DNS changes not ebing reflected

Changes to DNS records not being reflected.
I just created a CNAME record that is not being reflected when i check my domain on dns.google

This domain should just “mask” a different address.
For example
if I open the URL

mywebsite.company.com

it will open

asd.acme.com

however the user will always see the URL as

mywebsite.company.com/something.do

The instructions I found is just to create a CNAME to the target address i am looking for.

Can anyone advise?

Thanks.

Hi there,

If you have a CNAME that is proxied (orange-clouded) we will convert that CNAME to an A Record and return IP addresses as you proxy through Cloudflare. I suspect what this is happening here, so if you do an A Record query you should see a response with our Cloudflare IP’s being returned.

If you load https://mywebsite.company.com what happens, do you see your site content does it return?

Normally it is not just a matter of creating a CNAME record, you would need to make sure the server asd.acme.com is configured to accept the host header mywebsite.company.com - but this may have been done for you depending on the hosted service/server you are pointing too.

regards,
Damian

1 Like

Hello Damian,

Thanks for your reply!
You are correct, I also need to configure that website to accept this header, but before I get to that point, i need to make sure that the CNAME is working as expected.

The owner of that website required me to make sure that the CNAME appears showing the target address when opening this website:
https://dns.google/query?name=herisar.com.br&rr_type=CNAME&ecs=

So far it is still resolving to itself, so that is why I created this ticket. Because I was expecting to see the target URL there.

Or am I missing something?

Thanks again!

To achieve this you need to Sset the entry to :grey: DNS Only in the Cloudflare DNS control panel.

1 Like

Thanks cscharff !

I’ll try that and will post the results.

Hi again!

Still not working… when I check the google dns website, it still shows pointing to itself.
Any suggestions?

Thanks.

You cannot add a CNAME for the apex domain. To make it work, Cloudflare automatically flattens it (i.e., replaces it by the IP address).

If you need see the CNAME, you need to create the record for a subdomain, for example www.herisar.com.br. You can then create a redirect from the apex domain to the subdomain here in Cloudflare.

1 Like

Hello Laudian,

Thanks for your reply.
I already have that.
So should I edit the apex with the IP address of the target URL?

dig +short herisar.com.br
149.96.246.1
dig +short www.herisar.com.br
slipstreamitdev.service-now.com.
149.96.246.1

As you can see, both domains resolve to the same IP address, the CNAME for the apex domain is just not visible.
The problem is, the server is not correctly configured to serve your domain. For HTTP requests, it doesn’t respond at all, and for HTTPS, it serves the wrong certificate.

HTTP:

curl -v herisar.com.br
*   Trying 149.96.246.1:80...
* Connected to herisar.com.br (149.96.246.1) port 80 (#0)
> GET / HTTP/1.1
> Host: herisar.com.br
> User-Agent: curl/7.81.0
> Accept: */*
>
* Recv failure: Connection reset by peer
* Closing connection 0
curl: (56) Recv failure: Connection reset by peer

HTTPS:

curl -v https://herisar.com.br
*   Trying 149.96.246.1:443...
* Connected to herisar.com.br (149.96.246.1) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS header, Finished (20):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS header, Finished (20):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server accepted to use http/1.1
* Server certificate:
*  subject: C=US; ST=California; L=San Diego; O=ServiceNow, Inc.; CN=*.service-now.com
*  start date: Jan 20 20:45:47 2023 GMT
*  expire date: Oct 10 20:45:45 2023 GMT
*  subjectAltName does not match herisar.com.br
* SSL: no alternative certificate subject name matches target host name 'herisar.com.br'
* Closing connection 0
* TLSv1.2 (OUT), TLS header, Unknown (21):
* TLSv1.2 (OUT), TLS alert, close notify (256):
curl: (60) SSL: no alternative certificate subject name matches target host name 'herisar.com.br'
More details here: https://curl.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

This is something that your host needs to fix in their server configuration.

1 Like

Oh, that is interesting!

But I believe the server is expecting something else because if I try to register my domain to be accepted, it still shows this:

So probably that “invisible” CNAME is being missed by this server.

Is there any way to make it visible?

Really appreciate your help.

No. You need to add www.herisar.com.br as your domain, not herisar.com.br.

1 Like

Oh !!! that was it !
Now it accepted!

It mentioned that the provisioning is in progress, so that should be.
I’ll update the thread with the results.

Thank you VERY MUCH for your support!

1 Like

Just confirming that it worked as a charm!

Thanks everybody!

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.