It seems you have registered your g7cloud.com domain with Cloudflare, and at some point used custom nameservers and got Cloudflare Registrar to use those with the registry. Those nameserver names (cf1 and cf2.g7cloud.com) don’t seem to resolve to Cloudflare IPs any more (and intermittently don’t resolve due to nameservers set in DNS) which breaks the requirement that Cloudflare registered domains use Cloudflare nameservers.
I had cf1 and cf2 as custom nameservers on cloudflare but removed them recently as no longer needed. How are these affecting ns1 and ns2? I thought they would be isolated?
Things kind of work as there are glue records for them still pointing at Cloudflare, but this needs fixing. Did you just delete the DNS records, or did you disable custom nameservers?
You’ll probably have to ask the Cloudflare Registrar team to change your domain’s registry nameservers and glue records back to default (probably rachel.ns.cloudflare.com and toby.ns.cloudflare.com) if you don’t use the custom nameservers.
The reason you are getting the wrong IP addresses for the nameservers of the ferrari0george.com domain is because it is a .com domain as is g7cloud.com so glue records have been created based on what the nameserver IP addresses were at the time the records were created, see here… https://cf.sjr.org.uk/tools/check?79d12ccfec2647f6a68d04f6c9289d43#dns
You would need to ask the registrar for ferrari0george.com to update the glue records (or deleting the nameservers and re-adding them at the registrar may update them).
It’s not affecting spark23.co.uk as that doesn’t have glue records as the nameservers are in a different zone. However, the dodgy nameservers for g7cloud.com may cause intermittent issues resolving things.
I have just readded cf1 and cf2 to try and restore everything for the time being.
My main concern is trying to get ns1 and ns2 to work correctly, these point to a WHM/cPanel DNS cluster and really need them to work as expected. It’s proving to be a bit of a nightmare with Cloudflare being my registrar and no ability to have glue records.
Note what I said above. The glue issue is with the ferrari0george.com domain, that is not using Cloudflare, which is why you get the wrong IPs for ns1 and ns2. Click the links to my test results and it will show you.
Cloudflare does create glue records and, as I said, did for g7cloud.com when you set the custom nameservers. But you’ve now deleted the customer nameservers, but left them at the registry which is causing you additional confusion. It’s only due to the glue records that your domain resolves.
I use custom nameservers across my Enterprise account so I have done all this myself.
dig +trace +nodnssec g7cloud.com ns
; <<>> DiG 9.18.28-0ubuntu0.22.04.1-Ubuntu <<>> +trace +nodnssec g7cloud.com ns
;; global options: +cmd
...
g7cloud.com. 172800 IN NS cf1.g7cloud.com.
g7cloud.com. 172800 IN NS cf2.g7cloud.com.
;; Received 108 bytes from 192.54.112.30#53(h.gtld-servers.net) in 24 ms
g7cloud.com. 86400 IN NS cf1.g7cloud.com.
g7cloud.com. 86400 IN NS cf2.g7cloud.com.
g7cloud.com. 86400 IN NS ns1.g7cloud.com.
g7cloud.com. 86400 IN NS ns2.g7cloud.com.
;; Received 232 bytes from 162.159.11.238#53(cf1.g7cloud.com) in 4 ms
Did you add all 4 of them as custom nameservers now? You need to remove ns1 and ns2.
I have a ticket open with Cloudflare to discuss this further as for some reason gtld-servers.net is continuing to report ns1.g7cloud.com. [‘78.41.207.42’] [TTL=172800] ns2.g7cloud.com. [‘78.41.207.42’] [TTL=172800]
Yet if you ask gtld-servers.net directly for the IP for ns1.g7cloud.com it returns 15.197.210.23 which is the correct Anycast DNS cluster. so it knows the correct IP yet it continues to attempt to resolve the nameservers under the wrong IP which I have no connection with.
And you also still need to remove the Glue records from ferrari0george.com. Glue records are only needed when the nameservers are a subdomain of the domain itself. But ns1.g7cloud.com. is not a subdomain of ferrari0george.com.
dig ferrari0george.com @g.gtld-servers.net
; <<>> DiG 9.18.28-0ubuntu0.22.04.1-Ubuntu <<>> ferrari0george.com @g.gtld-servers.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5527
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 3
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;ferrari0george.com. IN A
;; AUTHORITY SECTION:
ferrari0george.com. 172800 IN NS ns1.g7cloud.com.
ferrari0george.com. 172800 IN NS ns2.g7cloud.com.
;; ADDITIONAL SECTION:
ns1.g7cloud.com. 172800 IN A 78.41.207.42
ns2.g7cloud.com. 172800 IN A 78.41.207.42
;; Query time: 20 msec
;; SERVER: 2001:503:eea3::30#53(g.gtld-servers.net) (UDP)
;; WHEN: Sun Sep 01 13:03:29 CEST 2024
;; MSG SIZE rcvd: 123
This is where your error lies. You are not supposed to ask gtld-servers.net for the IP, you must ask the nameservers for g7cloud.com, which are cf1/2.g7cloud.com.
cf2.g7cloud.com
Are of course run by Cloudflare, I typically only use these if a domain is registered on my cloudflare account and use the above to activate the zone.
However majority of the domains i host are not on my cloudflare account therefore cannot use the above nameservers as I need to control the DNS. In this case its ns1 and ns2.
What do I need to do to get ns1 and ns2 to work properly for all external domains? Remember this must point to my DNS cluster, not Cloudflare’s DNS
You need to add A records for ns1 and ns2 in your Cloudflare DNS, that is all. If you have currently added ns1 and ns2 as custom nameservers to Cloudflare, you need to remove them.
.com domains also seem to always have glue records if the nameservers are also .com. Not sure if that is a requirement of the registry, but seems to be the case at domains I’ve checked with Cloudflare and Godaddy.
intodns.com. 172800 IN NS shaz.ns.cloudflare.com.
intodns.com. 172800 IN NS harley.ns.cloudflare.com.
;; Received 358 bytes from 192.43.172.30#53(i.gtld-servers.net) in 20 ms
The glue records appear to be coming from ns1.g7cloud.com and ns2.g7cloud.com not ferrari0george.com G7cloud.com is on Cloudflare and those Glue Records should not exist which is causing me massive headache. On top of that I’m on Cloudflare’s business plan and can’t get any support both live chat and ticket systems seem to be completely broken.
As above, those glue records at set at the registrar for ferrari0george.com…
dig ferrari0george.com ns @a.gtld-servers.net
; <<>> DiG 9.10.6 <<>> ferrari0george.com ns @a.gtld-servers.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 3
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;ferrari0george.com. IN NS
;; AUTHORITY SECTION:
ferrari0george.com. 172800 IN NS ns1.g7cloud.com.
ferrari0george.com. 172800 IN NS ns2.g7cloud.com.
;; ADDITIONAL SECTION:
ns1.g7cloud.com. 172800 IN A 78.41.207.42
ns2.g7cloud.com. 172800 IN A 78.41.207.42
As I suggested above, log in to Godaddy for ferrari0george.com, change the nameservers to something else, then change them back and see if that updates the glue. If not, ask Godaddy to update them directly.