I have an app hosted on Heroku which is linked to the ai-ink dot me (Sorry having too much trouble with links). The domain is registered with Squarespace and I use custom nameservers provided by Cloudflare in squarespace.
I copied the DNS targets provided by Heroku into Cloudflare where I have added 2 CNAME records, one for the root and one for www
I also have setup SSL from Cloudflare with full protection and copied the keys to Heroku where it seems to be configured correctly.
Looking at DNS propagation checker, I see the A records which I believe are flattened from the CNAME records. However, while navigating to the site I see the DNS_PROBE_FINISHED_NXDOMAIN error.
Thanks a lot for the quick answer DarkDeviL.
So currently on Cloudflare I have DNSSEC disabled.
The domain is registered with squarespace although the underlying registrar is Tucows. On squarespace since I use custom nameservers (from Cloudspace) no DNSSEC configuration is present and Tucows doesn’t seem to have any way to configure DNSSEC either so am a bit lost
Tucows is a wholesale registrar. They sell through other businesses and list the resale partner and their support contract in their whois records. Your shows Squarespace is the resale partner.
whois -h whois.tucows.com ai-ink.me
WHOIS QUERY RATE LIMIT EXCEEDED. PLEASE WAIT AND TRY AGAIN.
This information was obtained from a different whois server, so we cannot verify its authenticity.
Registration Service Provider:
I don’t know what the story is with the rate limit notice. It is appearing even fro Tucows on web interface to their whois. The fact that you set your nameservers through Squarespace means that they are your registrar. Your registrar is the only place you can set your nameservers.
You may need to open a support request with Squarespace. As your registrar, not only is it their responsibility to submit your DNSSEC material to the parent zone nameservers, they are the only ones who can.
Thanks @epic.network. I opened a support case with Squarespace and this was their response which isn’t very helpful
Thank you for contacting Sqaurespace. Looking at your domain on whois.com. I can see Sqaurespace isnt the register. So we wouldnt provide DNSSEC. Below I will leave a guide that im sure will help you with this issue.
Thanks @epic.network… I just sent them a note again. I am trying to transfer out the domain but I had just recently transferred it from Google Domains to squarespace and Tucows has a 60 day lock in period for the domain.
One question I had was how do I prove that the domain name has been configured with DNSSEC enabled at the domain registrar, which apparently seems to be Tucows Domains Inc. which @DarkDeviL mentioned before. Is there a particular who command which shows this ?