Cloudflare DNS tells me to replace the cloudflare nameservers with the same nameservers (domain won't activate)


#1

Hi,
I have added a new domain to cloudflare. And I get the following screen at the DNS panel in the dashboard:


Can somebody tell me, why cloudflare doesn’t recognize their own DNS server?
Greetings Harald


#2

Have you tried clicking the “re-check” button? The DNS setup looks all right and I’d expect it to verify without issues.


#3

Hi, thanks for the reply.

The “re-check” is running at the moment.


#4

The re-check is complete. But I’m still getting the same screen. Saying I should replace the Cloudflare nameservers, with the same Cloudflare nameservers (see screenshot in post #1)


#5

Something got possibly stuck. Time for a support ticket -> https://support.cloudflare.com/requests/new


#6

Well. One says: registered, the next one can’t connect to .io’s servers, and another one

Seems like some mess…


#7

.io’s whois server seems to be inaccessible right now, but the domain resolves fine, so I’d assume it is properly registered.


#8

I get a servfail from Google, Cloudflare, our companies servers, Quad9. Only toby and lila are resolving. :thinking:

I am a bit confused because nic.io says that the domain is available.


#9

.io’s root servers do return NS records. Yandex also resolves the A record.


#10

Seems like you have DNSSEC enabled at your registrar. Did you have it enabled prior to moving to Cloudflare?

Anyway, I would try to disable it, because I think CF are validating it and at the same time serving no relevant records for them to successfully validate. See: https://dnssec-analyzer.verisignlabs.com/INNOVADIS.IO


#11

Definitely DNSSEC. Querying 8.8.8.8 with the check disabled flag returns an A record, but without check disabled, I get SERVFAIL.


#12

I did have DNSSEC enabled, but disabled it (in the resellers control panel) when I switched to the Cloudflare nameservers.

I’m going to enable and disable it again to see of that makes a difference. And else contact my registrar to check if there might be a problem disabling DNSSEC for this domain.


#13

Have you opened a support ticket?


#14

Yes I did, yesterday afternoon I submitted a support ticket. But no response so far.

Ticket #1625912


#15

@cloonan @cscharff


#16

Will investigate…


#17

Hi @harald, thank you and sorry you’re having issues. I checked your account and zones. Whois has picked up the .io name server changes. You could try removing the zone and re-add it. I added myself to the ticket and added a link to this conversation.

(BTW, for your other zones, it appears you’re not using cloudflare name servers and checking security trails, it seems the name servers have never pointed to cloudflare. Have you made these changes?)


#18

Hello @cloonan, thank you for your reply.
I have a ticket running at my registrar and they are manually going to disable DNSSEC for the domain. Seems the setting in their control panel, wasn’t working as it should. As soon as that is fixed, I’ll re-add the domain.

(For the other zones, it’s correct that they do not point to cloudflare. I was testing with this domain to see if I ran into any problems :upside_down_face:, before connecting production domains).


#19

@cloonan, is DNSSEC the issue here?


#20

Hi @sandro, DNSSEC could be the culprit if it was not disabled properly. @harald, thank you for the ticket number, I’ve noted a link to this discussion and added myself to it. Let us know once you know DNSSEC is disabled.