Cloudflare sub-domain DNS not working - resulting address is wrong; setup appears correct

DNS name resolution doesn’t appear to be working for a sub-domain hosted on Cloudflare. The primary domain is also hosted here. We type in the sub-domain URL and it doesn’t get to where it seems like it should be pointing. Things were configured a number of months ago, and were working well, until just recently.

The sub-domain = east.studiosuite.com; it points at 52.44.179.57. But when doing a ping or lookup or other things, the IP returned is 172.67.136.184, or 104.21.62.152.

I have checked some things, and I THINK that they are all configured correctly.
• Main domain is using an A record (not a CNAME).
• Maid domain is not set to Proxy. (Should it?)
• Audit Log for our account shows the new sub-domain being set up on 2021.6.09, and nothing changing with it since then. IP address at setup is what is currently showing in the DNS configuration page.
• The sub-domain IS configured for ‘Proxied’. (So maybe these IP addresses showing in the DNS cache are the proxies… but then why isn’t traffic getting forwarded/through?)
• ICANN Lookup tool reports that Cloudflare is the Name server for our domain
• Have tried OpenDNS caching check reports the wrong IP addresses: 104.21.62.152 & 172.67.136.184 (this makes sense, because that is where it is ending up… but this is not what it is supposed to be - i.e. this is not the IP configured in the Cloudflare DNS setup.)
• OpenDNS cache flushing doesn’t yield any changes
• The Cloudflare diagnostics page reports a few things, but nothing that would seem to be causing this breakage.
• NSLookup for the sub-domain and the domain from my machine (MacOS terminal):

$ nslookup -type=ns east.studiosuite.com
Server: 2001:558:feed::1
Address: 2001:558:feed::1#53

Non-authoritative answer:
*** Can't find east.studiosuite.com: No answer

Authoritative answers can be found from:
studiosuite.com
origin = adel.ns.cloudflare.com
mail addr = dns.cloudflare.com
serial = 2037493055
refresh = 10000
retry = 2400
expire = 604800
minimum = 3600


$ nslookup -type=ns studiosuite.com
Server: 2001:558:feed::1
Address: 2001:558:feed::1#53

Non-authoritative answer:
studiosuite.com nameserver = bob.ns.cloudflare.com.
studiosuite.com nameserver = adel.ns.cloudflare.com.

Authoritative answers can be found from:
adel.ns.cloudflare.com internet address = 108.162.192.55
adel.ns.cloudflare.com internet address = 172.64.32.55
adel.ns.cloudflare.com internet address = 173.245.58.55
adel.ns.cloudflare.com has AAAA address 2803:f800:50::6ca2:c037
adel.ns.cloudflare.com has AAAA address 2a06:98c1:50::ac40:2037
adel.ns.cloudflare.com has AAAA address 2606:4700:50::adf5:3a37
bob.ns.cloudflare.com internet address = 172.64.33.104
bob.ns.cloudflare.com internet address = 108.162.193.104
bob.ns.cloudflare.com internet address = 173.245.59.104
bob.ns.cloudflare.com has AAAA address 2a06:98c1:50::ac40:2168
bob.ns.cloudflare.com has AAAA address 2803:f800:50::6ca2:c168
bob.ns.cloudflare.com has AAAA address 2606:4700:58::adf5:3b68

• If I enter the IP (either of the two incorrect ones shown in the OpenDNS cache results) directly into a browser, I get:

# Error 1003

Ray ID: 68916a349e941482 • 2021-09-03 19:34:19 UTC

## Direct IP access not allowed

## What happened?

You've requested an IP address that is part of the Cloudflare network. A valid Host header must be supplied to reach the desired website.

• We have a special app client (non-Browser, not HTTP; TCP on port 5003) that fails to connect to this server.
• We are able to connect to the server (using Https://east.studiosuite.com) with a browser. But that is not the use case I’m trying to solve.

I’m not sure what else to check or try. Any advice on how to test, verify, or configure… something?

Thanks.

In short, your configuration is okay.

Added a few more tidbits to the end of my original post:

• We have a special app client (non-Browser, not HTTP; TCP on port 5003) that fails to connect to this server.
• We are able to connect to the server (using Https://east.studiosuite.com) with a browser. But that is not the use case I’m trying to solve.

Cloudflare neither supports 5003 nor non-HTTP protocols. But that’s a whole different story from what you originally posted.

What you can do is unproxy your record. In that case everything will work, but you won’t be using the proxies.

3 Likes

Oh, that’s very different, then. Cloudflare doesn’t proxy that port. Click on the :orange: in your DNS page to toggle it to :grey: and it should start working within five minutes.

2 Likes

Doh!! Well that would explain things. Sigh.

I’ll have to read up on that.

Yes, changing the Proxy setting to ‘DNS’ allowed traffic to connect with our client app. Thanks for pointing this Port support issue out.

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.