Load Balancer - Error 1000 - DNS points to prohibited IP

Website, Application, Performance DNS & Network
1

What is the name of the domain?

blockmesh.xyz

What is the error number?

1000

What is the error message?

DNS points to prohibited IP

What is the issue you’re encountering

Cannot use a load balancer

What steps have you taken to resolve the issue?

I setup a load balancer with multiple endpoints.
If I’m trying to use a subdomain it fails with error 1000.
When I point to my AWS host directly it works.
When I try to point to another endpoint running the same code, with nginx and an origin certificate, it fails.
If I point directly to the host IP address, I’m getting SSL errors, if I point to the CNAME I get error 100 again.

What feature, service or problem is this related to?

DNS records

What are the steps to reproduce the issue?

Tried adding an origin certificate, tried point to the CNAME, none worked.

2

Hello, Cloudflare halted the request for one of the following reasons:

  • An A record within your Cloudflare DNS app points to a Cloudflare IP address :arrow_upper_right:, or a Load Balancer Origin points to a proxied record.
  • Your Cloudflare DNS A or CNAME record references another reverse proxy (such as an nginx web server that uses the proxy_pass function) that then proxies the request to Cloudflare a second time.
  • The request X-Forwarded-For header is longer than 100 characters.
  • The request includes two X-Forwarded-For headers.
  • The request includes a CF-Connecting-IP header.
  • A Server Name Indication (SNI) issue or mismatch at the origin.
1 Like
3

  • Your Cloudflare DNS A or CNAME record references another reverse proxy (such as an nginx web server that uses the proxy_pass function) that then proxies the request to Cloudflare a second time. ==> My server is ngnix and does use proxy_pass, but only to pass it to downstream servers outside of Cloudflare ==> not the issue

  • The request X-Forwarded-For header is longer than 100 characters. ==> Not the issue

  • The request includes two X-Forwarded-For headers. ==> Not the issue

  • The request includes a CF-Connecting-IP header. ==> Not the issue

  • A Server Name Indication (SNI) issue or mismatch at the origin. => Not the issue

  • An A record within your Cloudflare DNS app points to a Cloudflare IP address :arrow_upper_right:, or a Load Balancer Origin points to a proxied record. ==> Seems like the only possible issue. Again my setup is this:

A record => subdomain.domain to IP (Hetzner)
My load balancer => subdomain.domain

I have origin certs on my server, but if I use it via raw IP address, I get unsecure certificate.
If I use it via subdomain.domain, via the A record, works fine (beside load balancer issue obviously)

4

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.