DNS domain still active in Cloudflare after deletion

Despite not appearing in our account, our domain cam.ac.uk still appears to be active in CloudFlare: if I do “dig ns cam.ac.uk. @earl.ns.cloudflare.com”, they return themselves as the nameservers; if I do “dig www.cam.ac.uk. @earl.ns.cloudflare.com”, I get 172.67.138.178 and 104.21.70.186, which are not our servers.

The nameservers configured for our domain are not Cloudflare and I don’t believe we ever used Cloudflare for our DNS although we did use it for www.cam.ac.uk a few years ago for an abandoned trial.

This appears to be breaking attempts by subdomains of cam.ac.uk to move their sites into Cloudflare where the origin server is under cam.ac.uk as it can’t be looked up, since Cloudflare think they’re authoritative for the domain.

The domain is not showing up under our account so there’s nothing I can do to adjust or disable anything; I assume it’s not associated with our account any more. How can I disable it?

I’m the Hostmaster for cam.ac.uk so I can stick records in there to prove I am in control of the zone, if necessary.

As I’m not a current customer I can’t directly log a ticket with Cloudflare, but I suspect I might need to contact them to find out why the domain is still there. If there anything else I can do?

I’m pretty sure you can still email in a ticket request: support AT cloudflare DOT com

Make sure you use the email address that was on that account. And then post the ticket # here.

Thanks – I’ve tried emailing them, but the ticket was automatically closed. The email address we’ve signed up with is a role address and not one I can send email from: it was closed because it didn’t match any address on file.

I’ll try changing the address or making a new account with my individual email.

They sure do make it hard!

Created one under my individual email.

The ticket is again closed as I don’t have a paid service plan with them.

Well…that’s certainly a big problem. How are they supposed to know you were the actual account owner?

How did you use Cloudflare for ‘www’, but not the root domain? To get ‘www’ to work, you either have to add the entire domain to Cloudflare, or create a CNAME to a third party (Cloudflare Partner).

And…don’t forget this:

Thanks for the reply…

I wasn’t particularly involved in the Cloudflare deployment for www.cam.ac.uk but it looks like we set it to be a CNAME for www.cam.ac.uk.cdn.cloudflare.net, which still exists, so something is still set up there.

As for the authenticating email, I don’t know how this is supposed to work: I’ve added my individual account as a member of the [email protected] account (to give it more “authority” and allow me to email from that) but that still doesn’t work. I tried creating a request directly in the Hostmaster account but got directed to this forum.

I have absolutely no idea what account/email this was all set up against: if I go to this page https://dash.cloudflare.com/websites and put in cam.ac.uk, www.cam.ac.uk or www.cam.ac.uk.cdn.cloudflare.net, I just get “Hmm… We couldn’t find any matching websites.” so I don’t know how I can find how it was set up: if I knew the address (or could get it to send a contact email), I might be able to get into that account or get an email from it.

My support calls were 2255924 and 2255967 (which are now both closed).

I tried logging a call to [email protected] and got the request closed after a day or so, saying I was not the administrator for cam.ac.uk, but they won’t tell me who is — this was 2260853.

So there’s that one and the previous two: 2255924 and 2255967.

Unless there is another route in to resolve this, I will have to tell the people inside our organisation trying to use Cloudflare they’ll have to abandon trying to do so. As their website providers insist on doing so, this will require they shift their website to other providers. Not really supporting your customers, are you Cloudflare? @MoreHelp

There are currently a number of subdomains in your zone using Cloudflare. They look to be either CNAME setups, or using a SSL for SaaS provider, and there might be many more using different search parameters.

Can you explain what you mean here? Are you/your users seeing an error?

I presume you want the ability for subdomain to be added to Cloudflare under a ‘random’ account (not a centrally managed account and bill), with totally separate administrative control. Then the subdomain account holder requests either a CNAME or a subdomain delegation be created in the zone you manage?

As cam.ac.uk is not a public suffix this either requires manual intervention, or an Enterprise account. Currently .gov subdomains require manual intervention, so there may be an internal process you can leverage. @Chris_M or @cloonan might be able to advise how this can be done. (I presume you have enough brand recognition for something to be done here!)

