DNSSEC config error


I have multiple domains on my box, and I have configured DNSSEC for all that support it, except for one domain, my only .be domain. I am 100% sure the config is correct and have tried deleting and re-entering the record, trying to use the bulk record format etc. But I still get the following error message:

This domain’s DNSSEC DS record is incorrect. The chain of trust is broken between the public DNS system and this machine’s DNS server. It may take several hours for public DNS to update after a change. If you did not recently make a change, you must resolve this immediately by following the instructions provided by your domain name registrar and provide to them this information…

Anyone have any ideas as to a possible fix?



How long ago did you make the change? DNSSEC is one thing that does not always update instantly.


I’ve been trying to configure it over the past 5 days or so. It’s usually being left more than 24hrs between changes. Still no luck.


If you’d be willing to provide the .be domain name in PM I could test some things.

Also if you could provide one or more of the domain names that work to establish a base line.


Thanks alento!

The domain i’m having trouble with is jensz.be

Domains I already have DNSSEC working on include jensz.me, jensz.pw, achlys.ch


And to confirm, it is still showing the same error on the status page?


Yep I still get the error.


One of the tools I would like to check with is down for maintenance until next week. :frowning:

The other tools that I have checked with all show that DNSSEC is enabled and functioning properly.
I am not exactly sure where to go to from here …




I’m still seeing the error on the status page, but if other tools are saying that it’s configured correctly I guess i’ll just leave it as is and ignore the error. Thanks for all your help guys!