I don’t do technical support, i do it my self and when the stuff i do does not work i like to eliminate the problem of it being my issue.
I changed dnssec keys for dns, and then i lost nameserver glue records. I verify things and create new glue records and neither dns or dnssec is there. Things do work but our registrar has somehow set into motion a cascade of fuckups based on my request however i do know i did not touch nameservers until i went into troubleshoot mode.
The email says fail, but there is a dnssec key at the registrar and the registry. I admit defeat two days later and get a kurt email reply back from registrar. Three days in and no dnssec keys can be retained in the control panel.
I start to look at other domain registrars but i suppose a third domain registrar in fifteen years is not terrible. I give them a week or i explore somebody else..
I was patient asking for help, and confirming that the keys where correctly generated did a com key rollover before restoring dnssec by moving registar.
So soon after that i knew my dns was not the problem i do a domain transfer. I turn off locking and get an auth request and after a bit of faffing about with billing/admin and technical contacts within hour my regisrar has changed, and the dnssec keys that did not work elsewhere do.
Time for a celebratory banana. – A self induced nightmare who nobody really noticed either.