>48 hrs ago, changed name server assignments at registrar GoDaddy from CF to DO & even deleted *.mashweb.club from CF, but still getting a 1001 error from CF's network

Dig is just like using nslookup, similar but reports quite a bit of info. So it depends which on you prefer using. You can also do:

nslookup
set type=ns
doc.mashweb.club

the type option helps us filter, instead of it returning A records or CNAME’s, etc. Anyway, it all depends on how you want doc.mashweb.club to resolve, to go to the Cloudflare pages site, or to host it somewhere else and have it resolved at DO instead (or if you can have it resolved differently with custom info on CF side).

As for dig, you can do:

dig doc.mashweb.club

which will return A records. If you want to check other types, then:

dig doc.mashweb.club ns
dig doc.mashweb.club mx
dig doc.mashweb.club cname

or whatever records you are searching for to filter out as necessary. You can even use @x.x.x.x for example, to check what records are being resolved say via google, or opendns, so:

dig @8.8.8.8 doc.mashweb.club
dig @208.67.222.222 doc.mashweb.club

@iwalker Very nice recap of dig features. I got some of that from the man page. Apparently nslookup is old and has some bugs in some OSs, according to what I read.

At first I was putting the ‘cname’ or ‘mx’ part in front of the domain name. You can imagine that didn’t work out.

I don’t understand DNS very well, but from what I gather, its basics are simple. Can you point me to a kind of 5-minute explanation of how it works? This is my guess:

(1) When anyone sends a DNS query, he should target a DNS name server using DNS internet protocol. (But which name server should he query if he is a web client trying to get an IP address for TCP/IP requests?)

(2) In response, the name server he queries will send back an IP address (or set of IP addresses?). If the name server doesn’t know, it will forward the request to another name server, and so on until the request arrives at a name server that knows.

(3) Somehow (directly from the name server that knows? or backwards through the chain of requestees?) the IP address (or set of IP addresses?) gets back to the original querier.

Is that correct? Could you please fill out the blanks in the above 1-minute overview?

If I query doc.mashweb.club or mashweb.club to get a name server by using the ‘ns’ type, what is the particular name server in the response? Is it the name server that knows the IP address(es)?

I wish I could see an annotation of a dig response with links and less cryptic labels. For instance, when my shell executes the command ‘dig @8.8.8.8 doc.mashweb.club ns’ I get a column full of the abbreviation or word ‘IN’. Does that refer to an ISO country code?

I just bought a cheap but neat little app for my iPhone that makes things easier to understand for me. I still need to learn some lingo, but it’s comforting to an old guy like me to see simple things kept simple. The app is available at ‎Network Utility on the App Store . It even shows the suspicious answers when digging doc.mashweb.clug: the CNAME record and 2 A records. By contrast, the host command was about as cryptic as the dig command.

On the ‘Getting Started’ guide to Cloudflare Pages, I see this section:

Adding a custom domain

While every Cloudflare Pages site receives a custom subdomain during deployment, you may also wish to point custom domains (or subdomains) to your site. To do this, select the Custom domains section in your site dashboard.

But I see no ‘Custom domains’ section in my site dashboard. I see this:

What am I missing?

Oh, somehow I got there. I see the ‘Custom domains’ tab now.

And finally I got it fixed. I just got lost in Cloudflare’s menus…

I hope I can find my way back to the Custom domains tab next time. :smiley:

Each domain will have it’s own authoritative DNS server or authoritative set of DNS servers. So when you make it request for example to Google DNS or OpenDNS, they will know which nameservers are responsible for resolving that domain and the request will be made to those servers, even though you yourself asked Google or OpenDNS. As you found, in this instance Cloudflare was still responsible for your doc.mashweb.club so Google/OpenDNS would forward to Cloudflare’s nameservers as they are the authoritative servers for your domain - at least until you configure it otherwise.

So yes, when you request in your browser doc.mashweb.club, it will ask your nameservers to provide the IP address assigned to it, or in your case the CNAME which is then redirected to the .dev address. Or for example, if your domain had doc.mashweb.club as the MX record for sending/receiving emails, then it would use that when attempting to send emails.

as mentioned, the authoritative DNS servers reply with the appropriate information required. If your authoritative DNS servers don’t reply, then in reality no IP will be retrieved and the connection will fail. This is why it’s best to have more than one DNS server available.

