Error 523 Origin is unreachable. Cloudflare Pages & Freenom

OK. If you add a different custom domain (within the same zone), does it change anything?

Have you previously used any third party services on the “broken” hostname, such as Shopify. Some SaaS providers use Cloudflare, but they do not correctly disconnect their services from your domain when you disable their service.

I am trying to digest what you are saying. I have not used Shopify, but I have used Webflow in the recent past. I can’t imagine Webflow impacting the resolution. But I am open to considering anything at this point.

I am not sure what you mean when you say (within the same zone)? Is there a link to a tutorial on Cloudflare, by any chance?

A 523 error means that Cloudflare could not reach your host web server. The origin web server is not reachable.

DNS looks up or searches for the correct IP address for your website.

DNS resolution converts your hostname (such as www.example.com) into a computer-friendly IP address (such as 192.168.1.1).

Your browser then uses the IP address to communicate with your origin server.

4 DNS servers load a webpage:

  1. DNS recursor
  2. Root nameserver
  3. TLD nameserver
  4. Authoritative nameserver

These four DNS servers work together in harmony to complete the task of delivering the IP address for a specified domain to the client. A DNS resolver, DNS root server, DNS TLD server, and DNS authoritative nameserver must all provide information to complete the lookup.

In my case, I suspect one (or more) of these four servers is failing.

Is the DNS recursor the problem?

Unlikely. “Cloudflare’s 1.1.1.1 is the world’s fastest and most reliable public DNS resolver

Is it the ROOT server?

No. Root servers are DNS nameservers that operate in the root zone. Ultimate authority over the root zone belongs to the National Telecommunications and Information Administration (NTIA), which is a part of the US Department of Commerce. Root servers are very reliable.

Is the TLD nameserver the problem?

Maybe. TLD nameservers are DNS nameservers that operate in the root zone. ICANN looks after most top-level domain. It operates the Internet Assigned Numbers Authority (IANA). .eu is the country code top level domain name (ccTLD) of the European Union. It is managed and operated by EURid under the authority of the European Commission. My domain ends in .eu.

Error message from https://dnsviz.net/

  • eu zone: The server(s) were not responsive to queries over UDP. (2001:978:2:1::93:2)

Is the Authoritative nameserver the problem?

On DNS Zones

The DNS is broken up into many different zones.

The DNS namespace includes a DNS zone. An org or admin manages each zone.

On DNS Zone Files

  • A DNS zone file holds zone info.

  • A reverse lookup zone maps an IP address to the host. This zone is used for troubleshooting, spam filtering, and bot detection.

Origin Servers

If many requests are made simultaneously to the same origin server, the server may become overwhelmed with traffic and be unable to respond efficiently to additional incoming requests.

Per Microsoft - DNS troubleshooting

If the broken hostname is shop.example.com, can you add a custom domain to the Pages project for something liketesting.example.com (the example.com does not change)

I think Webflow is not a Cloudflare user. @sdayman has asked CF to check if there is some integration stuck somewhere.

The requests are getting to Cloudflare, and your NS are on the correct place, so this is unlikely to be DNS, Registry or Registrar related.

1 Like

Steps taken

  1. Navigate to Cloudflare → Cloudflare Pages → My Domain → Custom Domains → Set up a Custom Domain
  2. Entered new subdomain of shop.example.eu
  3. Receive a message

Confirm new DNS record

Cloudflare will add these DNS records to activate shop.example.eu for your project’s site:

Type Name Content TTL
CNAME shop https-example.pages.dev Auto

Once updated, visitors will be able to access your site by visiting https://shop.example.eu .

  1. I select “Activate Domain”
  2. Result for shop.example.eu

Inactive (Error)

  1. I navigate to https://shop.example.eu. The result

Error 523
Origin is unreachable

If you’re the owner of this website:

Check your DNS Settings. A 523 error means that Cloudflare could not reach your host web server. The most common cause is that your DNS settings are incorrect. Please contact your hosting provider to confirm your origin IP and then make sure the correct IP is listed for your A record in your Cloudflare DNS Settings page.

Update on Tuesday, 26 October:

Still no contact from Cloudflare’s engineers…

Error 522 - Connection timed out

If you’re the owner of this website:

Contact your hosting provider letting them know your web server is not completing requests. An Error 522 means that the request was able to connect to your web server, but that the request didn’t finish. The most likely cause is that something on your server is hogging resources. Additional troubleshooting information here.

Two different timeouts cause HTTP error 522 depending on when they occur between Cloudflare and the origin web server:

  1. Before a connection is established, the origin web server does not return a SYN+ACK to Cloudflare within 15 seconds of Cloudflare sending a SYN.
  1. After a connection is established, the origin web server doesn’t acknowledge (ACK) Cloudflare’s resource request within 90 seconds.

SOLVED

My domain is not registered under my name, but under another company, Stichting OpenTLD WHOIS Proxy.

If you purchased an .eu domain and are having trouble, you should go to EURID immediately and check to see who the registrar is. They have a Whois function.

You can do two things. First, open a complaint with EURID. Second, request contact details for the company or person listed as the registrant. EURID has a request form.

So beware of the following company. It apparently has a history of dodgy practices.

Freenom is OpenTLD B.V.

Per ICANN

OpenTLD is an ICANN-accredited registrar, which means that it is accredited to offer domain name registrations to consumers pursuant to the Registrar Accreditation Agreement (“RAA”) executed between ICANN and OpenTLD on 1 June 2014. On 23 June 2015, ICANN suspended OpenTLD’s ability to create new domain names or initiate inbound transfers of domain names for 90 days. The suspension was premised on ICANN’s determination that, “[p]ursuant to Section 5.5.2.4 of the RAA, … OpenTLD has engaged in a pattern and practice of trafficking in or use of domain names identical or confusingly similar to a trademark or service mark of a third party in which the Registered Name Holder has no rights or legitimate interest.”1

Also NetEarth Group, Inc. v. Stichting OpenTLD WHOIS Proxy

  1. The Parties. The Complainant is NetEarth Group, Inc of London, United Kingdom of Great Britain and Northern Ireland, internally represented. The Respondent is Stichting1 OpenTLD WHOIS Proxy of Amsterdam, the Netherlands.

  2. The Domain Name and Registrar. The disputed domain name <netearthone.biz> is registered with OpenTLD B.V. (the “Registrar”).

ICANN has no contractual authority to address complaints involving country code top-level domains(ccTLDs), such as .us, .eu, .ac, or domain names registered under a ccTLD (e.g. example.us, example.eu, example.ac). ICANN does not accredit registrars or set policy for ccTLDs and has no contractual authority to take compliance action against ccTLD operators. For inquiries and issues involving ccTLDs, you may wish to contact the relevant ccTLD manager using the contact details at Root Zone Database. This page will also help you determine which top-level domains (TLDs) are country codes (outside of ICANN’s scope) and which ones are generic (within ICANN’s scope).

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.