For months, I have been getting users complain that they cannot access my site. I just found an error from leaf dns claiming that I have a glue vs A record conflict.
Welcome to the Cloudflare community.
I am sorry to hear that you are encountering difficulty with some visitors reaching your site. I am afraid the notice from Leaf DNS is not relevant in your situation.
Glue records are critical when you are using namesevers that are in your own domain. If your domain was
example.com and you had nameservers at
ns2.example.com, a resolver wouldn’t know where to look without the glue records. Your nameservers are not your own domain, which means this is not the source of any trouble your visitors may be experiencing.
This incorrect diagnosis on the part o Leaf DNS has come up in the community before.
Echoing the conclusion in the topic I shared, can you share your domain name and the specific details of the problems your visitors report?
chicksonright dot com
Users say that using Chrome, Duck Duck Go, Brave and so on, they cannot get to the site.
I am able to resolve the domain name using my own nameservers as well as T-Mobile’s, Cloudflare’s 126.96.36.199 and Google’s 188.8.131.52.
Do you know if there may be any common variables among those encountering difficulty connecting to your site? For example are they using the same network provider?
I don’t know of any common variables. It seems intermittent. Sometimes users are suddenly able to to access the site again.
The only other clue I have is that the Twitter card validator has never been able to resolve the site. It returns an error that says “cannot resolve the address.” I can curl the site as the Twitterbot, so it is not robots.txt blocking it or anything.
Chatting with Go Daddy. Because I read on the internet that Glue records are created at the domain’s registrar. Here is what they told me when I told them that.
The registrar (Go Daddy) seemed to know all about this. They removed the glue records and assured me that the problem would be resolved once the DNS propagates. I will update.
Update: It appears this was not the problem. After comparing to my dev site, I noticed I was (sometimes) getting the same results, but the dev site is not having the same problem. So something else is going on.
I am still getting reports from all over the place that folks cannot resolve the domain. Months and months of this and no one seems to have a clue.
Sorry for the trouble on this. I’m working with the DNS team to fix up your zone.
If you wouldn’t mind, can you please enable DNSSEC only here in your dashboard? That should finish up the zone rebuild.
Did you find an issue? What is it? What do you mean enable DNSSEC only here?
That would mean enabling it Cloudflare, but not taking the subsequent step to enable it at your registrar.
Done. What seems to be the issue? The client is very unhappy.
Thanks. It looks like there was a stuck DNSSEC setting here. DNS team says the issue should be clear now.
No more red here:
Sorry again for the trouble. Please reply here if you get any more reports of NXDOMAIN errors.
Wow. Thank you. Any idea how this happened?
Oh, and what should I do now? What about the next step with the registrar?
You’re welcome. Sorry, I don’t know the history of your DNS setup. But DNSViz.net pointed to DNSSEC as being the likely problem. I wish I took a screenshot, but there was a warning about what I believe was a DSKEY record:
Nothing. Just let it settle for a while. You can turn off that DNSSEC setting in a week if there are no more issues. DNSSEC is disabled at the registrar, so don’t do anything there.
There are no next steps at the registrar. There was never an issue there.
Thank you! Wow, this was giving us fits!
I am pretty sure DNSSEC was never enabled for this domain. Weird.
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.