DNS Only CNAME Not Propagating For Specific domain (flattening at Apex)

Hello, hoping for new ideas.

I am trying to set this CNAME to verify sender in Mailerlite:

I have tried it with different domains and it propagates right away. But when I do it with niqui.co, it doesn’t want to propagate at all.

If I remove the ._domainkey part it propagates. Once, I add it back in, it stops working.

I don’t know how Cloudflare reads the ._domainkey records so willing to learn.

I find it odd that the record works find for different domains but in this specific domains it fails to propagate.

Any ideas?

~Juan

Do you have any NS records in your Cloudflare DNS? It seems _domainkey.niqui.co is delegated to some external nameservers…

dig +trace +nodnssec -4 litesrv._domainkey.niqui.co

; <<>> DiG 9.18.18-0ubuntu0.22.04.1-Ubuntu <<>> +trace +nodnssec -4 litesrv._domainkey.niqui.co
;; global options: +cmd
.			2228	IN	NS	d.root-servers.net.
.			2228	IN	NS	c.root-servers.net.
.			2228	IN	NS	k.root-servers.net.
.			2228	IN	NS	f.root-servers.net.
.			2228	IN	NS	b.root-servers.net.
.			2228	IN	NS	i.root-servers.net.
.			2228	IN	NS	h.root-servers.net.
.			2228	IN	NS	j.root-servers.net.
.			2228	IN	NS	m.root-servers.net.
.			2228	IN	NS	l.root-servers.net.
.			2228	IN	NS	a.root-servers.net.
.			2228	IN	NS	g.root-servers.net.
.			2228	IN	NS	e.root-servers.net.
;; Received 239 bytes from 127.0.0.53#53(127.0.0.53) in 0 ms

co.			172800	IN	NS	ns1.cctld.co.
co.			172800	IN	NS	ns4.cctld.co.
co.			172800	IN	NS	ns5.cctld.co.
co.			172800	IN	NS	ns2.cctld.co.
co.			172800	IN	NS	ns3.cctld.co.
co.			172800	IN	NS	ns6.cctld.co.
;; Received 466 bytes from 192.33.4.12#53(c.root-servers.net) in 8 ms

niqui.co.		3600	IN	NS	titan.ns.cloudflare.com.
niqui.co.		3600	IN	NS	betty.ns.cloudflare.com.
;; Received 149 bytes from 156.154.104.25#53(ns5.cctld.co) in 4 ms

_domainkey.niqui.co.	300	IN	NS	ns11.infomaniak.ch.
_domainkey.niqui.co.	300	IN	NS	ns12.infomaniak.ch.
;; Received 107 bytes from 162.159.44.93#53(titan.ns.cloudflare.com) in 24 ms
2 Likes

Hey, thank you for the quick reply.

I do see specific NS records but that’s confusing to me since Cloudflare is supposed to be managing the DNS records.

Other CNAME records work fine.

I should state I was newly hired to manage this account so those NS record were there before me.

Is this a situation where there’s server management conflict?

I believe the infomaniak address is were the main website is hosted but they already have A records that are supposed to make the connection to the host possible.

Not sure why they are using NS records, also.

Should I be thinking of removing the NS records?

~Juan

Yes. Unless you have a reason to delegate subdomains to other nameservers, there should be no NS records in your Cloudflare DNS.

1 Like

Much appreciate, I didn’t think of checking those NS records since the A records were already there.

I’ll figure out if they are using it for subdomains and remove the duplication.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.