My domain is unable to connect with my server if i proxy it through Cloudflare, it works fine if i do not proxy the domain. I suspect DNSSEC but i cannot disable it? It has now been 24 hours and it still says:
“Your DNSSEC setup will be disabled as soon as we detect that the DS record has been removed from your registrar.”
But Cloudflare is my registrar? How do i get my domain working again?
I would test the hostname that you have an issue with, as well as the hostname of the origin (the value you have configured in the DNS dashboard). I would expect that Cloudflare would fail to resolve an origin when the target of a CNAME which is has broken DNSSEC.
I’m guessing that Cloudflare will continue to serve signed responses for your domain until they confirm the parent zone has removed the DS records, and enough time has passed for the DS records in the parent zone to have expired (I think this is usually twice the TTL). If they did not do this there is a chance that users would think the zone is signed (due to cached DS records) but the authorative nameservers are no longer signing the responses.
The reason i think it is DNSSEC is that it is a brand new domain never used for anything, it has 1 A record which points to the correct server, if i disable proxying through Cloudflare it connect perfectly to the server, if i enable proxying it fails to connect. I did however enable DNSSEC when the domain was registered at another registrar and then moved it to Cloudflare afterwards, maybe something went wrong?
No i have not setup SSL yet and have disabled it in Cloudflare for the moment, i need to get the domain working with proxying before setting up SSL.
DNSSEC needs to be disabled before initiating a transfer (as per the documentation):
Well that is a little too late now, i was using Cloudflare for DNS before but the domain was registrered elsewhere, i moved the domain to Cloudflare afterwards.
Thats the thing! The origin server is working with as soon as i enable Cloudflare it stops working with the HTTP 523 error. I have SSL disabled on the server and Cloudflare until i can get it working.
Would you feel comfortable sharing your server IP address here?
But if it is a 523 on your side too, it is not a DNSSEC issue. Cloudflare is not able to reach your server, you possibly have a firewall on your server which prevents Cloudflare from connecting.