This shouldn’t happen. I saw a couple of related topics here, but no answer.

More than 48 hrs ago, I changed name server assignments at my registrar, GoDaddy, from Cloudflare to DigitalOcean & even deleted the domain, which is mashweb.club, from the list of websites in my Cloudflare dashboard, but I am still getting a 1001 error from Cloudflare’s network for the subdomain doc.mashweb.club.

I have never paid for Cloudflare services, so I can’t file a support ticket with them.

This looks to me like a Cloudflare problem. How can I get it fixed?

Hi ,

As I just saw just saw your website your website is working from my end . And Cloudflare is removed from Website .

Once reload the page and revert back

Neeraj, thank you for replying.

I should have stated which subdomain is causing problems: doc.mashweb.club.

Hi,

Checking the main domain, you are correct, this is at Digitalocean although not providing nameservers since no NS records are returned:

[[email protected] ~]$ dig mashweb.club ns

; <<>> DiG 9.16.24-RH <<>> mashweb.club ns
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33498
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 50853ba91785e1a60100000061fbb7073c3a0cce954085cf (good)
;; QUESTION SECTION:
;mashweb.club.			IN	NS

;; AUTHORITY SECTION:
mashweb.club.		700	IN	SOA	ns1.digitalocean.com. hostmaster.mashweb.club. 1643713250 10800 3600 604800 1800

however, it seems for doc.mashweb.club you have different nameservers assigned:

; <<>> DiG 9.16.24-RH <<>> doc.mashweb.club ns
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43206
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 13

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: c652058dcfa9e9700100000061fbb79b46af5a141fd1954a (good)
;; QUESTION SECTION:
;doc.mashweb.club.		IN	NS

;; ANSWER SECTION:
doc.mashweb.club.	30	IN	CNAME	doc-948.pages.dev.
doc-948.pages.dev.	21368	IN	NS	indie.ns.cloudflare.com.
doc-948.pages.dev.	21368	IN	NS	troy.ns.cloudflare.com.

;; ADDITIONAL SECTION:
troy.ns.cloudflare.com.	670	IN	A	108.162.195.218
troy.ns.cloudflare.com.	670	IN	A	162.159.44.218
troy.ns.cloudflare.com.	670	IN	A	172.64.35.218
indie.ns.cloudflare.com. 670	IN	A	108.162.194.163
indie.ns.cloudflare.com. 670	IN	A	162.159.38.163
indie.ns.cloudflare.com. 670	IN	A	172.64.34.163
troy.ns.cloudflare.com.	670	IN	AAAA	2606:4700:58::a29f:2cda
troy.ns.cloudflare.com.	670	IN	AAAA	2803:f800:50::6ca2:c3da
troy.ns.cloudflare.com.	670	IN	AAAA	2a06:98c1:50::ac40:23da
indie.ns.cloudflare.com. 670	IN	AAAA	2606:4700:50::a29f:26a3
indie.ns.cloudflare.com. 670	IN	AAAA	2803:f800:50::6ca2:c2a3
indie.ns.cloudflare.com. 670	IN	AAAA	2a06:98c1:50::ac40:22a3

;; Query time: 206 msec
;; SERVER: 10.1.3.10#53(10.1.3.10)
;; WHEN: Thu Feb 03 12:08:11 CET 2022
;; MSG SIZE  rcvd: 424

you need to check your DNS entries, and remove the NS records for doc-948.pages.dev since these are why your doc.mashweb.club is not working if you wish it to be on Digitalocean. Or fix the DNS configuration if you have a nameserver running on that doc-948.pages.dev host and point it to DO.

Thanks, iwalker!

You’ve given me a lot to work with. I only just started using dig yesterday and don’t understand it well at all.

doc-948.pages.dev (a Cloudflare Pages website) is on Cloudflare’s network. I will try to use their documentation to set a custom domain for that. I was under the notion (apparently mistaken) that setting up a DNS record on DigitalOcean’s name servers would direct doc.mashweb.club to doc-948.pages.dev.

Dig is just like using nslookup, similar but reports quite a bit of info. So it depends which on you prefer using. You can also do:

nslookup
set type=ns
doc.mashweb.club

the type option helps us filter, instead of it returning A records or CNAME’s, etc. Anyway, it all depends on how you want doc.mashweb.club to resolve, to go to the Cloudflare pages site, or to host it somewhere else and have it resolved at DO instead (or if you can have it resolved differently with custom info on CF side).

As for dig, you can do:

dig doc.mashweb.club

which will return A records. If you want to check other types, then:

dig doc.mashweb.club ns
dig doc.mashweb.club mx
dig doc.mashweb.club cname

or whatever records you are searching for to filter out as necessary. You can even use @x.x.x.x for example, to check what records are being resolved say via google, or opendns, so:

dig @8.8.8.8 doc.mashweb.club
dig @208.67.222.222 doc.mashweb.club

@iwalker Very nice recap of dig features. I got some of that from the man page. Apparently nslookup is old and has some bugs in some OSs, according to what I read.

At first I was putting the ‘cname’ or ‘mx’ part in front of the domain name. You can imagine that didn’t work out.

