- Login to UltraDNS
- Click Domains
- Click on <domain.com>
- Confirm that the lock icon is closed on the tab DNSSEC
- On the Records tab, confirm this message displays :This zone is secured with DNSSEC. Any changes to the zone data below will be queued until the zone is re-signed. To publish the changes in DNS, navigate to the DNSSEC tab and re-sign the zone.
- Click on the Audit tab in the top ribbon
- Confirm that the most recent change to object <www.domain.com> is newer than the most recent Sign Request for <domain.com>
Root Cause
<domain.com> has not been re-signed since <www.domain.com> was added
Steps to Resolution
- Login to UltraDNS
- Click Domains
- Click on <domain.com>
- Click on the tab DNSSEC
- Click Re-Sign
Additional Information
It is preferred that you re-sign the zone instead of unsigning and signing. If you unsign the zone, any working records in the zone will stop working until you sign the zone again. The outage could potentially be longer than that depending on behavior by recursive DNS servers that encounter the problem in between unsign and sign.
If you simply re-sign, you avoid those further potential outages. After you perform the Re-Sign, our servers will update in 0 to 10 minutes.
On-the-fly zones do not to be re-signed by us because they are re-signed every time a DNS query comes in.