I can't load https://microsafe.com.br with CF, but www adddresses work

First: I don’t understand almost anything about DNS records. I have my website configured on Windows Server 2012 with IIS 8.0 and Let’s Encrypt Certificates.

My problem is this: I have my site, microsafe.com.br, configured in Cloudflare. Trying to access ‘www.microsafe.com.br’ works perfectly. But if you try to load ‘microsafe.com.br’ (no www), the browser issues an error DNS_PROBE_FINISHED_NXDOMAIN.

So far, the only way I’ve managed to work around this issue was to add an unproxied A record for microsafe.com.br. That’s how Cloudflare’s DNS records are configured right now. But obvioulsy, this is not a solution, and worse, exposes my site true IP unnecessarily.

I looked up my hosting provider (Mochahost) original DNS records and found there’s no A record for microsafe.com.br there. Instead, they use an “A * IP TTL” format for such record. In fact, that’s how my Cloudflare DNS record is configured right now (see attached screens, if you will). When I tried to add an “A microsafe.com.br IP TTL” proxied record to Cloudflare, the DNS wouldn’t resolve for 8 hours straight. I suspect there should be an “A microsafe.com.br IP TTL” in my original server’s DNS zone as well, but I’m not knowledgeable enough to dispute that with my hosting provider… which insists on saying everything is configured correctly on yeir side.

I also tried to configure a 301 Redirect in IIS 8.0 to eliminate ‘microsafe.com.br’ addresses once and for all, but all I’ve got was TOO MANY REDIRECTS errors instead.

If anyone could explain to a layman like me what am I doing wrong, I’d appreciate. Thanks!

I can access the site via microsafe.com.br and www.microsafe.com.br. Neither of them redirect and there are pages shown on both.

Yes, because as it’s written in the OP, I disabled 301 requests because they were causing redirects. And I had to leave an unproxied A record in Cloudflare to make both microsafe and www.microsafe work,

What I want is to get rid of the DNS only A record and make both URLs work. And possibly, get 301 redirects to work again.

Screenshot 2023-02-27 at 4.42.36 PM


The nxdomain error on ‘microsafe.com.br’ is covered in quickfix idea 4 of the nxdomain CommunityTip

If you proxy that and get the too many redirects error, click

and try quick fix idea 1 to see the redirect at the origin, you’ll get a reply of

< HTTP/1.1 301 Moved Permanently
< Location: https://microsafe.com.br/

Leave it and proxy it, remove the redirect at your origin server to avoid the too many redirects

Add a CNAME record called www with a value of the name of your domain, also proxied, and both options will work

1 Like

Hi @cloonan! Thank you for the detailed reply.

Everything you said makes sense, but it didn’t work, because I think the issue is in my server’s original DNS records, not in Cloudflare.

For example, I did try to add a proxied “A microsafe.com.br” record to Cloudflare, using @ to resolve to microsafe.com.br. That failed. After I did that, my site did not resolve for 8 hours straight. I had to unproxy the record so the site could load again. I suspect this happened because there’s no equivalent “A microsafe.com.br” record in my server’s original DNS Zone, as pictured in my post (just look at the screenshot). There’s only an A * record there. But since I don’t understand almost anything about DNS records and my hosting provider insists my original DNS records are correct, I’m really lost here.

Your original DNS records are irrelevant. The only DNS zone data that will be made available to the internet during normal operation is the one provided by the servers listed in your domain’s whois record, which is currently:

nserver:     kayden.ns.cloudflare.com
nserver:     rosalie.ns.cloudflare.com

Ok. If my original DNS records are irrelevant, can someone explain to me why If I add a proxied A record to my Cloudflare DNS zone, like “A microsafe.com.br IP TTL Auto Proxied” my domain won’t resolve at all?

It only works with the same record above, as long as it’s unproxied.

When you say “won’t resolve at all” are you speaking strictly to the results returned by local DNS Tools such as nslookup and dig or do you mean that a page does not load in a web browser?

Can you leave the hostname :orange: proxied so Community members can test the DNS resolution independently?

Hi @epic.network, thank you for your reply.

When I say “won’t resolve at all” I mean that as soon as I proxy my A record, the web browser immediately returns the infamous DNS_FINISHED_PROBE_NXDOMAIN error.

I waited 8 hours straight after proxying the record in order to allow it to propagate. That’s plenty of time for that to happen. But it didn’t work. I finally gave up and had to unproxy the record. The site loaded almost immediately after that. Notice that I’m always talking about the exact same A record, the only difference is whether I proxy it or not. At this moment, I’m having to use an unproxied record, and that’s not good at all.

I can only leave the record proxied again next friday night, this is a live e-commerce site, I can’t have it downed during business days.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.