Problems with site resolution Issues with DNSSEC enabled are more common than you might think. If your website suddenly stops loading after you turn on DNSSEC, it usually means your DNS records are not matching properly between your domain registrar and hosting provider.
DNSSEC is designed to make your website’s DNS data more secure. However, if it isn’t configured correctly, it can prevent some users or even all users from accessing your site.
In this article, we’ll explain why this happens, how to check whether DNSSEC is the cause, and how you can easily fix or disable it through your hosting control panel or cPanel.
Why enabling DNSSEC might make your site unresolvable
When you enable DNSSEC, your domain uses additional digital signatures to verify that DNS information is authentic. This helps protect your site against attacks such as DNS spoofing.
However, if the configuration between your domain registrar and hosting provider’s nameservers isn’t identical, DNSSEC validation fails. In other words, DNS resolvers the systems that connect visitors to your site can’t validate your DNS records and therefore block access instead of showing outdated information.
As a result, your website might not load for some users or networks, displaying errors such as:
- Unable to find the IP address of the server
- DNS address not found
- This site can’t be reached
How to Check if DNSSEC is Causing the Problem
Follow these steps to confirm whether DNSSEC is preventing your site from resolving:
- Check DNSSEC status at your domain registrar
- Log in to your domain control panel and look for DNSSEC settings.
- If it shows “Enabled,” make a note of it.
- Check your domain with an online DNS checker
- Use a free tool like DNSViz or Google Dig Tool and enter your domain name.
- If DNSSEC validation errors appear, your setup is likely incomplete.
- Check nameservers in your hosting panel or cPanel
- Make sure the nameservers listed in your hosting account match the ones configured at your registrar.
If your domain’s DNSSEC is enabled but your hosting provider doesn’t support DNSSEC, or the records don’t match, your site will fail to resolve properly.
How to Disable or Fix DNSSEC via Your Hosting or cPanel
If DNSSEC is the culprit, then you have two options: fix it or disable it.
Option 1: Fix DNSSEC Settings
If you prefer to keep DNSSEC enabled for better security:
- Contact your hosting provider’s support (e.g., bodhost) and ask whether their nameservers support DNSSEC.
- If they do, request the correct DNSKEY or DS record values.
- Log in to your domain registrar control panel and update the records exactly as provided.
- Wait for DNS propagation; it may take up to 24 hours.
- Recheck your site using DNSViz or by visiting your domain in a browser.
Option 2: Disable DNSSEC (Quickest Fix)
If your host doesn’t support DNSSEC or you need your site back online quickly:
- Sign in to your domain registrar account.
- Go to DNSSEC settings and click Disable or Remove DS Records.
- Wait a few hours (up to 24 hours) for the changes to propagate.
- Clear your browser and DNS cache, then test the website again.
Once DNSSEC is disabled, your domain should resolve normally for all users.
Conclusion
While DNSSEC enhances DNS security, incorrect configuration can lead to serious site resolution issues. The good news is that these problems can be easily fixed, or DNSSEC can be temporarily disabled; through your hosting control panel or cPanel.
At bodhost, we recommend enabling DNSSEC only when both your DNS and hosting environments fully support it. If you’re unsure or your website still isn’t resolved, our support team is available 24/7 to help you restore your website quickly and securely.
Learn more about: How to configure DNS: Everything you need to know