Transferring in your domain lets you manage registration, renewal, DNS, and product connections (email, sites, client portals) all in one place. Before you can successfully transfer, you must disable DNSSEC (Domain Name System Security Extensions) at your current registrar. Skipping this step is one of the most common reasons domain transfers fail or get delayed.

This article walks you through what DNSSEC is, why it needs to be turned off, and exactly how to do it across the most common registrars.

TABLE OF CONTENTS

What is DNSSEC and Why Does It Block Transfers?

DNSSEC is a security layer added to the Domain Name System. It uses cryptographic signatures to verify that DNS records haven't been tampered with in transit, protecting your visitors from being redirected to malicious sites.

The problem is that DNSSEC ties your domain's security signature to your current registrar. When you initiate a transfer, the receiving registrar cannot validate those signatures, which causes the transfer to fail or get rejected outright.

Disabling DNSSEC before the transfer is a required step, not optional. Once your domain has successfully transferred, DNS security is handled automatically.

General Instructions

The exact steps vary by registrar, but the process generally follows this pattern:

  1. Log in to your registrar account.

  2. Navigate to your domain's DNS Settings or Domain Settings.

  3. Look for a section labeled DNSSEC and select the option to disable or turn it off.

  4. Save your changes.

  5. Wait a few minutes to allow the changes to propagate before initiating the transfer.

Note: After disabling DNSSEC, it may take anywhere from a few minutes to a few hours for the record to be fully removed at the registry level. If your transfer still fails immediately after disabling, wait up to 48 hours and try again.

GoDaddy

GoDaddy allows you to manage DNSSEC directly from your domain's DNS settings panel.

Steps to disable DNSSEC on GoDaddy:

  1. Sign in to your GoDaddy Domain Portfolio.

  2. Select an individual domain to access the Domain Settings page.

  3. Select DNS and then select DNSSEC.

  4. Select the option to turn DNSSEC Off and confirm your choice.

For full details, refer to GoDaddy's official guide: Turn DNSSEC On or Off

Namecheap

Namecheap provides DNSSEC management through the Advanced DNS tab in your domain dashboard.

Steps to disable DNSSEC on Namecheap:

  1. Log in to your Namecheap account.

  2. Go to Domain List and click Manage next to the domain you're transferring.

  3. Select the Advanced DNS tab.

  4. Scroll to the DNSSEC section.

  5. If DNSSEC is enabled, click the toggle to disable it or remove any existing DS records.

  6. Save your changes.

For full details, refer to Namecheap's official guide: DNSSEC on Namecheap

Cloudflare

If your domain is registered with Cloudflare (not just using Cloudflare for DNS), DNSSEC is managed from the Cloudflare dashboard under your domain's configuration settings. Note that Cloudflare offers one-click DNSSEC activation, so disabling it is equally straightforward.

Steps to disable DNSSEC on Cloudflare Registrar:

  1. Log in to your Cloudflare dashboard.

  2. Navigate to the Manage Domains page.

  3. Find the domain you want to transfer and click Manage.

  4. Select Configuration.

  5. Click Disable DNSSEC and confirm.

For full details, refer to Cloudflare's official guide: Enable/Disable DNSSEC – Cloudflare Registrar

Squarespace

Squarespace automatically enables DNSSEC for all domains it manages that support it. You will need to manually turn it off before transferring out.

Steps to disable DNSSEC on Squarespace:

  1. Log in to your Squarespace account and open your Domains dashboard.

  2. Click on the domain you want to transfer.

  3. Click DNS, then click DNSSEC.

  4. Switch off the DNS Security Extensions toggle.

  5. A confirmation window will appear—click Confirm to complete the change.

Note: If you don't see the DNS Security Extensions toggle, it may mean DNSSEC is already inactive for your domain (for example, if you've previously switched to custom nameservers). In that case, no action is needed, proceed with your transfer.

For full details, refer to Squarespace's official guide: DNSSEC for Squarespace Domains

Frequently Asked Questions

Q: Will disabling DNSSEC affect my live website or email?

No. Disabling DNSSEC does not take down your website, email, or any other services. It only removes the cryptographic validation layer on your DNS records. Your site will continue to function normally throughout the transfer process.

Q: How long should I wait after disabling DNSSEC before starting the transfer?

For most registrars (GoDaddy, Namecheap, Squarespace), a wait of 15–30 minutes is sufficient. For Cloudflare, it can take up to 24–48 hours due to how Cloudflare propagates registry changes. Check your registrar's confirmation before proceeding.

Q: My registrar isn't listed here. What should I do?

Follow the general instructions above. Look for a DNSSEC section under DNS or Domain Settings in your registrar's dashboard. If you can't find it, contact your registrar's support team and ask them to disable DNSSEC on your behalf before the transfer.

Q: Do I need to re-enable DNSSEC after the transfer?

No action is required on your end. Once your domain is fully transferred, DNS security is managed automatically by us.

Q: I disabled DNSSEC but my transfer is still failing. What's next?

Make sure your domain is also unlocked and that your EPP/Auth code is valid and up to date. Both conditions must be met for the transfer to succeed. See the Domain Transfer-In Process guide for a full checklist.