CF giving out one valid and one invalid DNS resolution

I have my website setup properly in CF for DNS and it has been running well for a month. Yesterday I started getting reports that the site was down. I checked DNS via 3rd party tool https://dnschecker.org (Google, OpenDNS etc) and the results come back with:

Type Domain Name TTL Address
A www.mydomain.com 300 172.67.130.10
A www.mydomain.com 300 104.21.3.18

The first one is valid and if hard coded on a local machine works fine, the second results in a 521 error. I verified the UFW firewall is off on the host, this appears to be a CF internal problem. Toggled the CF proxy option, toggled developer mode, there are no page rules or firewall rules. Can anyone give me any suggestions to resolve this? Thank you.

521s are covered at Community Tip - Fixing Error 521: Web server is down.

That address is not “invalid”, but simply one of the addresses of the proxies. If you get a 521 in that case that will most likely mean that you block certain Cloudflare addresses on your server and should make sure that all addresses at cloudflare.com/ips are whitelisted.

Server on Digital Ocean is wide open, no UFW nothing closed off. No request comes to the server when that second ip (proxy) is used. Something is broken in CF in the proxy.

Well, the error is quite clear and tells you that Cloudflare can’t reach your server. It is rather unlikely that this is on Cloudflare’s side, but you can certainly open a support ticket to have support check that out.

What’s the domain? Maybe it’s some other firewall setting on your host’s side, but that’s something you need to clarify with your host.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.