Error 1000 switching cloudflare accounts

Hi - I just switched a domain over from another cloudflare account with the previous IT support over to our own cloudflare account and recreated the settings. Straight away I get “error 1000 DNS points to prohibited IP” . The A records are all the same, and the ips are set not to cache. I have reverted DNS back to the original server and the problem persists.

Can anyone help?

Thanks

Hi @paul70,

This should help:

Thanks for that. I have exactly that and removed the AAAA records and the duplicated root and www records that pointed to cloudflare, but still recieve the error. Any more thoughts?

Can you share the domain and a screenshot of your DNS records with the nameservers below?

ok, ive repointed DNS servers back to the original cloudflare host and removed the domain from my account, logic being that cloudflare didnt know where to be pointing things. Unfortunately I now have gone even further backwards and get nothing (not resolving on mxtoolbox to any servers), so I think DNS propogation is a issue and I ought to let everything calm down and start again a little later.

OK, I see the change back to the old nameservers propagating. However, querying Cloudflare returns the new ones and I believe that now you have validated the domain in the new account, the old nameservers are no longer responding, hence the nxdomain you get. It would eventually re-validate on the old account, I think, but since you don’t have access to that, you can’t speed up the process.

Different locations globally are also seeing the different nameserver pairs so you may get different results in different locations. If it was me, I would double check that none of the records on the new account point to a Cloudflare IP and point correctly to the server, change the nameservers to the new account and leave them to propagate.

That makes sense. I’ll do that and see what resolves where… I wonderd if the validation pointed things within cloudflare that didnt reverse when I switched DNS back, so will change back to new DNS and let it all settle. As far as you are aware, is a 172.67.157.x anything to do with cloudflare. I had three A records (along with www) with 104.18.59.254 , 172.67.157.x and 104.18.58.254

Thanks very much for your help.

OK, you may need to give it a bit of time to sort itself out! The 172. address will be a Cloudflare one too, they added a third IP to many zones, usually 2 x 104. and 1 x 172. IPs.

No problem :slight_smile:

hmm. I wonder then if the 172. address was a cache related one but they were the only 3 that cloudflare picked up. Is there a way to submit a ticket to cloudflare direct to help me unpick behind the scenes? I can see what has happened and I have a horrid feeling that removing the domain from my host has also removed it from cloudflare’s systems (although it shouldn’t)

Yes, they were the proxy IPs and Cloudflare won’t import the server IP if you move accounts, if the domain was proxied there. If they did, that would be a security issue since people could then find the IP of a site using Cloudflare by simply adding it to an account, even if they didn’t own it.

You will need to edit your DNS records in Cloudflare to change that Cloudflare IP to the one of the webserver.

You can certainly contact Cloudflare, but response times are high and it’s very unlikely they could give you any info on the domain in the old account, since you don’t own it.

If you do want to contact Cloudflare Customer Support, login & go to https://dash.cloudflare.com/?account=support and select get more help. If you receive an automatic response that does not help you, please reply and indicate you need more help.

bit of a catch 22 - I completely understand the security issue and the fact it could expose the original address. I think I will contact them, and see where I get. Thanks very much for your help - very much appreciated.

Yes, OK no problem! If you post your ticket number here, the mods often check up on open tickets.

As for the issue, is it that you don’t know the origin server IP or that you have put that in and it’s still not working?

I dont know the origin server IP - I assumed it would come over - didnt really twig it was cloudflare migration until it was too late, and trying to prevent embarassment with the client tomorrow morning by havng to admit their web is down!

Ah, OK. No probs! If you are on the free plan, I really doubt that you will get a response from support by tomorrow, it is generally a few days at the moment due to demand and the current circumstances.

I take it you don’t have any access to the server/hosting?

yes, am on the free plan. Ticket number is 1932243. I’ve reverted back to the oringal cloudflare DNS servers on the domain, and will let this propogate and hopefully come morning this will settle down back to the original servers.

No access to the original server or hosting - but I’m gonna go searching now and see what I can find!

OK, I think whichever way you go, it may take longer than expected.

Setting the nameservers back will eventually validate it back in the old account, but they generally only check the nameservers approx. once every 24hr, and you can’t access the original account to expedite the process.

Leaving them pointing to the new account will keep the 1000 error until you manage to find the server IP and change the DNS records there.

I hope you manage to get it sorted! :slight_smile:

Just to round this of, the original cloudflare account holder accessed it and the domain switched back. All resolved and a small lesson learnt…

image001.jpg

image002.jpg

Great, I saw that the domain was working OK. Hopefully now you’re in contact with them, you can get the old DNS records (they could export them) and you can add them into your account if you still want to move it across.

They’ve granted me access to their account. It was with the website hosts rather than the previous IT support so all ok, and I’ve stopped sweating.

image001.jpg

Ah, OK :+1: Glad you got it sorted.