Hello,

I recently discovered an issue with my company’s domain in Firefox, giving the error SSL_ERROR_RX_RECORD_TOO_LONG. After contacting my hosting service, they believe the error is stemming from an incorrect IP address on file with CloudFlare. This was their response:

Did you used to have this site running through Cloudflare? Firefox can use DNS-over-HTTP which uses the records at Cloudflare and those are incorrect. If it was, then updating the “A” record there should fix the issue for everyone.

dig @1.1.1.1 +short www.saintarnold.com
saintarnold.com.
107.152.107.43 - wrong ip from Cloudflare DNS

This is correct
dig +short www.saintarnold.com
saintarnold.com.
66.115.166.228

My issue is that in the ten years I’ve been with my company, we have not used CloudFlare and nobody here remembers using them in the past. I figure we must have at some point, but I obviously do not have access to this old account. (I created the account I’m posting with just to contact support, which has thus far been unhelpful.)

Essentially I am attempting to:

1. Confirm we previously held a CloudFlare account.

2. Either access this account to change our “A” record as noted above or

3. Request this change be made by CloudFlare without accessing this account.

Any assistance is much appreciated.

Thank you very much,
Jeremy

Your domain is currently not configured for Cloudflare at all and uses third party nameservers.

nslookup -type=ns saintarnold.com a.gtld-servers.net
Server:  UnKnown
Address:  192.5.6.30

saintarnold.com nameserver = ns1.handsonwebhosting.com
saintarnold.com nameserver = ns2.handsonwebhosting.com

Thanks for the reply, sandro. My hosting company seems to think Firefox is pulling an IP address from CloudFlare. Here’s more of their response:

Based on our tests, it would appear that is the root issue. One of our techs (running the same version of Firefox) was getting the same error as you were. They then disabled DNS-over-HTTP and the errors immediately stopped.

My Firefox install was not set to use DNS-over-HTTP and never could replicate the issue. I set my computers hosts file to use the ip 107.152.107.43 for the site and then tried to load it in Firefox. That enabled me to get the same error as was reported. If you want to try disabling DNS-over-HTTP you will find it in Firefox - Settings - Network Settings near the bottom of that page.

Additionally, they just provided the attached screenshot that appears to suggest our website was with CloudFlare 11-12 years ago.

Thanks,
Jeremy

dj3unDmBwXHSyqZZyy-HZYCRpBUzfX-GgA1208×442 45.2 KB

Then you should clarify this with them, as their understanding is obviously wrong. Your nameservers point to aforementioned service and not Cloudflare.

To be fair, if a hosting company gets that wrong I’d consider changing them, as that’s their core business.

I’m not sure their assessment is inaccurate. This post [ Firefox continues push to bring DNS over HTTPS by default for US users ] states CloudFlare is the default provider for sending DNS requests. (Not sure I’m saying that right - my knowledge on this subject is minimal.)

I am afraid you, respectively your host, seem to confuse a bit here.

Cloudflare is not the authoritative nameserver for your domain.

If their claim is that Cloudflare’s resolver service returns an incorrect IP address, then they’d be wrong as well

nslookup saintarnold.com 1.1.1.1
Server:  one.one.one.one
Address:  1.1.1.1

Non-authoritative answer:
Name:    saintarnold.com
Address:  66.115.166.228

@sandro Thank you very much for your help - I really appreciate the replies. The hosting company was able to resolve the issue by doing the following (which I believe is what you were getting at).

I believe we may help to get this issue fixed if we correct the nameservers listed on the registrar. Please take a look at the following:

From whois:

Name Server: NS1.HANDSONWEBHOSTING.COM
Name Server: NS2.HANDSONWEBHOSTING.COM
​

The actual NS query:

;; AUTHORITY SECTION:
saintarnold.com. 86400 IN NS ns2.my-tss.com.
saintarnold.com. 86400 IN NS ns1.my-tss.com.

saintarnold.com should be using ns1.my-tss.com and ns2.my-tss.com in your registrar.

Thanks!
Jeremy

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.