[DNS, Registrar] Clarify DNSSEC disablement when transferring a domain (#22610)

RebeccaTamachiro · web-flow · commit 8bc5858e310e · 2025-05-23T15:56:20.000+01:00
* Expand disable DNSSEC section within before-you-begin

* Remove dupe step to unlock and link DNSSEC in #next-steps

* Text touchup
diff --git a/src/content/docs/registrar/get-started/transfer-domain-to-cloudflare.mdx b/src/content/docs/registrar/get-started/transfer-domain-to-cloudflare.mdx
@@ -12,7 +12,7 @@ Transferring your domain to Cloudflare tells your registry that a different regi
 
 Transferring a domain to a new registrar informs the registry that they should instead trust that new registrar to modify information. The process requires some action steps at your new and previous registrar. Each registrar handles transfers a bit differently, but in general, they follow a pattern based on rules set by ICANN, the organization responsible for regulating domain registration.
 
-This section contains generic instructions on how to transfer your domain to Cloudflare from most registrars.
+This page contains generic instructions on how to transfer your domain to Cloudflare from most registrars.
 
 ***
 
diff --git a/src/content/glossary/cache.yaml b/src/content/glossary/cache.yaml
@@ -68,6 +68,7 @@ entries:
       the duration for which a cached copy of a resource is considered valid before it needs to be refreshed or revalidated.
     associated_products:
       - Magic WAN
+      - DNS
 
   - term: cache lock
     general_definition: |-
diff --git a/src/content/partials/registrar/before-you-begin.mdx b/src/content/partials/registrar/before-you-begin.mdx
@@ -3,21 +3,32 @@
 
 ---
 
-import { Render } from "~/components"
+import { Render, Details, GlossaryTooltip } from "~/components"
 
 ## Before transferring a domain to Cloudflare
 
 * Create [a Cloudflare account](/fundamentals/setup/account/create-account/).
 * [Add the domain](/fundamentals/setup/manage-domains/add-site/) you are transferring to your Cloudflare account.
 * [Review your DNS records](/dns/zone-setups/full-setup/setup/#review-dns-records) in the Cloudflare dashboard.
+* If needed, plan for [DNSSEC disablement](#disable-dnssec).
 * [Change your DNS nameservers](/dns/zone-setups/full-setup/) to Cloudflare.
 * If initiating multiple transfers, notify your financial institution to prevent them from flagging these charges as fraudulent.
 * Renew your domain if it is within 15 days of expiration.
-* Unlock your domain at your current registrar.
 * Do not make any changes to the Registrant contact information. Updating the Registrant contact may result in your current registrar locking the domain for 60 days.
 * Make sure your account has a valid credit card on file.
 * If you are transferring a `.us` domain, refer to the [Additional requirements for .US domains](/registrar/top-level-domains/us-domains/) before proceeding.
 
 ### Disable DNSSEC
 
-<Render file="disable_dnssec" product="dns" />
+If you are onboarding an existing domain to Cloudflare, make sure DNSSEC **is disabled** at your registrar. Otherwise, your domain will experience connectivity errors when you change your nameservers.
+
+1. Take note of the <GlossaryTooltip term="time-to-live (TTL)">TTL</GlossaryTooltip> value for the DS record at your current registrar.
+2. Remove DS records at your current registrar.
+    <Render file="dnssec-providers" product="dns" />
+3. Wait at least the time corresponding to the DS record TTL. It is usually 24 hours, but refer to the value you got in step 1.
+4. Follow the steps to [transfer your domain](/registrar/get-started/transfer-domain-to-cloudflare/#set-up-a-domain-transfer) to Cloudflare Registrar.
+5. [Enable DNSSEC](/dns/dnssec/#1-activate-dnssec-in-cloudflare) at Cloudflare. This will automatically add your DS to the zone parent via Cloudflare Registrar.
+
+<Details header="Why you have to disable DNSSEC">
+<Render file="why-disable-dnssec" product="dns" />
+</Details>
diff --git a/src/content/partials/registrar/next-steps.mdx b/src/content/partials/registrar/next-steps.mdx
@@ -3,12 +3,20 @@
 
 ---
 
+import { Details } from "~/components"
+
 ## Next steps
 
 As mentioned in [Review DNS records in Cloudflare](/dns/zone-setups/full-setup/setup/#review-dns-records), when moving your domain to Cloudflare Registrar, you might need to configure your DNS records to correctly point traffic to your web host. Cloudflare automatically scans for common records and adds them to your account's DNS page, but the scan is not guaranteed to find all existing DNS records.
 
 Refer to your web host's documentation to learn what type of records you need to configure and where they should point, to avoid downtime.
 
+<Details header="Example">
+
 For example, Netlify asks customers that host websites with them to add a `CNAME` record pointing `<YOUR-DOMAIN>` to `apex-loadbalancer.netlify.com`, and another `CNAME` record pointing `www` to `<YOUR-DOMAIN>.netlify.app`, depending on which one is the primary domain.
 
 ![An example of DNS management in Cloudflare's DNS dashboard](~/assets/images/registrar/dns-management.png)
+
+</Details>
+
+You may also want to [enable DNSSEC](/dns/dnssec/#1-activate-dnssec-in-cloudflare).
