DNS entries for my domain are not being resolved correctly; DNS cache poisoning?

Hi,

My domain tabvlorasa.com is registered with Namecheap. At some stage a few months ago I was a victim of a DNS cache poisoning attack so I moved off Namecheap’s FreeDNS and pointed my DNS to Cloudflare. That helped, for a while.

Last week I noticed that my site was resolving to a different address. I have updated my DNS entries in Cloudflare almost a week ago, setup DNSSEC etc, but DNS checkers still show that the website resolves incorrectly.

E.g. “A” Records are incorrectly pointing to 104.18.45.148 whilst CNAME records are not pointing to anything at all when I have actually filled them.

Reverse IP lookup of the address 104.18.45.148 seems to point to a site that is peered through Cloudflare (If I’m reading the WHOIS right). Is it possible that another user setup their Cloudflare account with my domain?

Could you share the subdomain of some of these CNAMEs?


As for the main question, “incorrectly pointing to 104”, that would likely be because Cloudflare’s main product is a proxy service (see How does Cloudflare work) so that it can provide DDOS protection, SSL, etc. To do this it puts a CF server in front of the actual server and proxies the origin website to provide services.

To fix:
I recommend going to your DNS tab, finding the CNAME’s, A records, etc that are currently showing up with an orange cloud :orange:, and clicking that orange cloud so that they turn to grey clouds :grey:. This will put them in DNS-only mode and should make them now resolve to the origin IP addresses and/or CNAMEs.

1 Like

The CNAMEs are pointing to squarespace.

Thanks a lot for the explanation about the proxy! I hadn’t fully appreciated that. I’ve changed the entries to DNS only mode and will see if that fixes it.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.