DNS records not propagating in most of the world and throughout CloudflareDNS
What steps have you taken to resolve the issue?
Issue is fixed if I use VPN or switch to Quad9 DNS
What feature, service or problem is this related to?
DNS not responding/updating
What are the steps to reproduce the issue?
I am helping in managing a small community forum and recently took over admin duties completely. This website was already behind Cloudflare with old admin account. We first changed nameservers to my account and then deleted it from his account. I’ve also switched to much better VPS at the same time.
Issue is after Cloudflare account switch from old admin to mine and VPS switch, records are not propagating and lot of users, including me have issues accessing website all across Eastern Europe. It’s been more than 72h after the switch.
We don’t have DNSSEC enabled on this domain, so that’s definitely not it.
It doesn’t even propagate correctly to Cloudflare 1.1.1.1 servers in my country (Kazakhstan). I am testing with Firefox, using DNS DoH and Cloudflare as my provider.
If I try access the domain, it just doesn’t load anything, no error, just endless loop of loading. DNS cache, cookies and site data cleared prior. If I turn on VPN (through my VPS in Germany with Vultr), site loads instantly with the same 1.1.1.1 DoH. Meaning that DNS records are not propagating correctly inside Cloudflare geography. If I test with Quad9 (9.9.9.9) clearing DNS cache in browser and OS, site loads normally with or without VPN. Returning to 1.1.1.1 or my ISP DNS I get same issues with infinite loading loop if accessing without VPN.
What answer do you get to DNS that lead you to believe Cloudflare is not returning the right values?
There are other reasons this could occur such as your ISP blocking the IP addresses returned.
It’s possible 1.1.1.1 and 9.9.9.9 could be returning different IP addresses, that doesn’t mean the IP addresses being returned are incorrect.
What values does 1.1.1.1 return? Your ISP? 9.9.9.9?
The screenshot you’ve provided is from a tool that doesn’t really work for anything. If you enter google.com or any other domain in the same tool it will return failures for DNS.
; <<>> DiG 9.10.6 <<>> @1.1.1.1 nextstage.ru
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4332
;; flags: qr rd ra; QUERY: 1, ANSWER: 7, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;nextstage.ru. IN A
;; ANSWER SECTION:
nextstage.ru. 199 IN A 104.21.32.1
nextstage.ru. 199 IN A 104.21.48.1
nextstage.ru. 199 IN A 104.21.80.1
nextstage.ru. 199 IN A 104.21.16.1
nextstage.ru. 199 IN A 104.21.112.1
nextstage.ru. 199 IN A 104.21.96.1
nextstage.ru. 199 IN A 104.21.64.1
;; Query time: 11 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Tue Jun 03 20:16:29 +05 2025
;; MSG SIZE rcvd: 153
9.9.9.9:
; <<>> DiG 9.10.6 <<>> @9.9.9.9 nextstage.ru
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39294
;; flags: qr rd ra; QUERY: 1, ANSWER: 7, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;nextstage.ru. IN A
;; ANSWER SECTION:
nextstage.ru. 155 IN A 104.21.112.1
nextstage.ru. 155 IN A 104.21.80.1
nextstage.ru. 155 IN A 104.21.64.1
nextstage.ru. 155 IN A 104.21.48.1
nextstage.ru. 155 IN A 104.21.32.1
nextstage.ru. 155 IN A 104.21.96.1
nextstage.ru. 155 IN A 104.21.16.1
;; Query time: 37 msec
;; SERVER: 9.9.9.9#53(9.9.9.9)
;; WHEN: Tue Jun 03 20:17:13 +05 2025
;; MSG SIZE rcvd: 153
1.1.1.1 with VPN on:
<<>> DiG 9.10.6 <<>> @1.1.1.1 nextstage.ru
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50390
;; flags: qr rd ra; QUERY: 1, ANSWER: 7, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;nextstage.ru. IN A
;; ANSWER SECTION:
nextstage.ru. 300 IN A 104.21.48.1
nextstage.ru. 300 IN A 104.21.16.1
nextstage.ru. 300 IN A 104.21.96.1
nextstage.ru. 300 IN A 104.21.112.1
nextstage.ru. 300 IN A 104.21.64.1
nextstage.ru. 300 IN A 104.21.80.1
nextstage.ru. 300 IN A 104.21.32.1
;; Query time: 406 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Tue Jun 03 20:21:32 +05 2025
;; MSG SIZE rcvd: 153
They are all similar, but in different order. As I said, we have maybe 100 active users, from Ukraine, Russia and Eastern Europe. Issues are widespread, some are affected across multiple countries and ISPs, while others are fine and can open site without issues. Even on the same ISPs it works for some, but not the others.
Just to add, I think this is related to DNS, otherwise why would switching to 9.9.9.9 fix it without turning on VPN?
But now I am not exactly sure. This is not the server issue either, if I manually put my server IP for domain, site loads without issues bypassing Cloudflare completely.
Maybe this is related with the fact, that we moved Cloudflare management from one account to another and that somehow broke proxy/DNS?
The DNS entries are the same… a random ordered list is returned from all of your queries so it’s working. More likely is a particular ISP is being blocked by your ISP or State Actor.
It’s not the ISP, so far I have reports from 18 users in 5 different countries on 12 different ISPs. It’s something with Cloudflare proxy that causing it.
Simple test I did — I’ve added new clean domain to my Cloudflare, deployed a new dummy site (wordpress install) on it on the same VPS as the domain in the OP and point Cloudflare to that VPS with CDN proxy on.
It opens without issues for me and 2 users who have issues with main site that I asked to test it.
I’ve actually found few threads on stackoverflow and on reddit, people complaining about exact same issue — transferring Cloudflare NS from one CF account (old owner/admin) to new CF account. And then Cloudflare proxy breaking for days/weeks, in their cases they didn’t even change VPS/IP of origin server. They just changed the Cloudflare account and NS from account A to account B.
How someone suggest fixing it was using Cloudflare Zero Trust, deploying site in Docker and using Cloudflare as reverse proxy through IP:port or a socket. I tried it with my site and it worked. Issues are gone, as soon as I revert back to “normal” proxy (orange cloud toggle) that you engage through DNS page it starts acting up again.
