DNS Zone file not propagating everywhere

saba · August 13, 2023, 2:30am

I have 3 (more or less identical) domains that i setup on Cloudflare. They all appear to be active in the dashboard: RLPTKT dot COM , RLPTKT dot ORG and RLPTKT dot NET.

I noticed that some (but not all!) test emails sent to a forward defined on the RLPTKT dot COM domain failed. I poked around and found that DNS records were not available on many public DNS resolvers (but were available on others). I’ve never seen behaviour like this before.

If i go to DNSCHECKER, the .ORG and .NET domains are all green checkmarks. the .COM domain is mostly Red X’s.

Any ideas?

anon9246926 · August 13, 2023, 2:34am

DNS propagation takes time. It could take minutes, it could take hours. It could take 72 hours in a worst case.

Patience.

Edit

Did you turn of DNSSEC on the .com before change nameservers?

saba · August 13, 2023, 2:35am

It was never on

saba · August 13, 2023, 2:36am

(as far as i know)

anon9246926 · August 13, 2023, 2:38am

$ whois rlptkt.com | grep DNSSEC
   DNSSEC: signedDelegation
   DNSSEC DS Data: 57547 8 2 BA7B11BFF4342B7F447AB3FCAE29233DCB64F2C7BFDB13E62CC98DC83CBA767B
DNSSEC: signedDelegation

$ whois rlptkt.org | grep DNSSEC
DNSSEC: unsigned
DNSSEC: unsigned

$ whois rlptkt.net | grep DNSSEC
   DNSSEC: unsigned
DNSSEC: unsigned

saba · August 13, 2023, 2:42am

oh. I stand corrected. Obviously, that’s the issue then. I assume nothing to do but wait for propagation to settle everywhere?

anon9246926 · August 13, 2023, 2:57am

You need to disable DNSSEC at the registrar otherwise propagation will never complete. Once propagation is complete you can enable DNSSEC via the Cloudflare dashboard.

saba · August 13, 2023, 4:02am

Thx issue is resolving now. Cheers