CNAME DNS Records suddenly missing


I understand propagation, so let me preface here:

The CNAMEs were added yesterday and were working as of last night. I made a modification of the CNAME to point to a different origin and went to bed. This morning when I woke up I expected one of two outcomes:

[1] The CNAME was resolving to the right location.
[2] For some reason it was still resolving to the old.

Instead, what I find is that the DNS servers are not reporting back that a CNAME exists at all. I’ve validated from my local machine and using about 10 different DNS check tools online and propagation checkers. In each case CNAME records are listed as not existing/not found.

I submitted a case to CloudFlare and the engineer proceeded to explain about 404 backend server issues, which are irrelevant to my query. My main A record does indeed not resolve, but that is intentional for now and does not respond to the CNAME not existing in the DNS record.

Is there something I can do to kick CloudFlare back into shape?



Without you specifying what is the hostname.domain (a.k.a. FQDN) with the issue, there’s not much that we can check…

it “should” work…





Resolves well for me, to a Cloudflare IP, and HTTPS request works fine:

$ dig

; <<>> DiG 9.13.5 <<>>
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41125
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

; EDNS: version: 0, flags:; udp: 65494
;         IN      A

;; ANSWER SECTION:  300     IN      A  300     IN      A

;; Query time: 307 msec
;; WHEN: Wed Feb 06 22:22:37 IST 2019
;; MSG SIZE  rcvd: 82
$ curl -v 
*   Trying 2606:4700:30::681c:88f...
* Connected to (2606:4700:30::681c:88f) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
*  subject: C=US; ST=CA; L=San Francisco; O=CloudFlare, Inc.;
*  start date: Feb  6 00:00:00 2019 GMT
*  expire date: Feb  6 12:00:00 2020 GMT
*  subjectAltName: host "" matched cert's "*"
*  issuer: C=US; ST=CA; L=San Francisco; O=CloudFlare, Inc.; CN=CloudFlare Inc ECC CA-2
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x56162c026db0)
> GET / HTTP/2
> Host:
> User-Agent: curl/7.63.0
> Accept: */*
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
* Connection state changed (MAX_CONCURRENT_STREAMS == 256)!
< HTTP/2 200 
< date: Wed, 06 Feb 2019 20:22:53 GMT
< content-type: text/html; charset=utf-8
< set-cookie: __cfduid=db5d278c5d64104f53bb1927394c87fd81549484573; expires=Thu, 06-Feb-20 20:22:53 GMT; path=/;; HttpOnly
< x-powered-by: Express
< expect-ct: max-age=604800, report-uri=""
< server: cloudflare
< cf-ray: 4a5054d7e936b75f-CDG

<!DOCTYPE html>
                <link href="//" rel="stylesheet" />
                <link href="//,300,600,700" rel="stylesheet" type="text/css" />
                <link rel="icon" href="/assets/homebrew/favicon.ico" type="image/x-icon" />
                <title>The Homebrewery - NaturalCrit</title>

1 Like


Thanks Simi, should have checked before I pasted the link - it does indeed appear to be working now. I appreciate the deeper dive then the CSE even if it was for an already resolved issue.



I can delete my previous message (and so can you for yours) if you’re worried about your domain being public. Let me know.


closed #7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.