Answer-first summary for fast verification
Answer: Disable DNSSEC at your domain registrar.
When DNSSEC is enabled, a DS record is created in Cloud DNS and must be uploaded to the domain registrar. Disabling DNSSEC in Cloud DNS alone does not remove the DS record from the registrar. If the DS record remains at the registrar, DNSSEC-validating resolvers will still expect DNSSEC-signed responses, leading to resolution failures. Therefore, the correct action is to disable DNSSEC at the domain registrar (option C) to remove the DS record association there. Other options (A, B, D) are unrelated to the registrar's DS record configuration.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
You have disabled DNSSEC for a Cloud DNS-managed zone by removing the DS records from your zone file, waiting for cache expiration, and turning off DNSSEC for the zone. However, DNSSEC-validating resolvers are still unable to resolve names in your zone. What should you do next?
A
Update the TTL for the zone.
B
Set the zone to the TRANSFER state.
C
Disable DNSSEC at your domain registrar.
D
Transfer ownership of the domain to a new registrar.
No comments yet.