NSCompareTest Compare error

Hello Guys
I’m facing an annoying issue, after registering my website trying to change name servers as requested gamesource. it

On OVH when I try to change this following lines the result is: DOMAIN DNS UPDATE FAILED

[ns16.ovh .net] → [isaac.ns.Cloudflare. com]

[dns16.ovh .net] → [rose.ns.Cloudflare .com]

As OVH support team suggested I took a look in the register at this address (//dns-check.nic.it) and I faced this NSCompareTest error (it seems like someone have registered gamesource .it on Cloudflare before?)

The error is:

I don’t know what to do… any suggestion? … thanks!

Does your control panel mention isaac and rose? It currently lists kanye and may but if someone has already registered that before - as you pointed out - there might be a chicken/egg situation. If your contron panel shows isaac and rose it is best to contact support at their “support” address.

@cloonan, that seems to be the second case of a re-registration on Cloudflare recently with a registrar who checks the nameservers and complains about the apparent mismatch. Not sure how easy that is to fix for Cloudflare though, under the current NS verification system.

1 Like

Hi @marco.martinelli, I’m unfamiliar with the nscompare challenge you’re facing. Can you contact the registrar directly and ask them to manually update the nameservers to those assigned by Cloudflare (isaac & rose)? As long as you own the domain, they will have no issue helping you to update the nameservers. I see them as dns16.ovh.net and ns16.ovh.net, not kanye and may.

@sandro, you are right, this is difficult given we’re looking to/relying on a (third party) registrar to confirm nameservers. When a customer purposefully or accidentally changes their nameservers to no longer point to Cloudflare, we mark their zone as ‘moved’ and send an email asking to set their NS to be Cloudflare’s again. In some cases the timing was too tight or the email was otherwise missed. Based on feedback, the team recently introduced a change to automatically recheck zones in the ‘Moved’ state. With this recheck, if the issue is corrected, the zone is re-activated. This has been a positive change for a number of domains and we’re open to feedback to keep improving.

Was there a particular reason why the nameserver validation was chosen over a more traditional approach like registrant email verification?

Good question, I have to dig to understand the thought process at the time, but suspect the nameserver route was selected as 1) we rely on an authoritative source to verify domain ownership and 2) we need to control the nameservers in order to route traffic through Cloudflare. Having [email protected] does indicate you’re associated in some way with example.com, but you may or may not own example.com. Whereas changing the nameservers for example.com to a name we share with you shows you own the domain.

I didnt mean any random mail address (under that domain) but the mail address listed for the registrant. That should also prove you own the domain, shouldnt it?

As for the nameservers, it simply could only activate the domain for Cloudflare once it detects the right nameservers (and deactivate it should they change).

Just my two cents, but I guess - as so often - there’ll be also historical reasons for this decision.

Hello,

I am the sysadmin for that domain, the situation is as follows:

Almost a week ago we registered this domain on Cloudflare, we were given isaac and rose as NS Servers, i went to change the records in the DNS (OVH Control panel) and to my surprise it simply refused to update the default values to the ones provided by Cloudflare, i then tried again thinking “ok i might have done something wrong” but again same failure to update the NS records for that domain. We opened a support ticket with OVH right away and the reply was to check what was wrong using the tool in this page (https://dns-check.nic.it/), After checking the results of that tool we noticed that somehow we have kanye and may as NSCompare.

My conclusion is the following: someone (or one of our staff or someone else) registered that domain in their account before we did resulting in this stale situation (we cannot find any other account registered on Cloudflare with our domains email accounts).

Is there any way to manually change the NS servers back to kanye and may (provided we give proof of ownership for that domain) so we can edit our dns records to match those of the registar.

The only other solution we are left with is erase the domain from our Cloudflare account and adding it back again untill the 2 NS servers assigned are again kanye and may but i do not think that is the wised solution (so far OVH only dropped the ball back to us on the support ticket and apparently it is going to end the same way here)

Is it possible for you to approach your registrar and ask for the nameservers to be manually assigned, like @cloonan mentioned above?

If that is not possible I assume going via Cloudflare’s support (support@) will be the only option.

Is the right route if OVH cannot manually assist.