Error 217: No visible DNSKEY found signing directly or indirectly the SOA RR obtained in response
Now, I am arguing with my web hoster and their registrar about who’s to blame for it. They insist, that it is a deSEC problem. Can you please explain what’s going wrong here and how to fix this?
I am not sure what exactly the DENIC webinterface is checking (the DNSKEY is publicly visible, try dig +short DNSKEY wildwiesen.de @8.8.8.8).
Your observation that the DS records are missing is also correct. This means that DNSSEC is not configured for your domains. Consequently, the DENIC check succeeds if no key is entered into the form.
So, I’m not sure why your web hoster / registrar is unable to publish the DS records. We host a large number of de domains, and we have not seen this problem before.
If you get more information from your provider about what exactly we need to change, do let us know!