Having trouble configuring NS records

I’m having trouble setting up delegation of a subdomain in order to set up a dedicated IP with our SendInBlue, a mail sending provider we are currently using. I’m following these instructions. We are running our DNS proxied through Cloudflare.

I want updates.mydomain.com to point to ns1.sendinblue.com and ns2.sendinblue.com.

Strangely enough, when I checked for propagation, everything seemed to go fine. But when I came back after a day or two, propagation of the NS records had ‘undone’. What am I doing wrong?

Please note that I’m not very experienced at all in all things DNS related, but eager to learn. Thank you!

I assume you mean the two NS records were removed.

In that case either someone else has access to your account and removed them or you granted some automated script API access to your account.

In both cases you should be able to find who did what and through what channel via the audit log. Depending on where that change came from you should either change your password, revoke the API access, or stop aforementioned possibly running script.

Hi Sandro,
Thanks for taking the time to respond.

The records were exactly where I left them: unchanged. Also, only one other person has acces to our site through Cloudflare.

I should maybe note that during the first check I did on propagation (I’d say roughtly 20 minutes after adding the NS records to Cloudflare), only 7 or 8 servers could resolve. After two days this was down to 0.

If the records were not removed, they should still resolve. What exactly is the issue then?

What’s the domain?

That’s exactly what I find so strange! The records weren’t removed, but are not resolving.

The domain is tswildales.com, and I’m trying to delegate updates.tswildales.com to the nameservers of SendInBlue.

The records resolve, so that’s not exactly a Cloudflare issue at this point

nslookup -type=ns updates.tswildales.com bart.ns.cloudflare.com
Server:  bart.ns.cloudflare.com

updates.tswildales.com  nameserver = ns1.sendinblue.com
updates.tswildales.com  nameserver = ns2.sendinblue.com

However these two nameservers do not seem to respond for your domain.

Also, your DNSSEC configuration for tswildales.com seems to be broken.

Okay, thank you. I guess I’ll have to contact SendInBlue then. How did you do this lookup? And how can you see that they are not responding to my domain?

I just asked our hosting company to add the DS record data this afternoon.

I just got mail from them it should be working in 60/90 minutes.

nslookup -type=ns updates.tswildales.com ns1.sendinblue.com
Server:  UnKnown

*** UnKnown can't find updates.tswildales.com: Query refused

This led me to check, and there is an option to ‘add a domain’ in SendInBlue – although this is not mentioned in the instructions. I’ve added updates.tswildales now. For a second I saw some propagation, which stopped again now…

Also, there is an option to then verify it, by adding a txt record with a code in it for updates.tswildales.com. However, when I try to do this in Cloudflare, I get the error message: ‘NS records already exist with that host. (Code: 81056)’.

Thank you for your help so far!

You will probably first have to remove the NS records to add the TXT record.

Thanks, I’ll try that!

Now I get the error message: ‘Non-NS records already exists with that host. (Code: 81055)’

So just the same but the other way round.

You can’t have them at the same time. You probably first need to validate this with your service and only then add the records.

By searching for error code 81055 i found this thread:

I’m going to try that solution and let you know if it worked!

It is not a propagation issue here, your nameservers simply do not respond for the configured domain.

1 Like

What would you advice me to do? Contact SendInBlue?

Yes, you need to talk to them. Their server does not respond, possibly some configuration is missing.

1 Like

I’ll do that, and will let you know what they say.

After today not only the records of updates.tswildales.com were not propagating, but also the records for the complete domain tswildales.com, e.g. the site and email were down. Slight panic of course!

I contacted every helpdesk I could, and quickly we found that Neostrada, the people we have our domain name registered through, had messed up filling in DNSSEC-data I sent them to configure last Friday at the domain name registrar of tswildales.com. So we just turned off DNSSEC, and ‘poof’ everything started working, including the records for updates.tswildales.com. I guess I was trying to do to much at the same time.

But now I could finally get SendInBlue configured, since the DNS records were checking out. Everything seems to be working as it should now, just waiting for the last few DNS servers to check out.