Domain name not resolving on cloudflare servers

Hi,

Created new DNS records on cloudflare 3 days ago. Cloudflare’s own server is not seeing it when using “dig” to look up the result. This is causing some email to bounce or not receive at all. The cloudflare DNS name servers are set on the registrar. Why isn’t cloudflare picking up the change? I’m talking 1.1.1.1 for cloudflare, other servers like AT&T, Verisign, UUNet are picking up the changes.

Any help would be appreciated. Thanks.

What is the domain?

wahazel.com

Do these name servers match the ones assigned to you by Cloudflare? You can check by going to the Dashboard → DNS.

elisa.ns.cloudflare.com.
malcolm.ns.cloudflare.com.

Yes, those are the name servers.

Could you send a screenshot of the DNS tab?

Something’s changed with your domain. The name servers used to be Greg and Eva. And I see that your domain has DNSSEC enabled. I suggest you disable DNSSEC and see if that clears things up.

Switched them back to the old cloudflare name servers. We had DNSSEC enabled with the old hosting company who were also on cloudflare. Thinking wait 24 hours and have them remove DNSSEC on their cloudflare account and then point the name servers back on the registrar to our cloudflare name servers on our account.

Agree or not and do we need to wait 24 hours?

My advice is to leave DNSSEC off until 48 hours after you get everything working with a new setup.

So, for now, turn it off at the registrar.

It is turned off at the registrar and has been for 3 days.

Your site does not support https and gives me this error


However, when I continue to the site, I see this

DNS_PROBE_FINSHED_NXDOMAIN means that the domain could not be found (does not exist)!

  • Are your DNS records configured correctly?
  • Are your nameservers configured correctly?
    Keep in mind that it can take 24-48 for the nameservers to propagate so if you have recently updated your nameservers check back in 24-48 hours!

DNSSEC is definitely not turned off:

https://dnsviz.net/d/wahazel.com/dnssec/
https://dnssec-analyzer.verisignlabs.com/wahazel.com

But the good news is that DNS looks better. Your WHOIS now shows Eva and Greg

Still shows http warning for me (and I have enabled warnings and reloaded the tab)


And it still fails to resolve successfully

Ok, it’s been 24 hours since switching the name servers back to the old cloudflare servers at the old host, DNS is resolving and most of the email problems I had have corrected them self. I found an article on the steps to take when moving dns with dnssec turned on. In the article is says turn it off at the registrar, wait 24 hours then turn it off at the name servers which would be old host cloudflare account, then switch name servers. Is this correct? Trying to avoid problems or downtime and I don’t want to run into the weekend where I can’t contact the person at the old hosting company.

https://servebolt.com/help/article/how-to-migrate-name-servers-for-dns-zones-with-dnssec-active/

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.