We plan to use Webflow or Wix for our product homepage. We got the requirement that our domain needs to work with DNSSEC. We keep our domain registered in AWS Route 53 and we can enabled DNSSEC in it.
Wix docs states that they DNSSEC must be disabled. I haven't found Webflow docs saying that explicitly, but their support also confirmed that DNSSEC must be disabled.
What's the reason that these providers can't work with DNSSEC enabled?
For more context: for custom domains Webflow recommends to create a CNAME record with value proxy-ssl.webflow.com. DNS record for proxy-ssl.webflow.com is managed by Webflow, so I understand they don't maintain DNSSEC there. However, technically it should be possible to create an A record pointing to static IP of the proxy server, so the trust chain of DNSSEC would end on our Route 53 and DNSSEC should work. I suspect that Webflow want's to have freedom with changing these IPs, that's why they recommend using CNAME, but for now let's assume that the IP is really static. Would there be any technical blocker for our Route 53 enabling DNSSEC? At the end, as I understand with this approach DNS query wouldn't involve any Webflow DNS server, and after the query is resolved DNSSEC shouldn't affect the the application works.