I’m managing a VPS server with approximately 20 domain names, and it seems like one of the websites hosted on the server,
mydomain.me, is under a DDoS attack. When I tried installing Cloudflare for
mydomain.me, I noticed that it disrupted all the other websites, rendering them unreachable. Is this disruption occurring because
mydomain.me serves as the primary domain, functioning as the hostname
NS2.MYDOMAIN.ME? If that’s the case, could you guide me on how to install Cloudflare specifically for one website’s hostname without affecting the other websites on the same server?
What do you mean by disrupt? What error do you see?
Do the other domains maybe use cname records to your primary?
MYDOMAIN.ME does not use Cloudflare.
dig ns MYDOMAIN.ME +short
If that is not your domain name, you should not be using it in your posts, as it is a real domain name. There are reserved names, like
example.com, if you don’t want to share your domain name. You will typically get more accurate answers if you share your real domain, though.
If you have proxied your hostnames that server as nameservers, that will limit them to only HTTP & HTTPS traffic. The Cloudflare proxy will drop all other traffic, including DNS, FTP, SSH, SFTP & SMTP. Make sure that hostnames that need to pass other protocols are set to DNS Only.
I’ve provided a screenshot of our current Cloudflare DNS settings for reference.
Regarding the performance issues I mentioned, when the server experiences slowness, it significantly affects website loading times. Typically, a website takes around 5 seconds to load, but during these slower periods, the loading times increase by a factor of approximately 10.
Upon conducting further investigation, I discovered that during these slow periods, the server tends to reach the MaxRequestWorkers limit. While increasing the MaxRequestWorkers limit can allow the server to handle more concurrent website requests, it could also potentially lead to higher server loads.
Considering this, I believe that implementing DDoS protection through Cloudflare might be a suitable solution to mitigate these issues.
The other domains on the server use cname record pointing to their own domain, not my primary domain.
That’s all good, but you have not mentioned how enabling Cloudflare for your domain “disrupts” the other domains. Do you see any error when you try to open any of them?
The other domains hosted on the same server became inaccessible. Whenever I attempted to access any of these domains, I received a “Not Found” error.
When I realized that this problem seemed to be related to the installation of Cloudflare. To resolve the issue, I removed Cloudflare from the setup, and subsequently, the other domains started functioning properly again.
A “404 Not Found” error would usually indicate a problem with your server configuration. Did you make any changes to your server when you added your domain to Cloudflare?
No, I did not make any modifications while Cloudflare was active. However, upon removing Cloudflare, the websites became accessible once more.
I suspect this issue arose because I installed Cloudflare on the primary domain name that the server uses as its nameservers.
If the nameserver hostnames were set to proxied that would prevent them from receiving DNS queries. The Cloudflare proxy only passes HTTP and HTTPS traffic. Hostnames that need to use other protocols like DNS, FTP, SMTP, SFTP, SSH, etc, must be set to DNS Only.
I’ve included in a previous post, a screenshot of the DNS configuration that highlights which records are currently proxied and which are not. I would appreciate your insights on what changes you would recommend.
ns2 are your nameserver hostnames, they were DNS Only at the time you took that screenshot. That doesn’t tell me how they were configured when you encountered difficulty with domains that used those hostnames as their authoritative nameservers.
Having both names resolve to the same host defeats the purpose of the requirement of having a minimum of two authoritative nameservers. Having used that same shortcut myself over twenty years ago, I understand the temptation. It is preferable to run your secondary on a different host at a minimum, although a different network is preferable.
Unrelated to nameservers, you have your
webmail hostname set to DNS Only. It can most likely be safely proxied if you want, as long as it is only used for HTTPS access to email services. Without engaging in specific research can’t offer any guidance on many of the cPanel specific hostnames as I don’t use it.
Are your domains that use the
ns2 hostnames as nameservers currently resolving with them set to DNS Only?
The only idea that I have left without being able to actually observe the error is this:
You might have a service running on your server that connects to another local service through an external connection, using your domain.
With the domain being proxied, that service would then fail and might have some cascading effects.
I don’t see how a DNS misconfiguration would cause a 404 Not Found error.
Are these other hostnames set up as CNAMEs to your main site? They won’t be able to CNAME to a proxied address here unless it’s a Cloudflare for SaaS setup. They should use “A” records pointing to your server’s IP address.
If that doesn’t help, please let us know one of these hostnames that’s not working.
Is the attached screenshot displaying the settings correctly? If adjustments are needed, please advise on the necessary changes.
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.