Disabling DNSSEC on a Zone
Disable DNS security extensions (DNSSEC) on a public zone.
To avoid service disruptions, follow these steps in the order presented to disable DNSSEC.
- Remove DS records for the zone from all child zone delegation subdomains. See Changing DNS Zone Records for information about updating OCI zone records.
- Remove the DS record from the parent zone.
- Wait until the TTL (time to live) for the removed parent zone DS record expires.
- Either delete the zone or disable DNSSEC on the zone.
- Open the navigation menu and click Networking. Under DNS management, click Zones.
- Click the zone name in the list to open its Details page.
- In Zone information, under DNSSEC, click Edit.
- Click the DNSSEC switch to Disabled.
- Click Save changes.
Use the zone update command and required parameters to update the zone. To disable DNSSEC, specify the
dnssec-state
asDISABLED
.:oci dns zone update --zone-name-or-id zone_name or zone_OCID --dnssec-state DISABLED ... [OPTIONS]
For a complete list of flags and variable options for CLI commands, see the CLI Command Reference.
Run the UpdateZone operation to update the zone. To disable DNSSEC, specify the
dnssecState
asDISABLED
.