Need some help understanding DNSSEC on MIAB

Hi all,

I have just set up a new MIAB and currently migrate over to it. I have now 8 domains configured and all is looking great so far. The status page is all green for my system, which normally should be a good sign, but for 3 domains I would have expected some DNSSEC problems. The lack of errors is highly suspicious for my understanding.
Please note that I do not really know how DNSSEC works, so this might be totally my lack of understanding.

So, what happened is the following:
I have set up all domains at my registrar using external nameservers (MIAB and - because of .de-domains) and with DNSSEC configured. The status page went all green for the domains and DNSSEC checkers report proper DNSSEC for them.
Then, I have transferred 3 of the domains to a new registrar without disabling DNSSEC first. I thought this would take some time and confirmation first, but the domains got moved to the new registrar immediately. They are connected fine and also using external nameservers just like before. All looks good…

HOWEVER, I have not yet set up DNSSEC with this new registrar at this point. The DNSSEC section at the new registrar is currently empty for those transferred domains. My expectation was that the DNSSEC checks on the status page would fail now - but they are still green?! Also, external DNSSEC checkers still think those domains have correct DNSSEC configured.

Now, I am confused and questions start to come up…

  • Why are those domains still marked as correctly configured with DNSSEC?
  • Is the former registrar still keeping DNSSEC values somewhere in DNS?
  • Since the status page shows everything green, how can I access all those DNSSEC options displayed during setting up the box? I would like to configure DNSSEC with my new registrar and need all the proper values for DNSKEY and DS.
  • Is there a way to reset the DNSSEC configuration on MIAB and do it again?

Any insight on the topic would be appreciated. I am also taking pointers to proper DNSSEC documentation explaining my situation.


No answer here for all your questions, but some online tools that might provide inside are:

Thanks @KiekerJan for reading.

I knew DNSViz already and used it on some of my domains. It showed several issues with the transferred domains, which led me to believe something is going on and MIAB actually is not seeing the same situation.

I started the process to re-activate the DNS from my registrar and move everything from MIAB DNS to them. During that process there were a couple of issues which also caused DENIC to refuse to connect my domains. I got my registrar to issue new DNSSEC entries from their side and I am waiting for everything to propagate now.
I will let it sit for the weekend and see how it behaves on monday

Have a great weekend


This topic was automatically closed 40 days after the last reply. New replies are no longer allowed.