• Home
  • Archive
  • Tools
  • Contact Us

The Customize Windows

Technology Journal

  • Cloud Computing
  • Computer
  • Digital Photography
  • Windows 7
  • Archive
  • Cloud Computing
  • Virtualization
  • Computer and Internet
  • Digital Photography
  • Android
  • Sysadmin
  • Electronics
  • Big Data
  • Virtualization
  • Downloads
  • Web Development
  • Apple
  • Android
Advertisement
You are here: Home » How to Migrate Name Servers with DNSSEC Record

By Abhishek Ghosh October 4, 2021 6:58 pm Updated on October 4, 2021

How to Migrate Name Servers with DNSSEC Record

Advertisement

You may need to migrate your DNS hosting from one provider to another DNS provider for different reasons and when you have activated DNSSEC Record, then the job is slightly difficult but potential downtime can be avoided if the steps are done correctly. DNSSEC Record is great since no party can run a man-in-the-middle exploit.

As for real-life examples, we use Tucows/Hover as domain registrar for this website and Rage4 DNS as DNS provider. If we want to suddenly move our DNS hosting from Rage4 to DNSMadeEasy, then it is not easy. Because the DNSSEC is designed to stop this kind of “quick hijacking”. There are many reasons behind planning to move DNS hosting from one provider to another DNS provider, one of the dreaded is loss of access to the account. Loss of access to your DNS account may happen out of technical issues of the provider. For the above-given scenario, you can move your DNS provider with 24-48 hours downtime. But, you may completely avoid downtime if you start the process early and plan fully.

 

Step 1 : Check the Records and Backup All the DNS Records

 

If you have a backup of all the DNS records then it will be easy to migrate. Create an account at your planned DNS hosting provider’s website. Copy-paste all the records except the DNSSEC record. Do not publish the records. You’ll not add any new DNSSEC record here, in the new account.

Advertisement

---

We can check the DNSSEC record of our domain using Dig :

Vim
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
dig ds thecustomizewindows.com
 
; <<>> DiG 9.10.3-P4-Ubuntu <<>> ds thecustomizewindows.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50775
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1
 
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;thecustomizewindows.com.       IN      DS
 
;; ANSWER SECTION:
thecustomizewindows.com. 86400  IN      DS      45657 10 1 0B42DF107AFF729E6520DAE85CAFB712C0FA3A21
thecustomizewindows.com. 86400  IN      DS      45657 10 2 4ECEF3F41FE0A18EE5FC018EF5DE79587C243215463011D8A7BEBEAC 5CF84FFD
thecustomizewindows.com. 86400  IN      DS      45657 10 4 B8AF03E972B7DE22D610DC40FAF0228DEA131B83CF224E797FB47661 831BEA3034EC3CDD0290DFAE30FF24B03E13B718
 
;; Query time: 87 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Sun Oct 03 22:32:46 IST 2021
;; MSG SIZE  rcvd: 200

And also by using this excellent DNSSEC analysis tool by Verisign.

How to Migrate Name Servers with DNSSEC Record

 

Step 2 : Delete the DNSSEC Record from Domain Registrar

 

Login to the website of your domain registrar, for example, Tucows/Hover in our case. Any standard registrar will have this kind of help page for their DNSSEC service:

Vim
1
https://help.hover.com/hc/en-us/articles/217281647-DNSSEC-services

Take a screenshot and proceed to delete the records. This process will erase the declaration of authority from the domain registrar. After 24 hours, check the DNSSEC record using Verisign’s tool and Dig. You have to wait till the whole internet forgets the declaration from the domain registrar’s side.

 

Step 3 : Delete the DNSSEC Record from Old DNS Host

 

You have kept the new account of the DNS host ready. You need to delete the DNSSEC record associated with the record in the (old) DNS host’s list at least 24 hours before publishing the records from the new account. Now, in case you have lost access, at least for the paid DNS services, no-host will forever host your records for free. If the host can not return your account, they will help to erase the records. At that moment you have to change the nameservers from the domain registrar and publish the new set of DNS records from a new account.

 

Conclusion

 

By early turning off the DNSSEC record at the registrar’s website, you are breaking the “trust chain”. Within 48 hours, the DNSSEC record created at DNS host losing its merit. You should re-enable DNSSEC after a week or so when you are sure that the migration has been completed.

