Pending Nameserver Update (4+ days) .ch domain Godaddy

Hello,

Godaddy confirmed (via E-Mail) that my Nameserver has been updated to Cloudflare on September 10th.
In fact the redirection to my website works fine in many locations, but not all, ssl dosen’t work at all.

A whois confirms the name servers is set correctly.

The Cloudflare dashboard still says “Pending Nameserver Update”
DNSSEC is also marked as pending.
TLS dosen’t work (it is set to Full)

I am not sure what to do next to make this work.

From above screenshot, DNSSEC yes - this could be the issue.

May I ask what is your domain name?

May I ask was the DNSSEC disabled (off / no) before you switched your nameservers to the new ones (Cloudflare)?

  • or you configured and enabled the DNSSEC (on / yes) after you switched to Cloudflare nameservers?

Furthermore, DNS propagation process usually takes up to 24-48 hours.

Have you used some online tool to check for NS type of DNS records for your domain like below one?:

Therefore, you could also try to flush the NS type of DNS records for your domain by using below tools:

May I suggest looking into below article how to propperly setup SSL with Cloudflare:

Should be on Full (Strict):

2 Likes

DNSSEC should definitely be completely OFF when changing name servers. I don’t turn it on until at least 48 hours after a name server change has completed.

2 Likes

Thank you all for the information, to answer the questions:

  1. I can confirm with certainty that DNSSEC was completely off before changing name server to cloudfalre, since DNSSEC is a paid feature on GoDaddy which we did not purchase.

  2. I set SSL to FULL (Strict) and still no luck.

  3. It has been 5+ days now since I changed the name server, that is more than 24-48 hours. I cleared the google and Cloudflare cache first thing after changing the name server and did it again a few times.
    However OpenDNS always show: SERVFAIL even after clearing the cache several times over several days.

  4. I checked an online DNS service, and some locations show the correct NS and A records, some just show a red X.

The domain name is: www.theenglishnook.ch

I am really out of ideas here.

Thank you all for the help!

May I ask if you are using or tried to setup GitHub (Cloudflare) Pages with the custom domain being pointed to Cloudflare, due to the below screenshot? - or this is the old one …

Indeed the A records point towards GitHub pages.

First we had GoDaddy point them towards GitHub pages, then we moved to Cloudflare with the same A records “settings”.

I have to disagree. It’s clearly on, and needs to be turned off. Right off the bat your first post says so. And these tests confirm it:
https://dnsviz.net/d/theenglishnook.ch/dnssec/
https://dnssec-debugger.verisignlabs.com/theenglishnook.ch

Awesome that’s good at least I know where the issue is.

How can we be sure that this isn’t Cloudflares DNSSEC?

I just want to make sure I can point GoDaddy to the right spot, since DNSSEC is officially a paid service that we haven’t subscribed to.

Or is the issue with Cloudflare and I should simply cancel the setup?

Definitely cancel the DNSSEC here, but this is the “receiving end” of DNSSEC. Something upstream has a DS record for DNSSEC that’s not going to work, which is what those tests show.

1 Like