Customers who had erroneously pointed DNS records at 126.96.36.199 (or similar addresses) will receive an error 1034 (HTTP 403) going forward when attempting to send traffic via Cloudflare’s proxy.
We now validate that the hostnames landing on an IP address (or set of addresses) are associated with the same account in our systems, preventing misconfiguration and/or potential abuse.
Customers should ensure DNS records are pointed to addresses they control, and in the case a placeholder address is needed for “originless” setups, use the IPv6 reserved address 100:: or the IPv4 reserved address 192.0.2.0
Sounds to me like you are having an insecure setup.
Before moving to Cloudflare, was your Website working over HTTPS connection? If so, did you had an valid SSL certificate installed at your origin host / server which covers both your naked (root) domain any any other needed sub-domain like www, mail, etc.?
May I ask is it related to the Universal SSL at Cloudflare, or rather you were paying for an SSL certificate to Cloudflare (using Dedicatel SSL / Advanced Certificate Manager) for your domain name?
I experience the same issue (error 1034). I changes the setup to point to 192.0.2.0 instead of 188.8.131.52. But, it doesn’t work… The error message no more appears and the domain name doesn’t reach the website. Is it any other element to configure, please?
Thanks in advance.
Furthermore, if you used Let’s Encrypt or some other, before doing this, kindly enable the “Pause Cloudflare for this site” option from the Cloudflare Dashboard.
After renewing the SSL certificate at your server and testing out, make sure your Website works over HTTPS.
Upon success, un-pause and make sure your DNS records are proxied (as they were).
Do not forget to set the SSL/TLS option to the correct one → Full (Strict) SSL.
In case you do not have an SSL certificate, you can use Cloudflare SSL, if so, kindly make sure you follow the instructions as follows on the below article to set up an SSL certificate using Cloudflare Origin CA Certificate:
No, you either use Cloudflare’s DNS as it’s supposed to be used, or you use the CNAME setup (which is available only to Business and up) or you don’t use it. That is an abuse which won’t work for long and it’s not guaranteed to be working for any amount of time.
You say “erroneously” but we were instructed to use 184.108.40.206 by Cloudflare Support so that we could setup a redirect from the naked domain to www using page rules. Is this really a breaking change? We have 1000’s of domains setup this way per your instruction.
to 192.0.2.1 or just using AAAA 100:: for Cloudflare Workers?
I use both A 192.0.2.1 and AAAA 100:: for naked domain and www (4 records in total) + using Page Rules to redirect non-www to www.
May I ask what SSL option have you got selected under the SSL/TLS tab at Cloudflare dashboard for your domain ( Flexible, Full, Full Strict … )?
→ Should be set to Full (Strict) SSL
After the change, are record proxied and set to ?