Cloudflare does not see DNS server changes

Cloudflare does not see DNS server changes. More than a day has already passed. What to do?

Screenshot 2023-10-17 at 11.48.50

You need to change your nameservers at your Registrar, who appears to be Hosting Ukraine LLC. You changed them in your existing DNS Nameservers, which won’t work.

~$ whois
Name Server:
Name Server:
Name Server:
DNSSEC: unsigned


Already replaced. I have attached a screenshot from the tests. Technical support for the domain registrar told me to contact Cloudflare because everything was fine on their end and the NS servers were registered correctly.

The only thing you have done is added Cloudflare Nameservers to your existing nameservers/DNS Host. Which is why you see it in dig, because it recursively resolves.

If you look at whois, you can see the output is not Cloudflare nameservers:

Name Server:
Name Server:
Name Server:
DNSSEC: unsigned

If you query .cloud nameservers directly, you can see it as well:

dig ns

;; AUTHORITY SECTION:       900     IN      NS       900     IN      NS       900     IN      NS

You’ll know when you have it set correctly when .cloud nameservers return Cloudflare nameservers instead of those currently set. (It may take a bit to update)

It looks like those are your default registrar’s nameservers. So there will likely be two locations where you can set nameservers, one somewhere under Domain Details, and another under DNS. The one under DNS is the one you have set currently and is the wrong one to change.

It looks like you could find the right one to change here: Нейм-сервери (NS) | Питання-відповіді на Wiki - Хостинг Україна and change them like so: Встановлення сторонніх NS | Питання-відповіді на Wiki - Хостинг Україна

If you have already set it like so, it’s either slow to update (but if it’s been a day, should be long enough) or something broken on your Registrar’s end you’d need to reach out to them about.

1 Like

It may be worth reviewing the DNSViz report. It looks like you might have some DNSSEC artifacts affecting your results. | DNSViz


I believe that’s just because Cloudflare is returning DNSKEY and signing their responses, which makes the responses from the default dns (inhostedns) “invalid”, should clear up once he gets his nameservers straightened out.


That makes sense and also explains why validating resolvers returned answers. It is interesting that the whois is wrong, but the 4 root servers for cloud all return Cloudflare NS. Hopefully it is just a matter of time while things catch up.

1 Like

That’s interesting, because that is definitely not what I’m seeing:       900     IN      NS       900     IN      NS       900     IN      NS
;; Received 147 bytes from 2620:10a:80aa::3#53( in 32 ms       900     IN      NS       900     IN      NS
;; Received 103 bytes from 2a06:6440:0:2c26::1#53( in 48 ms

That looks like a typical case of creating NS records instead of changing nameservers to me.

DNSVIZ may have problems because the nameservers respond with both NS and A records for the domain:

dig ns +short
dig +short

I’m also wondering why the Cloudflare nameservers are responding at all if the nameservers haven’t changed yet:

dig a +short

Here are my results from the same root that you queried.

% dig ns +short

I wonder if they use a distributed system that is out of sync and we are not actually reaching the same server.

1 Like

Ignore the results I shared that appeared to show correct nameservers at the root. The results were tainted by Linux on Chrome OS architecture diverting the queries to a recursive resolver. I will need to change my practices to mitigate this unwanted behavior.


This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.