DNS Proxy is using an old value no matter what

I have an issue with using Proxying on the DNS page. Specifically for the hosts @ and www, when proxying is off it works as expected, but when proxying is turned on the connection is routed to an old value.

Details:
I’m moving a site from one hosting provider to another. The files have been copied, but the content still gets served from the previous provider.
Steps taken:

  1. I added the domain yesterday to Cloudflare, and default DNS entries were collected from the previous name server…
  2. I deleted all entries and imported a zone file created from a template that I always use with no issues.
  3. I adjusted the proxying option as needed for the different hostnames.
  4. I attempted to enable DNSSEC, but then found out that the current registrar does not support or allow me to change the DS record.
  5. After several hours I canceled the DNSSEC Setup option.

The issue now as follows:
For the @ and www hosts, no matter what I use for the value of the record (I tried them as A and CNAME),
if proxying is on, the content is served from the IP that’s been imported when the domain was initially set up on Cloudflare.
However, when proxying is turned off, the proper and currently-set DNS value is returned.
Thjs seems very much like a bug in the Proxy, or perhaps it is stuck at some point with a dirty cache that’s not being refreshed.

Things I tried:
I tried deleting the records, waiting, and recreating them.

  • I tried enabling and disabling Developer mode multiple times.
  • I tried being patient and doing actions slowly leaving a few minutes in between changes.
  • Of course, it is not local caching that’s causing this. I have measures against this, and it’s very clear that the issue is happening at the DNS/Proxy server level.
  • Using a CNAME pointing to the new web server, then a fictional host name (such as totallyfake.examplez.org) (see https://i.imgur.com/BSP2Nsl.png)
  • Using an A pointing to the web server’s IP address.

I’m running out of options here. What could be the reason? How to solve this problem?

It sounds like the previous provider is using Cloudflare. Unfortunately the community is unable to assist you with issues such as this where an old provider used Cloudflare for SaaS. Please contact your old provider and ask them to remove any Cloudflare configurations for your domain, specifically SSL for SaaS / Custom Hostnames. If you contact Shopify and they mention Cloudflare headers, ask them if they are referring to a Custom Hostname that was part of an old SSL for SaaS implementation on the domain. Ask them to follow the process to create an HTTP ownership_verification record.

If you previously used HubSpot, please ignore this and move to the paragraph below.

If you are unsure who the previous provider is or they say they are unable to help you, please email [email protected] with the subject Cannot remove custom host name and details of the issue. Once you’ve done that you’ll receive an automatic response with a ticket number. Please post that here so we can escalate it. Once you have reached out to Support they will ask you to verify domain ownership of the domain by adding a txt record to the domain in order to verify domain ownership.

Thank you, sdayman.
I have control of the domain. It’s been added to Cloudflare by changing the name servers, so the DNS is under my control now.
To my understanding no matter how the prior DNS settings were, whether on Cloudflare or otherwise, now they belong to a new account on Cloudflare, and it is the prevailing account, right?

I’ve been using Cloudflare for 2 years now and have more than a dozen domains with different configurations. This issue here seems more like a bug than a normal result of something.

I will message support as you suggested. But it wouldn’t hurt to keep this post up here.

Not correct. If you had your site running through a Cloudflare account of an SaaS provider, and they don’t release your domain, it will continue to route through their Cloudflare account.

Well… Frankly I found this weird and unexpected.
Anyhow, the previous provider is BlueHost.
I’m now reading the link you provided to understand the background of the story, to see how to proceed…

Thanks again for your help

Bluehost has been helpful in the past with fixing this. I suggest you contact them to remove your Cloudflare setup.

Hello again.
I have read about SSL SaaS and I believe it is not relevant to my issue. Please let me explain the issue:

I have domain.com domain and site that were hosted at Bluehost.
The site files are moved to my own server server.my-company.com.
I moved domain.com to Cloudflare (changed domain.com's name servers, etc).
I changed the www and @ DNS CNAME records to point to my server server.my-company.com.

Now, when the proxy is off (cloud is grey) it is working as expected and the site is hosted from my server.
When the proxy is on (cloud is orange) the site is served from Bluehost.

SSL SaaS could only cause an issue if my CNAME record points to some host name provided by Bluehost, but this is not the case. My DNS record explicitly points to my server. I tested with A (pointing my server’s IP) and CNAME (pointing my server’s hostname) record types. The behavior is the same in both cases.

SSL SaaS doesn’t care what the hostname is, or what type of DNS record. If that hostname was captured by a previous provider and not released, you can’t use it on a :orange: Proxied connection.

I’m dumbfounded. Never expected Cloudflare to behave like this. The support at Bluehost solved it in a minute.
Please excuse me, @sdayman for my incredulousness. It is a trait that comes from skepticism and I can’t help it :grin:
Thank you!

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.