DNS not propagating for .com domain

Hi!

I have this weird issue where my DNS is not propagating.

The domain is on GoDaddy, Nameservers are pointed to cloudflare and the dns is configured:

However, in most locations DNS is just not propagating:

I’ve waited for 24 hours already.

Any clue whats wrong here?

You have a DNSSEC issue…
https://cf.sjr.org.uk/tools/check?25c2a500e19d458bb16fbbecfb82be9a#dns

You need to either disable DNSSEC at your registrar, or enable it at Cloudflare and copy the DS records to your registrar from your dashboard here…
https://dash.cloudflare.com/?to=/:account/:zone/dns/settings

2 Likes

Thanks!

@sjr I still have an issue tho. I disabled DNSSEC, but my url keeps giving me a ssl error:
https://git.boriskamp.com/

The letsencrypt ssl certs are created by gitlab and I see no errors in the logs.

Cloudflare’s SSL is set to strict.

Do you have any clue what might be wrong?

EDIT
I see the certificate is still pending. Is this a certificate handed out cloudflare itself? What about the cert created by gitlab?

Will this work if the root domain (boriskamp.com) is empty and has no DNS records, see my first screenshot in the opening post.

The Universal SSL certificate seems to be ready…
https://cf.sjr.org.uk/tools/check?53055131121d46df908930bea0accbc5#connection-server-https

I’m not sure about the Github certificate - you may need to leave the Cloudflare DNS records as “DNS only” for a time if that certificate is only generated once your DNS records are validated. Make sure your Cloudflare SSL/TLS setting is set to “Full (strict)” so that certificate is validated…
https://dash.cloudflare.com/?to=/:account/:zone/ssl-tls

Note that www.git is a second-level subdomain and won’t be covered by the Universal SSL certificate (which covers example.com and *.example.comonly). If you need a certificate for that, you will have to use an Advanced Certificate.

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.