DNS propagation issues after 5 days

Website, Application, Performance DNS & Network
1

I’m running into some odd DNS issues. Last Friday I transferred some domains from my personal Google Domains into the business’ Godaddy account to consolidate domain ownership as they should be. Updated the nameservers to Cloudflare immediately after godaddy finished the transfer, so it’s been a solid 5 days since then.

As seen here, there seems to be partial propagation, but plenty of servers that aren’t quite picking up the change
whatsmydns(dot)net/#NS/solgen.app
whatsmydns(dot)net/#NS/solgen.rocks

When attempting to issue SSL certs from Lets Encrypt, I get this error:

ERROR: Challenge is invalid! (returned: invalid) (result: ["type"]	"http-01"
["status"]	"invalid"
["error","type"]	"urn:ietf:params:acme:error:dns"
["error","detail"]	"DNS problem: SERVFAIL looking up A for solgen.app - the domain's nameservers may be malfunctioning; DNS problem: SERVFAIL looking up AAAA for solgen.app - the domain's nameservers may be malfunctioning"
["error","status"]	400
["error"]	{"type":"urn:ietf:params:acme:error:dns","detail":"DNS problem: SERVFAIL looking up A for solgen.app - the domain's nameservers may be malfunctioning; DNS problem: SERVFAIL looking up AAAA for solgen.app - the domain's nameservers may be malfunctioning","status":400}
["url"]	"https://acme-v02.api.letsencrypt.org/acme/chall-v3/148234363777/e-T0_A"
["token"]	"rkamQYT9NtgnO-a5puuCYclk0TF7dlZTgCLwEsnke8w"
["validated"]	"2022-08-31T16:25:21Z")

Dig gives similar results:

$ dig solgen.app

; <<>> DiG 9.16.1-Ubuntu <<>> solgen.app
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 56370
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; OPT=15: 00 09 6e 6f 20 53 45 50 20 6d 61 74 63 68 69 6e 67 20 74 68 65 20 44 53 20 66 6f 75 6e 64 20 66 6f 72 20 73 6f 6c 67 65 6e 2e 61 70 70 2e ("..no SEP matching the DS found for solgen.app.")
;; QUESTION SECTION:
;solgen.app.                    IN      A

;; Query time: 160 msec
;; SERVER: 172.21.144.1#53(172.21.144.1)
;; WHEN: Wed Aug 31 09:30:34 PDT 2022
;; MSG SIZE  rcvd: 89

Any ideas here? Godaddy is saying it’s a Cloudflare issue and longer than 5 days for propagation seems like it may not be that.

2

Seems like a DNSSEC issue to me while checking it via :thinking: :

Screenshot 2022-08-31 at 18-34-50 DNSSEC Analyzer - solgen.app
Screenshot 2022-08-31 at 18-34-50 DNSSEC Analyzer - solgen.app615×744 41.8 KB

If you recently changed your domain nameservers, have you checked if the DNSSEC was disabled and any DS records removed at your domain registrar before domain nameservers were changed? :thinking:

It seems to me like DNSSEC was enabled before you changed your domain nameservers to Cloudflare.

Kindly, I’d suggest you to contact and ask your domain registrar to disable DNSSEC for your domain and remove any of the existing DS records at their interface.

Nevertheless, you might have to wait up to 48 or 72 hours for proper DNS propagation and to clear the DS/DNSSEC entries for your domain name.

3 Likes
3

I will reach out to Godaddy and see if they can’t clear out the DNSSEC/DS entries, possibly. Thank you

1 Like
4

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.