I’m not new to domain management for Cloudflare. I know the difference between DNS and registrar records. Whois shows isabel and kenneth CF DNS servers, yet dashboard stuck at “Pending Nameserver Update”. After about 30 or so minutes my sites fall off the internet because the registrar has been updated, but you aren’t. (And I have to then revert the registrar back).
PLEASE NOTE: If you look at this and see the WHOIS record back to namebright - it’s because I had to revert and not because I don’t know how to set it up.
Thanks!
What feature, service or problem is this related to?
CORRECTION: If you look at this and see the WHOIS record back to rob and dawn at namebright - it’s because I had to revert and not because I don’t know how to set it up.
If you click the link you can see your nameservers are currently kenneth.ns.cloudflare.com and isabel.ns.cloudflare.com, and in that state DNSSEC is not validly signed.
[add]
There are 2 sets of Cloudflare nameservers resolving for your domain, either because you have added the domain to a second account, or you have deleted and re-added the domain to Cloudflare in which case 2 new different nameservers will likely have been allocated you… https://cf.sjr.org.uk/tools/check?71507e3cf2554ad58c351d3dbe48e000#dns
The domain is on another CF account. (So, the NS records were "dawn and rob at cloudflare - I was about to post a correction to my original post stating that was the case and not namebright).
DNSSEC used to be enabled on the other CF account, but I disabled it a week ago. WHOIS record seems to confirm that:
There is no DS record at my registrar since my DNS is another Cloudflare account. I double-checked on at my registrar and there’s no DS for that domain under them.
Cloudflare DNS Settings page for this domain shows DNSSEC was turned off however there’s now an error that wasn’t there before:
“Your DNSSEC setup will be disabled as soon as we detect that the DS record has been removed from your registrar.”
But like I said, WHOIS says no dnssec, and my registrar has no record of it.
You can see from my 2 test links above, the nameservers and DNSSEC status changed in those few minutes.
Make sure the nameservers are set to those shown in your dashboard. If you just changed the nameservers, wait an hour or so for Cloudflare to pick up the change. If still stuck, you can show a screenshot of your Overview page for the domain.
I had to revert back to dawn and rob because my servers including mail were starting to not resolve unfortunately. Which of course didn’t help your looking at it right now I’m sure. Sorry about that - I had to.
This is going to be tricky considering this is an active and important domain. It can’t go down for long.
Given that the other CF account this domain is actually registered to (and I’m trying to move it to a new account thus this NS change) says that “DNSSEC setup will be disabled as soon as we detect that the DS record” message, I’m not sure what to do considering there is no DS record at the registrar. And CF itself was handling the DNSSEC.
So, the issue was that although DNSSEC was turned off on Cloudflare, where DNS is hosted, it was in fact enabled at the registrar - HOWEVER their dashboard is apparently not working as it reported to me that there was no DNSSEC configured. After contacting their support, it turns out it was enabled there and they had to disable it on their backend.