I don’t understand DNS very well, but from what I gather, its basics are simple. Can you point me to a kind of 5-minute explanation of how it works? This is my guess:

(1) When anyone sends a DNS query, he should target a DNS name server using DNS internet protocol. (But which name server should he query if he is a web client trying to get an IP address for TCP/IP requests?)

(2) In response, the name server he queries will send back an IP address (or set of IP addresses?). If the name server doesn’t know, it will forward the request to another name server, and so on until the request arrives at a name server that knows.

(3) Somehow (directly from the name server that knows? or backwards through the chain of requestees?) the IP address (or set of IP addresses?) gets back to the original querier.

Is that correct? Could you please fill out the blanks in the above 1-minute overview?

If I query doc.mashweb.club or mashweb.club to get a name server by using the ‘ns’ type, what is the particular name server in the response? Is it the name server that knows the IP address(es)?

I wish I could see an annotation of a dig response with links and less cryptic labels. For instance, when my shell executes the command ‘dig @8.8.8.8 doc.mashweb.club ns’ I get a column full of the abbreviation or word ‘IN’. Does that refer to an ISO country code?

I just bought a cheap but neat little app for my iPhone that makes things easier to understand for me. I still need to learn some lingo, but it’s comforting to an old guy like me to see simple things kept simple. The app is available at ‎Network Utility on the App Store . It even shows the suspicious answers when digging doc.mashweb.clug: the CNAME record and 2 A records. By contrast, the host command was about as cryptic as the dig command.

On the ‘Getting Started’ guide to Cloudflare Pages, I see this section:

Adding a custom domain

While every Cloudflare Pages site receives a custom subdomain during deployment, you may also wish to point custom domains (or subdomains) to your site. To do this, select the Custom domains section in your site dashboard.

domains1401×410 9.48 KB

But I see no ‘Custom domains’ section in my site dashboard. I see this:

dashboard2462×1342 261 KB

What am I missing?

Oh, somehow I got there. I see the ‘Custom domains’ tab now.

And finally I got it fixed. I just got lost in Cloudflare’s menus…

I hope I can find my way back to the Custom domains tab next time.

Each domain will have it’s own authoritative DNS server or authoritative set of DNS servers. So when you make it request for example to Google DNS or OpenDNS, they will know which nameservers are responsible for resolving that domain and the request will be made to those servers, even though you yourself asked Google or OpenDNS. As you found, in this instance Cloudflare was still responsible for your doc.mashweb.club so Google/OpenDNS would forward to Cloudflare’s nameservers as they are the authoritative servers for your domain - at least until you configure it otherwise.

So yes, when you request in your browser doc.mashweb.club, it will ask your nameservers to provide the IP address assigned to it, or in your case the CNAME which is then redirected to the .dev address. Or for example, if your domain had doc.mashweb.club as the MX record for sending/receiving emails, then it would use that when attempting to send emails.

as mentioned, the authoritative DNS servers reply with the appropriate information required. If your authoritative DNS servers don’t reply, then in reality no IP will be retrieved and the connection will fail. This is why it’s best to have more than one DNS server available.

When you make a request for NS or MX or A or CNAME you get the appropriate information back from the server. So when we do dig ns doc.mashweb.club then we get returned a list of the authoritative NS or nameservers for that domain. The IN column you don’t need to worry about, what is more important is what comes in the column after this:

;; ANSWER SECTION:
doc.mashweb.club.	30	IN	CNAME	doc-948.pages.dev.
doc-948.pages.dev.	86400	IN	NS	indie.ns.cloudflare.com.
doc-948.pages.dev.	86400	IN	NS	troy.ns.cloudflare.com.

you can see here CNAME and NS entries. You checked NS for doc.mashweb.club which is a CNAME, so that then went deeper to find the NS servers for doc-948.pages.dev. Hence the Cloudflare entries.

There are no suspicious entries in the DNS, this is just how you have it configured so it replies with exactly how it should. If this is incorrect, then you just need to change it accordingly, either remove the CNAME for doc.mashweb.club and configure this with an IP address as an A record instead on your DO nameservers. Or by fixing it accordingly on Cloudflare pages, or wherever you have that stuff set up.

@iwalker I should print this and frame it in gold!!!

Thanks so much!

I’m having dinner, but it looks like you have answered in such a way that is easy even for me to understand.

Regarding the ‘suspicious’ records, I just meant having both an A record and a CNAME record for doc.mashweb.club. Is that not suspicious?

The root domain is mashweb.club.

Now the problem is fixed. Earlier I just couldn’t find the ‘Custom domain’ tabs in the Cloudflare dashboard for Cloudflare Pages. Finally I found it and fixed the problem.

Glad you solved the problem!

The answer to my problem was probably this, but it wasn’t worded in a way that was clear to me:

A non-Cloudflare domain cannot CNAME to a Cloudflare domain unless the non-Cloudflare domain is added to a Cloudflare account.

Oh. Nice Your error was fixed

Took me a second to realize what it meant, but it’s referring to CNAME Cross-User Banned (which I referred in a post that was flagged and hidden for a reason I don’t know)

I saw in a lot of posts your reply gets flagged always

True, already 2 replies in this topic have already been hidden (both for reasons I don’t know why, the PM claims it was “off-topic” but I don’t see how either post is off-topic).

hmm . think the system got mad …lol