DNS Only CNAME Not Propagating For Specific domain (flattening at Apex)

Hello, hoping for new ideas.

I am trying to set this CNAME to verify sender in Mailerlite:

I have tried it with different domains and it propagates right away. But when I do it with niqui.co, it doesn’t want to propagate at all.

If I remove the ._domainkey part it propagates. Once, I add it back in, it stops working.

I don’t know how Cloudflare reads the ._domainkey records so willing to learn.

I find it odd that the record works find for different domains but in this specific domains it fails to propagate.

Any ideas?


Do you have any NS records in your Cloudflare DNS? It seems _domainkey.niqui.co is delegated to some external nameservers…

dig +trace +nodnssec -4 litesrv._domainkey.niqui.co

; <<>> DiG 9.18.18-0ubuntu0.22.04.1-Ubuntu <<>> +trace +nodnssec -4 litesrv._domainkey.niqui.co
;; global options: +cmd
.			2228	IN	NS	d.root-servers.net.
.			2228	IN	NS	c.root-servers.net.
.			2228	IN	NS	k.root-servers.net.
.			2228	IN	NS	f.root-servers.net.
.			2228	IN	NS	b.root-servers.net.
.			2228	IN	NS	i.root-servers.net.
.			2228	IN	NS	h.root-servers.net.
.			2228	IN	NS	j.root-servers.net.
.			2228	IN	NS	m.root-servers.net.
.			2228	IN	NS	l.root-servers.net.
.			2228	IN	NS	a.root-servers.net.
.			2228	IN	NS	g.root-servers.net.
.			2228	IN	NS	e.root-servers.net.
;; Received 239 bytes from in 0 ms

co.			172800	IN	NS	ns1.cctld.co.
co.			172800	IN	NS	ns4.cctld.co.
co.			172800	IN	NS	ns5.cctld.co.
co.			172800	IN	NS	ns2.cctld.co.
co.			172800	IN	NS	ns3.cctld.co.
co.			172800	IN	NS	ns6.cctld.co.
;; Received 466 bytes from in 8 ms

niqui.co.		3600	IN	NS	titan.ns.cloudflare.com.
niqui.co.		3600	IN	NS	betty.ns.cloudflare.com.
;; Received 149 bytes from in 4 ms

_domainkey.niqui.co.	300	IN	NS	ns11.infomaniak.ch.
_domainkey.niqui.co.	300	IN	NS	ns12.infomaniak.ch.
;; Received 107 bytes from in 24 ms

Hey, thank you for the quick reply.

I do see specific NS records but that’s confusing to me since Cloudflare is supposed to be managing the DNS records.

Other CNAME records work fine.

I should state I was newly hired to manage this account so those NS record were there before me.

Is this a situation where there’s server management conflict?

I believe the infomaniak address is were the main website is hosted but they already have A records that are supposed to make the connection to the host possible.

Not sure why they are using NS records, also.

Should I be thinking of removing the NS records?


Yes. Unless you have a reason to delegate subdomains to other nameservers, there should be no NS records in your Cloudflare DNS.

1 Like

Much appreciate, I didn’t think of checking those NS records since the A records were already there.

I’ll figure out if they are using it for subdomains and remove the duplication.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.