.eu domain DNS_PROBE_FINISHED_NXDOMAIN

riweb · February 6, 2023, 10:34am

I cannot get my domain to load.

The domain has a DNS ‘a’ record correctly set-up but whenever I try and access it, I just get an DNS_PROBE_FINISHED_NXDOMAIN error.

I have tried

toggling the orange cloud on/off
toggling universal SSL on/off
delete the ‘a’ record and reinstating it
disabling Cloudflare and checking whatsmydns which shows the correct IP address

I have the following rule in place too…

domain/
Forwarding URL (Status Code: 301 - Permanent Redirect, Url: domain)

Please help

Chaika · February 7, 2023, 1:13am

You mentioned that you checked “whatsmydns” after disabling Cloudflare.
What does it show when you do have Cloudflare enabled and proxied?
How much time are you waiting?

If you are using your ISP’s DNS Resolver (the default) locally, some ISP’s cache DNS Records for a long time and may even ignore Cache TTLs.

I would enable Cloudflare again, proxied. Wait a bit and check via a site like https://dnschecker.org/. If you see a response there (don’t expect to see the real IP if you have proxy enabled), then it’s just your local dns at that point. You could try switching to 1.1.1.1 (Cloudflare’s DNS Resolver), or just waiting out the cache to expire.

If you continue to have issues, can you share the domain name/URL?

You can find other common causes/quick fixes here:

riweb · February 7, 2023, 3:31am

Thank you. When Cloudflare is enabled, I see the 2x proxy IP addresses which prove that it’s not local and that Cloudflare is working.

I have been waiting for periods up to 72 hours or more over the past 2 weeks.

The URL is floraculture.eu

Chaika · February 7, 2023, 3:37am

https://dnsviz.net/d/floraculture.eu/dnssec/

:~# dig floraculture.eu
; EDE: 9 (DNSKEY Missing): (no SEP matching the DS found for floraculture.eu.)

You have a broken DNSSEC Configuration. Based on the difference in key algorithms, It looks like you enabled DNSSEC at your past DNS Host.

If you want to do a “smooth migration”, I would disable DNSSEC first with your registrar, wait and confirm it is disabled, and then switch your nameservers to Cloudflare, wait for everything to propagate and work, and then set up DNSSEC again at Cloudflare.

Or you could enable DNSSEC With Cloudflare (if you don’t already have it enabled) and update your configuration at your domain registrar. This would result in some downtime as you wait for changes to propagate.

For more information:

riweb · February 8, 2023, 9:42am

Yes! Thank you so much, I’ve been able to remove the DNSSEC from the registrar and then reconnect to Cloudflare and it’s now working.
Thanks again for your help.