentioned) leave the domain configured with GoDaddy’s name servers and use external DNS configuration to use the domain on Netlify as this option does not require changing name servers and enables the use of DNSSEC.

Output from DNSViz below or follow the link above to check yourself

So now the site is live but has no certificate. How can I fix that?

It first shows that it works but then when clicking on provision it gives the above error. works with SSL.

The www subdomain doesn’t work as you haven’t configured the appropriate DNS record

1 Like

But would do I have to do? in GoDaddy I can only change the DNS for

@pascalmorgenthaler, this now appears to be resolved.