A record not propagating from cloudflare to other internet nameservers

matthew.condren · May 1, 2022, 5:54pm

Hello,

Maybe I am doing something incorrectly, but with my previous registrar my DNS was propagated so it didn’t matter whether someone was querying 1.1.1.1, chase.ns.cloudflare.com, or 8.8.8.8, it would return. However, for weeks now mine has only worked if querying chase.ns.cloudflare.com. It doesn’t propagate to any other DNS servers.

A have a single A record. @ to my local ip. Works fine if I query chase.ns.cloudflare.com. Doesn’t work if I use my preferred ns of 1.1.1.1, or any other. Any help would be greatly appreciated. My domain was transferred to Cloudflare and is not registered with Cloudflare.

matthew.condren · May 1, 2022, 5:55pm

No edit button, sorry. That last sentence should read “and IS registered with Cloudflare”

sdayman · May 1, 2022, 6:18pm

Edit is via the pencil. or triple dots under your message. Usually.

What’s the hostname you’re trying to look up?

matthew.condren · May 1, 2022, 8:12pm

thanks. ansible.house I forwarded the whole thing without subdomains with @.

jwds1978 · May 1, 2022, 8:35pm

That domain has an A record of 69.xxx.xxx.219 via the several resolvers I’d tried it with. However, it has a DNSSec error resulting SERVFAIL:

$ resolvectl query ansible.house
ansible.house: resolve call failed: DNSSEC validation failed: missing-key

matthew.condren · May 1, 2022, 8:45pm

It has said “enabling DNS Sec might take 24 hours” for about 3 weeks now. May I ask what resolvers you are using @jwds1978? I just tried these and Cloudflare is the only one that works.

$ nslookup ansible.house chase.ns.cloudflare.com
Server: chase.ns.cloudflare.com
Address: 108.162.195.156

Name: ansible.house
Address: 69.221.255.219

$ nslookup ansible.house 1.1.1.1
Server: one.one.one.one
Address: 1.1.1.1

*** one.one.one.one can’t find ansible.house: Server failed

$ nslookup ansible.house 8.8.8.8
Server: dns.google
Address: 8.8.8.8

*** dns.google can’t find ansible.house: Server failed

jwds1978 · May 1, 2022, 8:48pm

Primarily, I’m using Cloudflare’s resolver via their Zero Trust Gateway for the majority of my devices. Secondarily, I use NextDNS, depending on the device.

Have a look at DNSSEC Analyzer - ansible.house (verisignlabs.com) and ansible.house | DNSViz. You can check the DNS records from different resolvers using DNS Lookup - Check DNS Records (dnschecker.org).

The DNSSec error is causing a SERVFAIL when I try to resolve it. Verify that the DNSKEY and DS records are correct.

matthew.condren · May 1, 2022, 9:40pm

ok, thanks, I will try to figure it out. I’m guessing I have to fix cloudflares hung DNSSEC setup. Tried to cancel and then restart it but it’s still been saying “DNSSEC is pending while we automatically add the DS record on your domain.”

sdayman · May 1, 2022, 9:50pm

Since you’re using Cloudflare Registrar, you’ll need to open a ticket to get that cleared up. support AT cloudflare DOT com

Post the ticket number here so we can escalate it and have it reopened.

matthew.condren · May 2, 2022, 12:03am

Thanks. Ticket 2438571 has been filed for the hung DNSSEC setup.

sdayman · May 2, 2022, 12:38am

Got it. I added it to the escalation queue.

matthew.condren · May 4, 2022, 3:07pm

This issue is now resolved. Thanks everyone for the help.

system · May 7, 2022, 3:08pm

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.