When you make a request for NS or MX or A or CNAME you get the appropriate information back from the server. So when we do dig ns doc.mashweb.club then we get returned a list of the authoritative NS or nameservers for that domain. The IN column you don’t need to worry about, what is more important is what comes in the column after this:

;; ANSWER SECTION:
doc.mashweb.club.	30	IN	CNAME	doc-948.pages.dev.
doc-948.pages.dev.	86400	IN	NS	indie.ns.cloudflare.com.
doc-948.pages.dev.	86400	IN	NS	troy.ns.cloudflare.com.

you can see here CNAME and NS entries. You checked NS for doc.mashweb.club which is a CNAME, so that then went deeper to find the NS servers for doc-948.pages.dev. Hence the Cloudflare entries.

There are no suspicious entries in the DNS, this is just how you have it configured so it replies with exactly how it should. If this is incorrect, then you just need to change it accordingly, either remove the CNAME for doc.mashweb.club and configure this with an IP address as an A record instead on your DO nameservers. Or by fixing it accordingly on Cloudflare pages, or wherever you have that stuff set up.

@iwalker I should print this and frame it in gold!!!

Thanks so much!

I’m having dinner, but it looks like you have answered in such a way that is easy even for me to understand.

Regarding the ‘suspicious’ records, I just meant having both an A record and a CNAME record for doc.mashweb.club. Is that not suspicious?

2 Likes

The root domain is mashweb.club.

Now the problem is fixed. Earlier I just couldn’t find the ‘Custom domain’ tabs in the Cloudflare dashboard for Cloudflare Pages. Finally I found it and fixed the problem.

1 Like

Glad you solved the problem!

The answer to my problem was probably this, but it wasn’t worded in a way that was clear to me:

A non-Cloudflare domain cannot CNAME to a Cloudflare domain unless the non-Cloudflare domain is added to a Cloudflare account.

Oh. Nice Your error was fixed

1 Like

Took me a second to realize what it meant, but it’s referring to CNAME Cross-User Banned (which I referred in a post that was flagged and hidden for a reason I don’t know)

1 Like

I saw in a lot of posts your reply gets flagged always

True, already 2 replies in this topic have already been hidden (both for reasons I don’t know why, the PM claims it was “off-topic” but I don’t see how either post is off-topic).

hmm . think the system got mad …lol :joy:

1 Like

No, people flag the posts.

See

@iwalker

Now I’m reading this your last reply carefully. A lot of it is still unclear to me. Is there a very simple explanation of this on the web starting from zero? An explanation ‘like I’m a five-year-old’?

One thing that confuses me is the mention of ‘authoritative’ DNS servers – but never other DNS servers. There must be some other kind of DNS server besides authoritative ones. What are they used for?

What are the NS records? Are they only to set the authoritative DNS servers, or do they set all DNS servers?

Thanks again for clarifying a lot of this for me and others.

In the context of managing your domain(s), Nameservers are authoritative DNS name servers for your domain (e.g. coolsite.com), but they also have NS records.

NS type is a DNS record, which is not the same as domain authoritative nameserver.

Usually, we use NS type DNS record when we want to use for example ns1.mydomain.com and ns2.mydomain.com to provide DNS service for some other domains under our domain → eg. example.org would change their domain nameservers to ns1.mydomain.com and ns2.mydomain.com.

NS record Identifies authoritative DNS servers for a domain.

There knows to be a small confussion at first, or users put Cloudflare nameservers (or any other) into the “NS” field of their domain registrar, instead putting them into the desired “nameserver” field.

More detailed about it can be read at the Learning Center at the link from below:

1 Like

@fritex Thank you. That adds some more pieces to the puzzle.

The basics of DNS (not the details of the protocols or formats of packets or such minutiae) seem so simple to me that why they have eluded me all these years could only be due to my laziness. However, having been bitten by the problem with my subdomain, I thought I’d look for a clear and succinct explanation and found one: How DNS Works Visually - YouTube

I know, I know. I should learn this by reading. However, it’s actually faster for me if I watch a video with good diagrams and good narration. If the video is on YouTube I typically speed it up by a factor of about 1.5 to save my time.

Here’s a schematic view of how a DNS request gets resolved for a client like a web browser:

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.