A record not propagating from cloudflare to other internet nameservers


Maybe I am doing something incorrectly, but with my previous registrar my DNS was propagated so it didn’t matter whether someone was querying, chase.ns.cloudflare.com, or, it would return. However, for weeks now mine has only worked if querying chase.ns.cloudflare.com. It doesn’t propagate to any other DNS servers.

A have a single A record. @ to my local ip. Works fine if I query chase.ns.cloudflare.com. Doesn’t work if I use my preferred ns of, or any other. Any help would be greatly appreciated. My domain was transferred to Cloudflare and is not registered with Cloudflare.

No edit button, sorry. That last sentence should read “and IS registered with Cloudflare”

Edit is via the pencil. or triple dots under your message. Usually.

What’s the hostname you’re trying to look up?

thanks. ansible.house I forwarded the whole thing without subdomains with @.

That domain has an A record of 69.xxx.xxx.219 via the several resolvers I’d tried it with. However, it has a DNSSec error resulting SERVFAIL:

$ resolvectl query ansible.house
ansible.house: resolve call failed: DNSSEC validation failed: missing-key

It has said “enabling DNS Sec might take 24 hours” for about 3 weeks now. May I ask what resolvers you are using @jwds1978? I just tried these and Cloudflare is the only one that works.

$ nslookup ansible.house chase.ns.cloudflare.com
Server: chase.ns.cloudflare.com

Name: ansible.house

$ nslookup ansible.house
Server: one.one.one.one

*** one.one.one.one can’t find ansible.house: Server failed

$ nslookup ansible.house
Server: dns.google

*** dns.google can’t find ansible.house: Server failed

Primarily, I’m using Cloudflare’s resolver via their Zero Trust Gateway for the majority of my devices. Secondarily, I use NextDNS, depending on the device.

Have a look at DNSSEC Analyzer - ansible.house (verisignlabs.com) and ansible.house | DNSViz. You can check the DNS records from different resolvers using DNS Lookup - Check DNS Records (dnschecker.org).

The DNSSec error is causing a SERVFAIL when I try to resolve it. Verify that the DNSKEY and DS records are correct.

ok, thanks, I will try to figure it out. I’m guessing I have to fix cloudflares hung DNSSEC setup. Tried to cancel and then restart it but it’s still been saying “DNSSEC is pending while we automatically add the DS record on your domain.”

Since you’re using Cloudflare Registrar, you’ll need to open a ticket to get that cleared up. support AT cloudflare DOT com

Post the ticket number here so we can escalate it and have it reopened.

1 Like

Thanks. Ticket 2438571 has been filed for the hung DNSSEC setup.

Got it. I added it to the escalation queue.

This issue is now resolved. Thanks everyone for the help.

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.