DNSSEC Policy

Why DNSSEC Is Disabled In The Panel

Our DNS stack works in tandem with Cloudflare and already covers the integrity and anti-spoofing protections DNSSEC is meant to provide. An extra DNSSEC layer often backfires: it complicates migrations, delays propagation, and triggers errors when DS records or keys get out of sync.

info

DNSSEC in the Web Control Panel is intentionally disabled and not available. We removed the toggle to prevent migration issues and NS switches from failing.

Key Points

Our edge plus Cloudflare already enforce response integrity and protect the zone.
DNSSEC introduces risk during domain moves and NS changes: DS/key mismatches, NXDOMAIN/SSL errors, and slow rollback.
For smooth cutovers, we keep NS changes lean and avoid extra points of failure.

If You Are Migrating To Us

Before you switch

Disable DNSSEC at your current registrar or DNS provider.
Remove DS records at the registrar and wait for them to clear from the zone.
Ensure NS records point only to WebHostMost/Cloudflare, with no legacy DNSSEC keys left.

After you switch

Check that the zone answers from the new NS without DNSSEC/DS-mismatch errors.
Do not re-enable DNSSEC: our Cloudflare integration already provides the needed protection.
If third-party checkers still show DNSSEC errors, wait out cache TTLs or clear DNS caches.

Why This Stays Secure

Removing DNSSEC removes a failure point during NS changes and speeds up propagation.
Cloudflare provides anti-spoofing and DDoS protection without manual key management.
The panel stays simpler: fewer manual steps and a lower chance of configuration mistakes.

Need Help Disabling Existing DNSSEC?

Check current DS records at the registrar and delete them before changing NS.
Reach out to our support team, if errors persist after disabling DNSSEC - we will help clear caches and validate your zone.

Why DNSSEC Is Disabled In The Panel​

Key Points​

If You Are Migrating To Us​