Disabling DNSSEC on a Zone
Disable DNS security extensions (DNSSEC) on a public zone.
To avoid service disruptions, follow these steps in the order presented to disable DNSSEC.
- Remove DS records for the zone from all child zone delegation subdomains. See Changing DNS Zone Records for information about updating OCI zone records.
- Remove the DS record from the parent zone.
- Wait until the TTL (time to live) for the removed parent zone DS record expires.
- Either delete the zone or disable DNSSEC on the zone.
- Open the navigation menu and select Networking. Under DNS management, select Zones.
- Select the zone name in the list to open its Details page.
- In Zone information, under DNSSEC, select Edit.
- Select the DNSSEC switch to Disabled.
- Select Save changes.
Use the zone update command and required parameters to update the zone. To disable DNSSEC, specify the
dnssec-stateasDISABLED.:oci dns zone update --zone-name-or-id zone_name or zone_OCID --dnssec-state DISABLED ... [OPTIONS]For a complete list of flags and variable options for CLI commands, see the CLI Command Reference.
Run the UpdateZone operation to update the zone. To disable DNSSEC, specify the
dnssecStateasDISABLED.