DNS settings incorrect/not active

Hi all,

Normally everything goes fine with configuring domains, but this time I’m unsure of what is wrong.
There are 2 domains, one ending on .be and one ending on .com.

The .be one is completely fine. It’s linked to Cloudflare Pages and is secured with SSL.

The .com domain should just redirect to the .be domain, nothing else.

I’ve followed this tutorial to do it: Redirecting One Domain to Another

Still, I get or an SSL error, or DNS_PROBE_FINISHED_NXDOMAIN.

Any idea what could be wrong? This domain was transferred to cloudflare on Wednesday, so normally it should work fine right now.

Checking the DNS propagation, everything seems ok on different websites.
It’s just the website that is not responding.

DNS settings:

May I suggest below article:

From your your both screenshots, you have correct two A recrods set and proxied.

But, from screenshot containing Page Rules, you try to redirect non-www .com to .be domain and also www (including all other possible sub-domains, if so) .com to .be domain?

You can safely remove the 1st Page rule and keep only the 2nd one.

I would rather use 301 Permanent Redirect.

Do you also have to follow the “paths” from one domain to another, or not?

May I ask what SSL option have you got selected under the SSL/TLS tab at Cloudflare dashboard for your domain ( Flexible, Full, Full Strict … ) for each of the domains (.com, .be)?

Are you using a CNAME setup on the .be domain?

I still cannot open psycholopen.com, while psycholopen.be works at my end.

Thanks for checking!
First rule has been deleted. SSL is set at ‘full’ for .com and ‘full strict’ for the .BE one.

Paths don’t have to be followed for now.
The .BE domain is indeed using cname for cloudflare pages. I already tried adding the .com domain as custom domain to pages, but it got stuck at verifying.

Your DNSSEC is broken. I get the feeling someone already checked this at Verisign because it already had the results stored. Please disable DNSSEC at your domain registrar (Ascio?)


I think I’ve stumbled across that site already. Seems like I can’t disable it without pointing the nameservers to them.

I will just transfer the domain to cloudflare to make everything easier.

That sounds really bad. If they let you change name servers, then they must allow you to disable DNSSEC as well. Have you asked them?

1 Like

I will ask them. Thanks for checking.

1 Like

@sdayman , domain transferred to Cloudflare and I’ve enabled DNSSEC on Friday.
It’s still pending, is that normal?


Were you ever able to get that old registrar to remove the DS record? It’s still wrong, and may have “stuck” in the .com zone during the domain registration transfer to Cloudflare.

Please open a ticket and ask if Cloudflare, as your new registrar, can fix the DS record in the registry. You can email them at support AT cloudflare DOT com

As soon as you get the autoreply, post the ticket # here so we can escalate it.

Thanks for your reply. The old registrar replied after the domain was moved, so they were not of any help.
The ticket has been opened: #2352176

1 Like

I’ve escalated the ticket, but I wonder if turning off that DNSSEC setting would get Cloudflare to clear the broken DS record.

FYI, I received this message directly after opening the ticket: Thank you for contacting Cloudflare Support. Your issue has been marked as Resolved in our system.

So I’m not sure if this is being followed up.

I can turn off DNSSEC, if you want me to try.

I have escalated this to engineering since it most likely will require their help. We will follow up via the ticket.


This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.