DNS downtime seen when migrating wildcard domains to cloudflare nameservers

I followed the following steps:

I set up all my records in Cloudflare, choosing ‘grey cloud’ mode.

I queried both my old and new nameservers directly to ensure they were both returning correct results:

dig i7.mydomain.c0m @chloe.ns.Cloudflare.c0m

; <<>> DiG 9.11.3-1ubuntu1.2-Ubuntu <<>> i7.mydomain.c0m @chloe.ns.Cloudflare.c0m
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38799
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;i7.mydomain.c0m.		IN	A

;; ANSWER SECTION:
i7.mydomain.c0m.	300	IN	A	123.123.123.123

;; Query time: 10 msec
;; SERVER: 173.245.58.85#53(173.245.58.85)
;; WHEN: Fri Oct 05 10:07:14 BST 2018
;; MSG SIZE  rcvd: 60

dig i7.mydomain.c0m @dns4.mtgsy.c0m

; <<>> DiG 9.11.3-1ubuntu1.2-Ubuntu <<>> i7.mydomain.c0m @dns4.mtgsy.c0m
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39830
;; flags: qr aa rd ad; QUERY: 1, ANSWER: 1, AUTHORITY: 5, ADDITIONAL: 10
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 342caca185052c1e (echoed)
;; QUESTION SECTION:
;i7.mydomain.c0m.		IN	A

;; ANSWER SECTION:
i7.mydomain.c0m.	1800	IN	A	123.123.123.123

;; AUTHORITY SECTION:
mydomain.c0m.		86400	IN	NS	dns2.name-s.net.
mydomain.c0m.		86400	IN	NS	dns0.mtgsy.c0m.
mydomain.c0m.		86400	IN	NS	dns1.name-s.net.
mydomain.c0m.		86400	IN	NS	dns3.mtgsy.c0m.
mydomain.c0m.		86400	IN	NS	dns4.mtgsy.c0m.

;; ADDITIONAL SECTION:
dns2.name-s.net.	86400	IN	A	74.207.254.12
dns2.name-s.net.	86400	IN	AAAA	2600:3c01::f03c:91ff:feae:2404
dns0.mtgsy.c0m.		25200	IN	A	72.249.29.226
dns1.name-s.net.	86400	IN	A	37.247.49.35
dns1.name-s.net.	86400	IN	AAAA	2a00:dcc0:eda:3749:247:49:35:1
dns3.mtgsy.c0m.		25200	IN	A	162.243.59.139
dns3.mtgsy.c0m.		25200	IN	A	66.228.62.33
dns4.mtgsy.c0m.		25200	IN	A	178.79.133.227
dns4.mtgsy.c0m.		25200	IN	AAAA	2a01:7e00::f03c:91ff:fe96:f238

;; Query time: 18 msec
;; SERVER: 178.79.133.227#53(178.79.133.227)
;; WHEN: Fri Oct 05 10:07:15 BST 2018
;; MSG SIZE  rcvd: 407

I then changed the registrar nameservers over. A few hours later, healthchecks started seeing failed DNS lookups, and dig returned:

dig i7.mydomain.c0m

; <<>> DiG 9.10.6 <<>> i7.mydomain.c0m
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5167
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1452
;; QUESTION SECTION:
;i7.mydomain.c0m.        IN    A

;; AUTHORITY SECTION:
mydomain.c0m.        3600    IN    SOA    chloe.ns.Cloudflare.c0m. dns.Cloudflare.c0m. 2029034091 10000 2400 604800 3600

;; Query time: 850 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Thu Oct 04 20:45:04 BST 2018
;; MSG SIZE  rcvd: 104

After 30 mins or so, the issue resolved itself.

What happened? It looks like chloe.ns.Cloudflare.c0m returned an empty result set for my wildcard domain.

This topic was automatically closed after 31 days. New replies are no longer allowed.