I can’t believe wordpress.com registrar doesn’t fully support DNSSEC in 2025
-
Hi,
I recently transferred a domain to wordpress.com’s registrar, only to discover that it does not support DNSSEC when using custom name servers, since there’s no way to add a DS record. How is this even reasonable?
This effectively means that Cloudflare, Akamai and any other CDN are not fully compatible with wordpress.com domains. In an era where security and authenticity are critical, lacking DNSSEC support is unacceptable.
Had I known this limitation beforehand, I would never have transferred my domain. Now it looks like my only option is to transfer out ASAP.
Is WP registrar really this behind on security standards?
-
DNSSEC isn’t really a security standard. Only a minority of the domain registrars and hosting providers support DNSSEC in 2024.
And yes, cloudflare cdn is compatible with wordpress but you really don’t need it as wordpress.com has its own cdn – https://wordpress.com/support/cloudflare-cdn/
-
Hi,
Thank you for reaching out to us about your concerns regarding DNSSEC support on WordPress.com. We understand the importance of security and appreciate your feedback.
DNSSEC is supported for domains registered on WordPress.com, but only when using WordPress.com’s name servers. This is because we manage the DNSSEC settings internally, ensuring that your domain’s DNS records are authenticated and secure.
However, when using custom name servers (e.g., with CDNs like Cloudflare or Akamai), we cannot add DS records, which are necessary for DNSSEC validation. This limitation is due to the technical constraints of managing DNSSEC across different name servers.If you need to use a CDN, you might consider using A records instead of custom name servers. This approach allows you to connect your domain to services like Cloudflare without disabling DNSSEC, as it doesn’t require changing your name servers.
As you recently transferred your domain to WordPress.com, please note that there is a regulatory transfer lock in place until 2025-05-14. This lock is a standard regulation enforced by all registrars to prevent unauthorized domain transfers. Once this lock expires, you will be able to transfer your domain to another registrar if needed: https://wordpress.com/support/domains/transfer-domain-registration/
In the meantime, using A records instead of custom name servers can help you maintain DNSSEC while still utilizing services like Cloudflare.If you have any further questions or need assistance with configuring DNS settings, please don’t hesitate to reach out. We’re here to help.
- The topic ‘I can’t believe wordpress.com registrar doesn’t fully support DNSSEC in 2025’ is closed to new replies.
WordPress.com Forums 