Cloudflare is supplying trash DNS records for domain

Hi there!

Here is the situation, I have a domain that points to my Cloudflare’s DNS, but I must have forgotten to add the site to my account or someone else previously was using this domain with Cloudflare or something, I couldn’t find this site on my CF account dashboard.

When I used dig, it seems that Cloudflare is supplying trash DNS records of A and AAAA types. When I visit my domain, it seems that someone essentially took over my domain, and displayed junk content.

When I tried to add the site to my account, my dashboard informed me to change my nameservers from my account-specific ones to someone else’s Cloudflare nameservers.

I’m not sure how I can rectify this issue .

What’s the domain?

It is kvs.mobi; after changing the nameserver from my account-specific ones to the other set provided by the dashboard, it seems that dig no longer shows the erroneous A or AAAA records; I wonder what was causing it? Me not adding the site to my account while pointing my DNS to Cloudflare would allow others to use my domain?

DNS does not provide any entries, as there doesn’t seem to be anything configured.

Which nameservers are listed in your account?

My account specific ones are robin.ns.cloudflare.com. and sri.ns.cloudflare.com..

dig kvs.mobi @robin.ns.cloudflare.com still provides A and AAAA records for kvs.mobi as the following:

These are not the nameservers currently set. It appears as if your domain nameservers were recently changed and point to a different account. Did you make this change?

If not, check your registrar account and set the correct nameservers again.

You wrote you changed the nameservers. In that case you switched the domain to that other account and that’s where the domain is now active. You need to set the nameservers to the account where you want to configure the domain.

There are no account specific nameservers.

To my knowledge, there are no account-specific Nameservers. While one account usually has one pair of Nameservers, that is not a hard rule. So you are not changing to “someone else’s” nameservers. Actually, you likely have to change the Nameservers because your current NS pair is already in use on another account, so it cannot be used to prove ownership over the domain.

Yes, that might be a possibility. There are 2550 nameserver pairs. A serious attacker might have that many Cloudflare accounts to cover all the nameserver pairs.
On seeing that your domain is using Cloudflare Nameservers but is not serving any records, an attacker could try to add the domain to an account that is usually given that specific nameserver pair and thus hijack your domain.

Simply set the original nameservers again and your domain should work fine again.

Thank you very much for your help and for your response! I confirm that I just changed it to garret and lilith.

So previously I was pointing kvs.mobi to robin and sri, which I have been using for all of my sites on my account; I might have forgotten to add the site on Cloudflare but why would it supply any A/AAAA records at all?

Screenshot 2023-05-06 at 13.05.111920×1488 185 KB

Screenshot 2023-05-06 at 13.05.211920×1363 179 KB

As I wrote, you switched the domain to a different account.

Why did you change that?

Again, set the original nameservers and the domain should work again. Right now it is active on a completely different account.

Ah, I see; thank you so much for your help and for providing the contexts; I will thoroughly read through your responses; sorry if I am being slow Hope you have a great weekend!

If you do want to switch account, then setting these nameservers was correct, however you will need to move the whole domain configuration.

It really comes down to on which account you want to use your domain. The indicated nameservers are the ones you need to set.

Bottom line, do you have two accounts and did you add the domain to both? If so, you need to decide where you want to use it and set only those nameservers and make sure you have all necessary DNS entries in place. Whether that is account A or B is certainly up to you, but you need to make sure the settings are in the correct account.

Thank you both very much for your help! Hmm, I don’t believe I have ever switched accounts for this particular domain; I think I will need to re-read through the chain of responses; but thank you, I’m just glad that it works properly now

I cannot be certain, but I think you are misunderstanding the OP.

As I understand it, he noticed his domain was being used to serve malicious websites and that it was not added to his Cloudflare account, despite setting his usual Nameservers.

He was then likely confused because he was asked to set Nameservers other than his usual NS pair when adding the domain to his own account, hence

I am afraid that is not correct. The OP changed the nameservers for whatever reason and the site simply does not resolve.

Ah, I do have multiple accounts, but I have not added this domain to any that are under my control; I guess my oversight is the root cause of this issue I’m facing; I will need to be more careful haha

Well, you just mentioned you changed the nameservers and that domain is now active on a different account. What exactly you did, I don’t know. But you need to decide where to use the domain.

However, I have already written all of that.