Delegated subdomain is not resolvable inside a Worker

I have a domain managed in Cloudflare (webtoppings.bar). A subdomain is delegated to another service (proxy.webtoppings.bar) using a bunch of NS records.

Everything seems to resolve fine, except from within a Cloudflare Worker. fetch() to proxy.webtoppings.bar inside a Worker returns 1016 “Origin DNS error”.

I’m still on a free plan, but according to the docs, DNS delegation is supported on all plans.
Any ideas on what might be causing this?

Can I get @MoreHelp here?

I don’t get any issues while performing a fetch to https://proxy.webtoppings.bar. Can you share your code here?

1 Like

@erictung Sure. Here’s the code:

addEventListener('fetch', function(event) {
  event.respondWith(handleRequest());
})

async function handleRequest() {
  return await fetch(`https://proxy.webtoppings.bar/v2/servers/`);
}

It seems to be reproducible only if the worker route is requested from the same site (upper-level domain).
So this gives an error: https://webtoppings.bar/test/
While this works fine: https://patient-glade-6bc7.muodov.workers.dev/
(both urls are mapped to the same worker with the code above)

Do you have a proper Worker route configured for this? Like this:

image

Yes

I was not able to replicate the issue from my side.

I copied your code to my side, create a DNS record on apex level, create a Worker route for example.com/test/, and I was able to load it just fine.

Maybe someone from @MVP is able to spot any issues?

What DNS entries do you have for ‘proxy’? Is it just the NS record(s)? I’m imagining a problem where the Worker checks your DNS records and sees a record for “proxy” that it can’t use.

For the proxy subdomain, it’s just the NS records:

I’m out of ideas. I don’t know why it can’t do a fetch to a valid URL. Try opening a ticket and posting the # here. You might also try asking on the Discord server. Maybe some of the Cloudflare staff there would know how this could happen.

To contact Cloudflare Customer Support, login & go to https://dash.cloudflare.com/?account=support and select get more help. If you receive an automatic response that does not help you, please reply and indicate you need more help.

3 Likes

Just tried it on my own Domain, got the same error.
Worker: https://muodov.goalastair.com/
Vercel with NS: https://vercel.goalastair.com

@eidam suggested a workaround that worked:
I created an extra CNAME in the DNS zone that points to proxy.webtoppings.bar, and specified it in resolveOverride parameter in fetch(). This somehow forced cloudflare to do a full DNS resolution, and follow NS records.
Still looks like a bug to me, but the workaround works, in case someone needs it. :pray:

4 Likes

Glad to see you figured it out :slight_smile:

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.