NS records not propagating

Hi all,

I recently purchased a domain, kash[dot]fun and onboarded to Cloudflare for DNS management (I have a few domains on). It has been more than 48 hours since I updated the nameservers to Cloudflare’s but it doesn’t seem to be propagating. Some resolvers reflect the nameservers, others don’t reflect any NS records. See: https://www.digwebinterface.com/?hostnames=kash.fun&type=NS&useresolver=

I reached out to my registrar’s support for assistance and they have advised that the registry shows those servers, the DNS servers have been applied and associated to my domain properly from them but the DNS zone in Cloudflare is not propagating. See: https://lookup.icann.org/en/lookup (lookup kash[dot]fun).

Has anyone had this experience? What can I do to fix this?

And your registrar did not point out the DNSSEC issue?

Your domain currently has an invalid DNSSEC setup. You either need to disable that at your registrar or provide the values indicated by Cloudflare.

You also need to fix your encryption mode on Cloudflare and set that to Full Strict, as you currently have an insecure legacy mode set, which will keep your site insecure.


@sandro No, they did not… Thanks for identifying that. How did you identify that issue?

I actually disabled DNSSEC almost 24 hours ago on my registrar when I was going through every option available there.

I have just set it to Full Strict as you advised.

Is there anything else that I need to do or all that is left is to wait?

If you already disabled it, you best reach out to your registrar, as that is still enabled.

As for anything else, if the IP address you have currently configured is your actual server, you should also contact your webhost to get that secured as well, as you do not have a valid certificate.

@sandro Ok, I will contact my registrar to check on their end on the status of DNSSEC. Thank you.

I am actually only using this domain to do a redirect, not to host anything for now.

All right, then of course there is no server certificate to fix. However, I would adjust the IP addresses to avoid any origin issues here. Just follow Redirecting One Domain to Another

To summarise

  1. Contact the registrar to clarify DNSSEC and either deactivate it or update the value
  2. Use mentioned tutorial to set up the redirect

That should be all.


Thank you for the solution, @sandro. My registrar found the records in their backend (not reflected on the frontend) and deleted it after I had requested them to investigate.

The issue is now resolved and the DNS records are now fully propagated. I have it working as expected now. :slight_smile:

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.