To help domain owners, we will send out a DNSSEC reminder 7 days before the expiry date to remind users (Technical Contact) that the signature is expiring and re-signing is needed be done and loaded to the Registry System. If the signature expiry remains unchanged 1 day before the expiry of the signature, the system will automatically set all (KSK) keys to “Unpublished” so that the domain will continue to be able to be resolved. Essentially, if all keys are set to “Unpublished” (i.e., all the DS Records will not be included in the parent zone), DNSSEC will not be use for that particular domain name. If the DS Records remain in the zone (i.e. nothing is done) the domain name will not be able to be resolved by recursive servers (operated by ISPs, or any organization that runs their own recursive server) that has DNSSEC enabled.