Thanks for the reply…

We have some people wanting to set up (e.g. — this name does not exist, but is an example) www.college.cam.ac.uk through Cloudflare, where the real origin server is something like webserver1.college.cam.ac.uk.

cam.ac.uk is NOT managed in Cloudflare and the address for webserver1.college.cam.ac.uk must be found by using the University DNS. I’m told that when they try to set this up, the get an error that webserver1.college.cam.ac.uk cannot be found and the external consultants doing this say this is because Cloudflare is trying to serve cam.ac.uk itself (indeed, if I do “dig www.trin.cam.ac.uk. @earl.ns.cloudflare.com.” then I get an NXDOMAIN and AUTHORITY: 1).

I don’t know what the cause of this is but I think this might be because we did a trial for www.cam.ac.uk being moved into Cloudflare as a test years ago. This was shut down but remnants of it still seem to be in place.

For example, “dig ns cam.ac.uk. @earl.ns.cloudflare.com.” gives back earl and venus and “dig www.cam.ac.uk.cdn.cloudflare.net. @earl.ns.cloudflare.com.” returns two [incorrect] addresses.

I would have thought that, when we abandoned the trial, all this would have been shut down but it still seems to be there. I’m not aware that anyone here is still running it or paying for it (neither I, as Hostmaster, nor my colleague who runs the webserver know anything about it and aren’t paying for it), so I’m not clear why that’s still there.

This might be nothing to do with it and bearing in mind that I’m not setting up the www.college.cam.ac.uk website, but I’m getting this potential problem reported by contractors of that college who are trying to move it into Cloudflare.

If there IS still something related to cam.ac.uk (itself at that level, breaking DNS lookups to origin servers in that domain) in Cloudflare, then I cannot find a way to get it removed or regain control of it.

Note that I don’t think this will affect people wanting to move front end address into Cloudflare and have the origin servers outside cam.ac.uk (e.g. in AWS) because that won’t involve Cloudflare itself looking up cam.ac.uk addresses, I assume. That seems to work fine and we haven’t had any reports: it’s just this latest origin server in cam.ac.uk.

Thanks in advance. It’s deeply frustrating that this seems to be broken and I don’t seem to be able to resolve it.

The very first problem they will encounter is that they probably cannot add www.college.cam.ac.uk to Cloudflare as it is not a public suffix.

Can the consultants provide a screenshot (redacted) of the error?

I suspect the defunct root domain is a red herring. It’s difficult to test, as I don’t have an inactive CNAME setup that I can use. If you run dig ns cam.ac.uk @lee.ns.cloudflare.com you will get back the nameservers for my newly created and inactive copy of the zone. But unless that zone is activated, nobody will ever use my copy of the zone for resolution. Usually, inactive domains get purged, but on a CNAME setup I don’t believe that happens.

It is always going to be difficult to get any Cloud provider to tell you who an account holder is, regardless of how much information you can provide. Removing the unused account is probably not related to your issue, but if one of the two people I tagged earlier read this thread they can probably send out an email to the account holder to contact your [email protected] address.

Thanks for the reply. I’ll contact the consultants.

If the cam.ac.uk DNS domain being present on the servers is a red herring (they were saying that, because it was there, Cloudflare couldn’t look up the origin server in cam.ac.uk) that is not a problem. I wonder if they added cam.ac.uk, because that’s the name of the DNS zone, that’s broken the ability of their Cloudflare service (however that works) to look up the origin server.

As I said earlier, I think, in most cases, people are adding websites under cam.ac.uk but then the origin is something outside cam.ac.uk, so it doesn’t matter that cam.ac.uk is essentially broken, in that instance.

Unfortunately, I’m getting all this second hand (in some cases third, via the college) — it’s the consultants reporting this to me, so I’ll suggest this to them and get more information. I don’t know if it’s possible to get that without moving the name because the last time I moved the name, the website broke for several hours (they only requested it changed back outside hours, so it was off until the next morning!).

Thanks — this may be clearing things up!