DNS updates stuck

I got a domain and connected it to Cloudflare.

I followed the docs and updated the name servers to the DNS servers outlined by the docs.

That was 4 days ago, and the console still shows waiting on DNS updates.

When I do a WHOIS I show that the Cloudflare DNS servers are registered for that domain.

So what am I supposed to do? They will not talk to me because I’m a free account, and is looks like an issue on their end.

So what do I do?

Welcome to the Cloudflare Community. :logodrop:

You are supposed to post here. If it’s best if you include your domain name so you can get more specific answers.

You haven’t provided enough data to support that. I would suspect that you forgot to update DNSSEC values at your registrar.

So some more information, it looked deeper into the WHOIS and found this as the status:

Domain Status: clientTransferProhibited

I assume this is an issue with the registrar?

Gotcha, thanks for much for the welcome!
domain name is cookepride.me

This domain has expired, you need to renew it at the registrar:

Domain Status: addPeriod EPP Status Codes | What Do They Mean, and Why Should I Know? - ICANN

oops disregard…

Thank you for the doc, it looks like that is most likely the issue.

I am on the registrars site and it’s looking for a lot of information regarding the Delegation of Signing.

I assume that is something I can get from the Cloudflare dashboard somewhere? is that correct?

Make sure that you have enabled DNSSEC in that zone in your Cloudflare account. You will find the information needed for the registrar in your Cloudflare dashboard while doing that.

Thank you very much for your help. I appreciate it.

I read over the docs you sent and configured DNSSEC on both sides, I think.

When I go to Verisign and test the domain I get this error back:

razvan.ns.cloudflare.com returns REFUSED for cookepride.me/DNSKEY

Did I maybe miss a step?

You might want to try removing all DNSSEC related entries at your registrar. Once your domain is active on Cloudflare, you can always update your registrar with the DNSSEC values provided by Cloudflare.

1 Like

I removed the DNSSEC toggle from my registrar. Thank you for the advice.

Would it be easier for all this to happen if Cloudflare was the registrar? Would it be worth trying to transfer the domain?


I wouldn’t recommend it.

1 Like


The nameservers are still stuck in pending nameserver update.

Why wouldn’t I move the domain? Wouldn’t that make it easier to manage?

I feel like I have read so many articles my eye are crossed. Is there any data I can share to help anyone with helping me?

Thank you in advance.

Because changing too many things at once when trying to solve a problem only serves to make things much harder to fix.

You haven’t removed your invalid DNSSEC material at your registrar yet. Until you do that, there really isn’t anything else you can do.

1 Like

I just removed the DNSSEC information at my Registrar and toggled it off.

Per the document I enabled it on the Cloudflare side like you asked then I enabled it on the registrars side with the ds data that I got from Cloudflare.

I waited 24 hours and nothing appeared to have changed. I then removed all DNSSEC data on the registrars side and disabled it as you suggested and it still appeared to be stuck.

I then re-added all the data from the Cloudflare site after canceling the DNSSEC update and trying it again from scratch. But now you’re saying I have invalid material, do you mean the DS data I entered on the registrars site? Can you please let me know how you are seeing that so I can follow?

Thanks for the help.

Absolutely. You can see that there are still problems that need to be fixed at your registrar.

cookepride.me | DNSViz

Thank you for the link, it is helpful.

I have toggled DNSSEC on and off and it seems to give me the same result.

I doublechecked the DNS Servers and they are correct and DNSSEC is currently off.

Do you have any suggestions on anything I can do with the Registrar?

Do I need to recreate records or delete records? Would that be an issue?

Start with

Once you have it working without DNSSEC you can

in Namecheap as provided by Cloudflare.

1 Like

Okay I cleared the DNSSEC records and disabled it. Waited an hour.

I have now just re-enabled DNSSEC at the registrar and added the DS information from Cloudflare.

Going to wait an hour and see if anything changes.

Am I on the right track?

Please stop doing this. Leave it disabled until it works.

Edit: When you head over to https://dash.cloudflare.com/?to=/:account/:zone/dns/records, what do you see under “Assigned Cloudflare Nameservers”?


Disabled until it works, okay cool.

Assigned Cloudflare Nameservers are:


My ultimate goal was to experiment with tunnels.

I got the domain but nothing is hosted behind it. I don’t have a website that it will point to other than the tunnels I want to set up.

So maybe a question I need to ask is what about the A records? It looks like the lack of A records is may be the issue and not DNSSEC.

I will have the appliance running on my network so my understanding was that I didn’t need to have the Domain resolve to the IP of anything on my network.

So pardon my stupid question but if it does need an A record what do I point it to?