Unable to use Netlify DNS on a OVH domain

Hi

I bought the digi-stud.io domain last week on OVH. I wanted to switch to Netlify DNS in order to benefit Netlify CDN.

I removed original NS record and added the 4 NS records (nsone) provided by Netlify.

However, Netlify does not seems to handle properly the domain :slight_smile:

I contacted support, who told me to disabble DNSSEC on OVH. I did so but still the same situation.

Any help? I could switch back to OVH DNS but I would like to understant what I missed first.

Note : I did wait more than 48hr

Thanks

Hi @valerian

The domain digi-stud.io has DNSSEC turned on.

$ whois digi-stud.io | grep DNSSEC
DNSSEC: signedDelegation

As per this documentation Netlify does not support domains with DNSSEC (there is a fetured request here; also see this thread.)

If you wish to use Netlify DNS you will need to turn off DNSSEC at the registrar. Alternatively, you can use external DNS and retain DNSSEC on your domain.

Hi coelmay

I did disable DNSSEC on the registar yesterday:
image

Any experience using Netlify DNS with OVH registar?

As per the information I previously shared, plus the digi-stud.io whois on nic.io and Zoho Toolkit, DNSSEC is still enabled.

I haven’t used OVH specifically. You may need to contact OVH support to find out why DNSSEC still shows as on in whois.

Thanks for your answer. I got an answer so quick both on support and forum, I am impressed !

1 Like

Hi, @valerian. I want to just follow-up to say I also agree with @coelmay’s assessment of the issue. Also, I still see DNSSEC enabled when I check this WHOIS data:

$ whois digi-stud.io | egrep '(DNSSEC|Registrar:)'
Registrar: OVH SAS
DNSSEC: signedDelegation

Did you fix your problem @valerian ?
I’m also using OVH and I transferred a bunch of domains to Netlify, I can have a look at my notes if your issue is still there.

Hi
OVH support was very slow response and does not seem to understant the issue.

DNSSEC appears disabled on OVH panel while WHOIS and other testing website says it is activated.

Today OVH told me the issue was related to SSL error and that I need to see the issue with Netlify. Any help would be appreciated if you have clues

For us to be able to fix the SSL error, DNSSEC would need to be disabled, which is not the case yet.

So, I successfully modified the DNS of a domain bought with OVH in favor of Netlify DNS, around a month ago.

The interface of OVH says today that the DNSSEC is activated (en français: “Délégation Sécurisée - DNSSEC” - Activé).

A whois on this domain reads DNSSEC: unsigned

I’m not familiar with DNSSEC, I don’t know if there is something to deduce, sorry.

OVH support keeps telling me the issue is DNS related (nsone) and not registar related.

I am also not very familiar with DNSSEC. Could I have a technical explanation for better understanding of the situation and answer OVH?

What I am planning to try is switch back to OVH DNS, try to disable again DNSSEC and switch back to netlify DNS… I have realy no other idea…

Do you remember somehow disabling DNSSEC?

I think this is possibly the right solution. If you attempted to disable DNSSEC after propagation of Netlify DNS records, it is possible the OVH system—seeing the domain was now delegated elsewhere—was unable to properly disable DNSSEC.

OK I just rolled back to OVH DNS. Waiting a bit now

I only got this in my notes:

« Netlify DNS doesn’t support DNSSEC. To use Netlify DNS, disable DNSSEC with your domain registrar or previous DNS host. You can use tools like DNSViz to figure out where DNSSEC is currently enabled.

Source : DNS & HTTPS troubleshooting tips | Netlify Docs

I’m not sure I did the move though.

I’ll move another domain from OVH to Netlify in the near future, I’ll keep you informed

I think switching back to OVH DNS solved the issue

vlebert@03028-66:~$ whois digi-stud.io | grep DNSSEC
DNSSEC: unsigned

I’ll wait 24hr for propagation and switch back to Netlify DNS, and hope everything will be fixed.

1 Like

Hi

Just a last update to close the topic. I think the issue is solved thanks to the last trick (switch back to OVH DNS, then switch to Netlify DNS).

I still have errors on this page:
https://dnsviz.net/d/www.digi-stud.io/dnssec/

But I think it is only due to the fact DNSSEC in disabled right?

THanks for your help.

1 Like

Hi, @valerian. I do think the dnsviz.net errors are only because DNSSEC is disabled. I also see the Netlify DNS working now and the DNSSEC is no longer enabled:

$ whois digi-stud.io | grep DNSSEC
DNSSEC: unsigned

Thank you for taking the time to return here and sharing your solution.