NS not configured for our zone

Hi guys,

We’re facing an issue with Cloudflare’s NS servers.
We add the site to Cloudflare (it was before on a different account).
The assigned NS are nola.ns.cloudflare.com and norm.ns.cloudflare.com.
But these NS are not configured to answer our zone, please check the output below:

$ dig @nola.ns.cloudflare.com ns abmedicalortopedia.it

; <<>> DiG 9.11.5-P4-5.1ubuntu2.1-Ubuntu <<>> @nola.ns.cloudflare.com ns abmedicalortopedia.it
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 19641
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;abmedicalortopedia.it.		IN	NS

;; Query time: 7 msec
;; SERVER: 173.245.58.212#53(173.245.58.212)
;; WHEN: wo nov 27 17:59:05 CET 2019
;; MSG SIZE  rcvd: 50

We already contacted support but no reply in days.

Any idea what’s going on?

Thanks
WP-OK

That often is an issue, especially with .it (and several other European TLDs) as their registries believe they need to validate the nameservers, which will typically fail if the domain is already on another account.

However, that does not seem to be the case here.

Can you post a screenshot where Cloudflare mentions these two nameservers?

Hi Sandro,

Sure, you can find it here:

Thanks
WP-OK

Hmm, alright, something must have gone wrong with activation internally. At least the assigned nameservers should respond at this point. The domain is marked as “pending”, right?

Unfortunately in this case only support can help. What did the ticket you opened say? Was it some automatic response? In that case there is a good chance it was automatically closed and you just need to respond and say that the issue is still present to re-open it.

Can you post the ticket number here too?

It looks like the change of nameservers from that other account to the svrsh.com ones has not fully propagated. As @sandro mentioned, if you can share your ticket number here, I’ll keep an eye on it.

Hi Cloonan and Sandro,

Thank you guys, it’s request #1792751.
I got a disappointing answer so far from someone that didn’t understand the problem at all.

After further checking, we found that the NS associated with the previous Cloudflare account are still responding to the domain zone:

$ dig @wally.ns.cloudflare.com ns abmedicalortopedia.it

; <<>> DiG 9.11.5-P4-5.1ubuntu2.1-Ubuntu <<>> @wally.ns.cloudflare.com ns abmedicalortopedia.it 
; (2 servers found) 
;; global options: +cmd 
;; Got answer: 
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63598 
;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1 
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION: 
; EDNS: version: 0, flags:; udp: 512 
;; QUESTION SECTION: 
;abmedicalortopedia.it.	IN	NS

;; ANSWER SECTION: 
abmedicalortopedia.it.	86400	IN	NS	norman.ns.cloudflare.com. 
abmedicalortopedia.it.	86400	IN	NS	wally.ns.cloudflare.com.

;; Query time: 9 msec 
;; SERVER: 173.245.58.239#53(173.245.58.239) 
;; WHEN: do nov 28 08:47:54 CET 2019 
;; MSG SIZE rcvd: 108

We’re 100% sure that the domain was removed from the previous account, so it seems like an issue with CF servers.

Thanks
D

That would suggest the domain never validated on that other account. Double check whether it really is not part of that account any more. However I would have assumed, adding it to the new account would announce it on the new servers instead (particularly because it never validated on the original account).

At this point I can really only suggest to make sure the domain is not on the other account. If it really isnt, your only option is to wait for support to fix that.

1 Like

Thank you Sandro, it’s not on the other account.
Just a clarification: it was working before on the previous account, so I don’t think it’s correct when you say ‘it was never validated on the original account’.

Thanks!

If it actually validated, it should be announced by all servers, in this case it isnt but only by the ones you mentioned, which does suggest it actually never validated on that account.

The other explanation could be that it actually worked, but has been purged already. In that case it shouldnt be announced by these nameservers any longer however, respectively after you added it to a new account only by the new ones.

In any case, at this point only support can fix that.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.