I have just set up a new MIAB and currently migrate over to it. I have now 8 domains configured and all is looking great so far. The status page is all green for my system, which normally should be a good sign, but for 3 domains I would have expected some DNSSEC problems. The lack of errors is highly suspicious for my understanding.
Please note that I do not really know how DNSSEC works, so this might be totally my lack of understanding.
So, what happened is the following:
I have set up all domains at my registrar using external nameservers (MIAB and puck.nether.net - because of .de-domains) and with DNSSEC configured. The status page went all green for the domains and DNSSEC checkers report proper DNSSEC for them.
Then, I have transferred 3 of the domains to a new registrar without disabling DNSSEC first. I thought this would take some time and confirmation first, but the domains got moved to the new registrar immediately. They are connected fine and also using external nameservers just like before. All looks good…
HOWEVER, I have not yet set up DNSSEC with this new registrar at this point. The DNSSEC section at the new registrar is currently empty for those transferred domains. My expectation was that the DNSSEC checks on the status page would fail now - but they are still green?! Also, external DNSSEC checkers still think those domains have correct DNSSEC configured.
Now, I am confused and questions start to come up…
- Why are those domains still marked as correctly configured with DNSSEC?
- Is the former registrar still keeping DNSSEC values somewhere in DNS?
- Since the status page shows everything green, how can I access all those DNSSEC options displayed during setting up the box? I would like to configure DNSSEC with my new registrar and need all the proper values for DNSKEY and DS.
- Is there a way to reset the DNSSEC configuration on MIAB and do it again?
Any insight on the topic would be appreciated. I am also taking pointers to proper DNSSEC documentation explaining my situation.