Forum Discussion

Cirrostratus

Nov 10, 2023

DNSSEC in CNAME records

Hi,

Has anyone experienced having issues with CNAME records when DNSSEC is enabled?

I have this situation where one CNAME got a problem after enabling DNSSEC. Then after removing the DNSSEC configuration and DS records on the parent domain, the DNS resolution works after the propagation time of 8-10 mins.

application delivery

security

1 Reply

whisperer
MVP
Nov 10, 2023
Can you provide an example? We're both the A record and CNAME record in the same zone? Where you able to query and validate the DNSSEC sig for the A record? What was the issue with the CNAME lookup?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

DNSSEC in CNAME records

1 Reply

Security Best Practices for F5 Products

F5 AppWorld 2026 Registration - early bird pricing.

Kostas Injeyan - October 2025 Featured Member

Recent Discussions

F5 iRule for X-Country-Code not working as expected

"A valid service contract is required" after upgrade to 17.5.1.3

Search for pools with no members

SAML - LTM in front of SP

/mgmt/toc - not possible to launch rest api rest browser

Related Content

Enabling DNSSEC for 1 record only

Configuring BIG-IP for Zone Transfer and DNSSEC

Create CNAME Resource Record in Zone Runner

The BIG-IP GTM: Configuring DNSSEC

Lightboard Lessons: DNSSEC

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS