We started handling DNS for domain breastfeedingfirst.com with Cloudflare ~a month ago and have just noticed that the DNS doesn’t seem to be correctly propagating. It only handles emails and there are multiple emails into the same account so it wasn’t immediately obvious.
The domain handles emails only.
Emails hosted with Zoho Mail but they can’t verify MX / SPF / DKIM records etc.
I contacted Zoho support and they suggested the domain host, NS issue propogating (pic below)
I contacted the domain host (Dreamscape) and they said it is showing OK, the DNS isn’t properly propagating from Cloudflare which is why the records aren’t sharing correctly.
Any ideas what could be the problem? I have the leonard and lucy NSs set correctly in Dreamscape and all the records requested by Zoho set in Cloudflare.
You will need to consult the documentation at your registrar, Crazy Domains, to see how to update your DNSSEC records with the correct information. This Cloudflare documentation will show you how to find the values that Cloudflare will use to sign your records.
I contacted Dreamscape and asked them to disable DNSSEC on their end (because I read this Cloudflare thread that instructed to do so to fix issues https://developers.cloudflare.com/dns/dnssec/) and they have requested the following info:
Domain Name :
Key Tag :
Algorithm :
Digest Type :
Digest :
However I also provided the link from @epic.network and they said it doesn’t provide the correct info. Where do I find this please?
The link I provided tells you where you can find the details in your Cloudflare dashboard. It isn’t going to provide those details to a third-party. You will need to obtain them from your Cloudflare DNS settings in order to provide them to Dreamscape.
I have now followed your reply, found the DS records and provided it to them, however they are saying that the records are incorrect. Why is this and how do I request new records from CF?
The DNSSEC text is illegible in that screenshot which makes it impossible to confirm. Can you find out what they think is wrong with the values you are providing them?
As soon as Dreamscape removes the existing DNSSEC values they have configured, your DNS should begin responding, albeit without the protection provided by DNSSEC. It is advisable to update the DNSSEC values with those provided by your Cloudflare account. You may be able to generate new key material by disabling and re-enabling DNSSEC in Cloudflare, although that is not necessary.
Is there a way I can make these changes myself? I can’t get past people on the initial chat bot who don’t seem to know what they are doing any more than I do, but I can’t see a way to adjust the records on my end.
It is something I have always done myself. I have never used your registrar, though, and their documentation is somewhat lacking on the topic of DNSSEC, so I can’t offer any practical guidance on how to use their platform.
You may need to escalate your requests to their support chain.