This Article Has Been Shared 573 Times!

Facebook Twitter Pinterest

Abhishek Ghosh

About Abhishek Ghosh

Abhishek Ghosh is a Businessman, Surgeon, Author and Blogger. You can keep touch with him on Twitter - @AbhishekCTRL.

Here’s what we’ve got for you which might like :

Articles Related to How to Migrate Name Servers with DNSSEC Record

  • Steps To Install Nginx Plus on Ubuntu Server (HP Cloud)

    Here Are the Steps To Install Nginx Plus on Ubuntu Server Running on HP Cloud. Nginx Plus is the Paid Version of Nginx with Extra Features.

  • How to Automatically Redirect Subdirectory to Domain (Apache 2.4)

    Here is How to Automatically Redirect Subdirectory to Domain With Apache 2.4 So That Wildcard Pattern Will Not Need Manual Configuration.

  • MongoDB versus MySQL

    MySQL is the most popular relational database which is free to use. Typically, MongoDB is for different type of applications to meet today’s need.

  • Install/Renew SSL Cert on Apache (2020 Cipher Suites)

    Those who are following us since many years know that we publish the updated server guides enough for a newbie to build and run a professional-grade quality. Renew and getting a new (paid) SSL certificate has little difference except – you may use the old CSR, Private Key and the intermediate certificate. Reusing the old […]

  • How to Configure Apache PageSpeed Admin Pages

    In our earlier guides, we have shown how to install Apache PageSpeed on Ubuntu/Debian server. Configuring the admin pages is not still easy because of lack of proper documentation. In case of a Debian/Ubuntu server, the default path of the cofigaration file for Apache PageSpeed is located at /etc/apache2/mods-available/. Login to your server as root […]

Additionally, performing a search on this website can help you. Also, we have YouTube Videos.

Take The Conversation Further ...

We'd love to know your thoughts on this article.
Meet the Author over on Twitter to join the conversation right now!

If you want to Advertise on our Article or want a Sponsored Article, you are invited to Contact us.

Contact Us

Subscribe To Our Free Newsletter

Get new posts by email:

Please Confirm the Subscription When Approval Email Will Arrive in Your Email Inbox as Second Step.

Search this website…

 

Popular Articles

Our Homepage is best place to find popular articles!

Here Are Some Good to Read Articles :

  • Cloud Computing Service Models
  • What is Cloud Computing?
  • Cloud Computing and Social Networks in Mobile Space
  • ARM Processor Architecture
  • What Camera Mode to Choose
  • Indispensable MySQL queries for custom fields in WordPress
  • Windows 7 Speech Recognition Scripting Related Tutorials

Social Networks

  • Pinterest (24.3K Followers)
  • Twitter (5.8k Followers)
  • Facebook (5.7k Followers)
  • LinkedIn (3.7k Followers)
  • YouTube (1.3k Followers)
  • GitHub (Repository)
  • GitHub (Gists)
Looking to publish sponsored article on our website?

Contact us

Recent Posts

  • Is it Good to Run Apache Web server and MySQL Database on Separate Cloud Servers? March 27, 2023
  • Advantages of Cloud Server Over Dedicated Server for Hosting WordPress March 26, 2023
  • Get Audiophile-Grade Music on Your Smartphone March 25, 2023
  • Simple Windows Security and Privacy Checklist for 2023 March 24, 2023
  • 7 Best Artificial Intelligence (AI) Software March 24, 2023

About This Article

Cite this article as: Abhishek Ghosh, "How to Migrate Name Servers with DNSSEC Record," in The Customize Windows, October 4, 2021, March 28, 2023, https://thecustomizewindows.com/2021/10/how-to-migrate-name-servers-with-dnssec-record/.

Source:The Customize Windows, JiMA.in

PC users can consult Corrine Chorney for Security.

Want to know more about us? Read Notability and Mentions & Our Setup.

Copyright © 2023 - The Customize Windows | dESIGNed by The Customize Windows

Copyright  · Privacy Policy  · Advertising Policy  · Terms of Service  · Refund Policy

We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
Do not sell my personal information.
Cookie SettingsAccept
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT