I followed the following steps:
I set up all my records in Cloudflare, choosing ‘grey cloud’ mode.
I queried both my old and new nameservers directly to ensure they were both returning correct results:
dig i7.mydomain.c0m @chloe.ns.Cloudflare.c0m
; <<>> DiG 9.11.3-1ubuntu1.2-Ubuntu <<>> i7.mydomain.c0m @chloe.ns.Cloudflare.c0m
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38799
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;i7.mydomain.c0m. IN A
;; ANSWER SECTION:
i7.mydomain.c0m. 300 IN A 123.123.123.123
;; Query time: 10 msec
;; SERVER: 173.245.58.85#53(173.245.58.85)
;; WHEN: Fri Oct 05 10:07:14 BST 2018
;; MSG SIZE rcvd: 60
dig i7.mydomain.c0m @dns4.mtgsy.c0m
; <<>> DiG 9.11.3-1ubuntu1.2-Ubuntu <<>> i7.mydomain.c0m @dns4.mtgsy.c0m
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39830
;; flags: qr aa rd ad; QUERY: 1, ANSWER: 1, AUTHORITY: 5, ADDITIONAL: 10
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 342caca185052c1e (echoed)
;; QUESTION SECTION:
;i7.mydomain.c0m. IN A
;; ANSWER SECTION:
i7.mydomain.c0m. 1800 IN A 123.123.123.123
;; AUTHORITY SECTION:
mydomain.c0m. 86400 IN NS dns2.name-s.net.
mydomain.c0m. 86400 IN NS dns0.mtgsy.c0m.
mydomain.c0m. 86400 IN NS dns1.name-s.net.
mydomain.c0m. 86400 IN NS dns3.mtgsy.c0m.
mydomain.c0m. 86400 IN NS dns4.mtgsy.c0m.
;; ADDITIONAL SECTION:
dns2.name-s.net. 86400 IN A 74.207.254.12
dns2.name-s.net. 86400 IN AAAA 2600:3c01::f03c:91ff:feae:2404
dns0.mtgsy.c0m. 25200 IN A 72.249.29.226
dns1.name-s.net. 86400 IN A 37.247.49.35
dns1.name-s.net. 86400 IN AAAA 2a00:dcc0:eda:3749:247:49:35:1
dns3.mtgsy.c0m. 25200 IN A 162.243.59.139
dns3.mtgsy.c0m. 25200 IN A 66.228.62.33
dns4.mtgsy.c0m. 25200 IN A 178.79.133.227
dns4.mtgsy.c0m. 25200 IN AAAA 2a01:7e00::f03c:91ff:fe96:f238
;; Query time: 18 msec
;; SERVER: 178.79.133.227#53(178.79.133.227)
;; WHEN: Fri Oct 05 10:07:15 BST 2018
;; MSG SIZE rcvd: 407
I then changed the registrar nameservers over. A few hours later, healthchecks started seeing failed DNS lookups, and dig returned:
dig i7.mydomain.c0m
; <<>> DiG 9.10.6 <<>> i7.mydomain.c0m
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5167
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1452
;; QUESTION SECTION:
;i7.mydomain.c0m. IN A
;; AUTHORITY SECTION:
mydomain.c0m. 3600 IN SOA chloe.ns.Cloudflare.c0m. dns.Cloudflare.c0m. 2029034091 10000 2400 604800 3600
;; Query time: 850 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Thu Oct 04 20:45:04 BST 2018
;; MSG SIZE rcvd: 104
After 30 mins or so, the issue resolved itself.
What happened? It looks like chloe.ns.Cloudflare.c0m returned an empty result set for my wildcard domain.