Issue with a domain propagation?

Hi,

So I have this domain: TOUCHSERVICES.CA. I added it to Cloudflare and changed its nameservers 2 days ago on GoDaddy.

It was added and activated successfully to my Cloudflare account, and is active. It’s a very simple zone:

My issue is with the propagation: it’s really slow and weird, it’s the first time I have this issue with Cloudflare.

When doing an nslookup on my domain using my ISP’s DNS, it works fine:

mike % nslookup touchservices.ca
Server:		192.168.0.1
Address:	192.168.0.1#53

Non-authoritative answer:
Name:	touchservices.ca
Address: 104.21.11.105
Name:	touchservices.ca
Address: 172.67.148.196

But when I’m trying to resolve it using Cloudflare’s own DNS, it fails:

mike % nslookup touchservices.ca 1.1.1.1
Server:		1.1.1.1
Address:	1.1.1.1#53

** server can't find touchservices.ca: SERVFAIL

The same result occurs with Google’s DNS (8.8.8.8 and 8.8.4.4). I tried with another .CA domain hosted at Cloudflare and it’s all fine.

I discovered the issue when trying to generate an SSL certificate using certbot, Let’s Encrypt returns a critical error:

   Domain: touchservices.ca
   Type:   None
   Detail: DNS problem: SERVFAIL looking up A for touchservices.ca -
   the domain's nameservers may be malfunctioning; DNS problem:
   SERVFAIL looking up AAAA for touchservices.ca - the domain's
   nameservers may be malfunctioning

   Domain: www.touchservices.ca
   Type:   None
   Detail: DNS problem: SERVFAIL looking up A for www.touchservices.ca
   - the domain's nameservers may be malfunctioning; DNS problem:
   SERVFAIL looking up AAAA for www.touchservices.ca - the domain's
   nameservers may be malfunctioning

I ran into this issue in the past, but it was always fixed after 30-60 minutes. Now it’s been 48 hours.

I’m a bit confused about what I can do about this.
The nameservers are -

Any help or tips is appreciated.

Thanks,
Mike

What now? Already happened, or first time?

Are you able to extend that screenshot more down to confirm that the set NameServers are really the ones Cloudflare gave you?

Thanks!

Hi!

Here’s the complete screenshot with the nameservers -

And my nslookup command -

mike % nslookup -type=ns touchservices.ca
Server:		192.168.2.1
Address:	192.168.2.1#53

Non-authoritative answer:
touchservices.ca	nameserver = aitana.ns.cloudflare.com.
touchservices.ca	nameserver = bayan.ns.cloudflare.com.

Authoritative answers can be found from:

It’s been 3 days, and if I try to look it up using Cloudflare’s 1.1.1.1, it still fails -

mike % nslookup -type=ns touchservices.ca 1.1.1.1
Server:		1.1.1.1
Address:	1.1.1.1#53

** server can't find touchservices.ca: SERVFAIL

Really mysterious!

Anyone has an idea? We need to launch this website, and right now it’s just impossible! I might just re-switch the DNS over to GoDaddy (ewwww!!!).

Thanks,
Mike

Hi.

So I took the decision to move the DNS back to GoDaddy (a solution that I hate), but after 4 days, the propagation is stalled (really never experienced that in the past!), and the site has to launch.

I’ll try again at another moment.

Thanks,
Mike

You have DNSSEC enabled for that domain. You can’t change name servers if you have DNSSEC enabled. You’ll have to completely disable that before adding a site to Cloudflare.

 % whois touchservices.ca | grep DNSSEC
DNSSEC: signedDelegation
2 Likes

Oh, thanks! I didn’t know about that!
Thanks a lot - I’ll read about this.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.