Cloudflare keeps blocking my domain name

Hi.
When i set the Cloudflare DNS in my router or devices i keep getting one of my domains blocked.
The domain is http://3120s.com/
This does not happen to my other domains.
This does not happen when i switch to any other DNS provider (e.g. Google, Quad9, etc.).
Is there anybody from Cloudflare available to help look into this issue?
Thank you.

It seems 2 out of the 4 nameservers of domain 3120s.com are bad, and they confuse recursive resolvers sometimes.

$ dig 3120s.com @a.gtld-servers.net. +nord +nocmd

;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31808
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 7

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;3120s.com.			IN	A

;; AUTHORITY SECTION:
3120s.com.		172800	IN	NS	ns1.blacknight.com.
3120s.com.		172800	IN	NS	ns2.blacknight.com.
3120s.com.		172800	IN	NS	ns3.blacknight.com.
3120s.com.		172800	IN	NS	ns4.blacknight.com.

;; ADDITIONAL SECTION:
ns1.blacknight.com.	172800	IN	A	78.153.212.176
ns2.blacknight.com.	172800	IN	AAAA	2a01:a8:dc3:3313::aaaa
ns2.blacknight.com.	172800	IN	A	81.17.254.6
ns3.blacknight.com.	172800	IN	A	185.28.194.194
ns3.blacknight.com.	172800	IN	AAAA	2a00:fea0:dead::beef
ns4.blacknight.com.	172800	IN	A	185.38.108.108



$ dig 3120s.com @ns3.blacknight.com +nord +nocmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 41205
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;3120s.com.			IN	A

;; Query time: 24 msec
;; SERVER: 2a00:fea0:dead::beef#53(ns3.blacknight.com) (UDP)
;; WHEN: Thu Apr 25 11:37:57 PDT 2024
;; MSG SIZE  rcvd: 38

$ dig 3120s.com @ns4.blacknight.com +nord +nocmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 23733
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;3120s.com.			IN	A

;; Query time: 32 msec
;; SERVER: 185.38.108.108#53(ns4.blacknight.com) (UDP)
;; WHEN: Thu Apr 25 11:38:03 PDT 2024
;; MSG SIZE  rcvd: 38

This is the DNSVIZ report: 3120s.com | DNSViz

If you are the owner of this domain, you probably would like to remove the bad nameserver entries from the registrar side. And it should fix the problem.

2 Likes

Yes i am the owner of the domain.

I checked into my registrar account and there is no trace of ns3.blacknight.com and ns4.blacknight.com
Attached the details from my account.

My registrar removed ns3.blacknight.com and ns4.blacknight.com some time ago.

They didn’t do that task properly.

They removed the NS records, which are correctly out of your view, according to the nicluded screenshot.

However, they haven’t yet updated (and removed) ns3 and ns4 from the delegation of name servers in the domain registry:

The delegation of name servers there still include ns3 and ns4:

$ dig +norec +noall +auth NS 3120s.com @a.gtld-servers.net
3120s.com.              172800  IN      NS      ns1.blacknight.com.
3120s.com.              172800  IN      NS      ns2.blacknight.com.
3120s.com.              172800  IN      NS      ns3.blacknight.com.
3120s.com.              172800  IN      NS      ns4.blacknight.com.

However, their own name servers, which is what you see on your screenshot, doesn’t include them:

$ dig +norec +noall +answer NS 3120s.com @ns1.blacknight.com.
3120s.com.              3600    IN      NS      ns1.blacknight.com.
3120s.com.              3600    IN      NS      ns2.blacknight.com.
$ dig +norec +noall +answer NS 3120s.com @ns2.blacknight.com.
3120s.com.              3600    IN      NS      ns2.blacknight.com.
3120s.com.              3600    IN      NS      ns1.blacknight.com.

(ns3 and ns4 still seem to be running DNS, but are refusing queries for your domain).

Same can be confirmed with a simple domain WHOIS.

From Blacknight’s own WHOIS server:

$ whois -h whois.blacknight.com 3120s.com | grep "Name Server"
Name Server: NS1.BLACKNIGHT.COM
Name Server: NS2.BLACKNIGHT.COM
Name Server: NS3.BLACKNIGHT.COM
Name Server: NS4.BLACKNIGHT.COM

According to your screenshot, you’re looking in the wrong place, as you are looking in the place where you change DNS records, - not where you delegate the name servers.

Check the above link and see if you can find a way through that, to remove ns3 and ns4 there.

If you can’t on your own, you would need Blacknight to step in and clean up after them.

4 Likes

Many thanks to both Hunts and DarkDeviL for your help and the clear information you provided.
I passed the terminal results to my registrar and they resolved the issue taking away the NS3 and NS4 DNS servers form my domain.

1 Like

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.