My DNS’s record is always managed by cert-manager and works fine w/ cloudflare. I recently rebuild my cluster and hence the cert-manager has to re-validate my domain by using DNS01 challenge. I would expect my TXT record being updated within 10m based on my TTL setting in dig. My record has NOT been updated after 24 hrs in any DNS record, but cloudflare’s DNS dashboard looks fine to me.
Here is my DNS record:
;; ;; Domain: fung.house. ;; Exported: 2023-09-19 07:16:28 ;; ;; This file is intended for use for informational and archival ;; purposes ONLY and MUST be edited before use on a production ;; DNS server. In particular, you must: ;; -- update the SOA record with the correct authoritative name server ;; -- update the SOA record with the contact e-mail address information ;; -- update the NS record(s) with the authoritative name servers for this domain. ;; ;; For further information, please consult the BIND documentation ;; located on the following website: ;; ;; http://www.isc.org/ ;; ;; And RFC 1035: ;; ;; http://www.ietf.org/rfc/rfc1035.txt ;; ;; Please note that we do NOT offer technical support for any use ;; of this zone data, the BIND name server, or any other third-party ;; DNS software. ;; ;; Use at your own risk. ;; SOA Record fung.house 3600 IN SOA karsyn.ns.cloudflare.com dns.cloudflare.com 2044677438 10000 2400 604800 3600 ;; NS Records fung.house. 86400 IN NS karsyn.ns.cloudflare.com. fung.house. 86400 IN NS noel.ns.cloudflare.com. ;; A Records fung.house. 1 IN A 22.214.171.124 vpn.fung.house. 1 IN A 126.96.36.199 www.fung.house. 1 IN A 188.8.131.52 ;; CNAME Records echo2.fung.house. 1 IN CNAME external.fung.house. echo-server.fung.house. 1 IN CNAME external.fung.house. external.fung.house. 1 IN CNAME something.com. flux-webhook.fung.house. 1 IN CNAME external.fung.house. ;; TXT Records _acme-challenge.fung.house. 120 IN TXT "aNxJpQlDE16_ik1h5dKAqTmLGimF3LrrtEwp4QIjjbU" k8s.cname-echo2.fung.house. 1 IN TXT "\"heritage=external-dns,external-dns/owner=default,external-dns/resource=ingress/home/echo-server2\"" k8s.cname-echo-server.fung.house. 1 IN TXT "\"heritage=external-dns,external-dns/owner=default,external-dns/resource=ingress/networking/echo-server\"" k8s.cname-external.fung.house. 1 IN TXT "\"heritage=external-dns,external-dns/owner=default,external-dns/resource=crd/networking/cloudflared\""
I have verified with multiple method, nslookup, host, dig,
dnschecker.org… Here is one of the command I run:
dig TXT _acme-challenge.fung.house. @karsyn.ns.cloudflare.com
I also tried to enable developer mode and disable Universal SSL as desperate try. Does anyone has any idea? Thanks all for your time.
PS: Besides of the TXT record, other A, CNAME records are also off too. My domain was managed by namesilo, but the transfer process has been completed and I have verified my domain by using DNS01 challenge with cloudflare with this domain before.