Issue with a domain propagation?

DNS & Network
#1

Hi,

So I have this domain: TOUCHSERVICES.CA. I added it to Cloudflare and changed its nameservers 2 days ago on GoDaddy.

It was added and activated successfully to my Cloudflare account, and is active. It’s a very simple zone:

Screen Shot 2022-04-10 at 9.31.08 AM
Screen Shot 2022-04-10 at 9.31.08 AM1788×672 89.3 KB

My issue is with the propagation: it’s really slow and weird, it’s the first time I have this issue with Cloudflare.

When doing an nslookup on my domain using my ISP’s DNS, it works fine:

mike % nslookup touchservices.ca
Server:		192.168.0.1
Address:	192.168.0.1#53

Non-authoritative answer:
Name:	touchservices.ca
Address: 104.21.11.105
Name:	touchservices.ca
Address: 172.67.148.196

But when I’m trying to resolve it using Cloudflare’s own DNS, it fails:

mike % nslookup touchservices.ca 1.1.1.1
Server:		1.1.1.1
Address:	1.1.1.1#53

** server can't find touchservices.ca: SERVFAIL

The same result occurs with Google’s DNS (8.8.8.8 and 8.8.4.4). I tried with another .CA domain hosted at Cloudflare and it’s all fine.

I discovered the issue when trying to generate an SSL certificate using certbot, Let’s Encrypt returns a critical error:

   Domain: touchservices.ca
   Type:   None
   Detail: DNS problem: SERVFAIL looking up A for touchservices.ca -
   the domain's nameservers may be malfunctioning; DNS problem:
   SERVFAIL looking up AAAA for touchservices.ca - the domain's
   nameservers may be malfunctioning

   Domain: www.touchservices.ca
   Type:   None
   Detail: DNS problem: SERVFAIL looking up A for www.touchservices.ca
   - the domain's nameservers may be malfunctioning; DNS problem:
   SERVFAIL looking up AAAA for www.touchservices.ca - the domain's
   nameservers may be malfunctioning

I ran into this issue in the past, but it was always fixed after 30-60 minutes. Now it’s been 48 hours.

I’m a bit confused about what I can do about this.
The nameservers are -

Any help or tips is appreciated.

Thanks,
Mike

#2

What now? Already happened, or first time?

Are you able to extend that screenshot more down to confirm that the set NameServers are really the ones Cloudflare gave you?

Thanks!

#3

Hi!

Here’s the complete screenshot with the nameservers -

Screen Shot 2022-04-11 at 8.16.07 AM
Screen Shot 2022-04-11 at 8.16.07 AM2112×2032 383 KB

And my nslookup command -

mike % nslookup -type=ns touchservices.ca
Server:		192.168.2.1
Address:	192.168.2.1#53

Non-authoritative answer:
touchservices.ca	nameserver = aitana.ns.cloudflare.com.
touchservices.ca	nameserver = bayan.ns.cloudflare.com.

Authoritative answers can be found from:

It’s been 3 days, and if I try to look it up using Cloudflare’s 1.1.1.1, it still fails -

mike % nslookup -type=ns touchservices.ca 1.1.1.1
Server:		1.1.1.1
Address:	1.1.1.1#53

** server can't find touchservices.ca: SERVFAIL

Really mysterious!

Anyone has an idea? We need to launch this website, and right now it’s just impossible! I might just re-switch the DNS over to GoDaddy (ewwww!!!).

Thanks,
Mike

#4

Hi.

So I took the decision to move the DNS back to GoDaddy (a solution that I hate), but after 4 days, the propagation is stalled (really never experienced that in the past!), and the site has to launch.

I’ll try again at another moment.

Thanks,
Mike

#5

You have DNSSEC enabled for that domain. You can’t change name servers if you have DNSSEC enabled. You’ll have to completely disable that before adding a site to Cloudflare.

 % whois touchservices.ca | grep DNSSEC
DNSSEC: signedDelegation
2 Likes
#6

Oh, thanks! I didn’t know about that!
Thanks a lot - I’ll read about this.

#7

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.