Problem using CloudFlare server DNS

Hi,
yesterday in the mooring I set for my domain intoona dot com in my OVH panel the server DNS from Cloudflare because I want to manage it with Cloudflare

So I set ziggyDOTnsDOTcloudflareDOTcom and etienneDOTnsDOTcloudflareDOTcom

After 1day, if on my PC use 1.1.1.1 and DNS, I’m still not able to translate intoonaDOTcom

dig intoona.com NS

; <<>> DiG 9.10.6 <<>> intoona.com NS
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 37402
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; OPT=15: 00 09 6e 6f 20 53 45 50 20 6d 61 74 63 68 69 6e 67 20 74 68 65 20 44 53 20 66 6f 75 6e 64 20 66 6f 72 20 69 6e 74 6f 6f 6e 61 2e 63 6f 6d 2e ("..no SEP matching the DS found for intoona.com.")
;; QUESTION SECTION:
;intoona.com.			IN	NS

;; Query time: 40 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Fri Aug 19 16:27:52 CEST 2022
;; MSG SIZE  rcvd: 91

Otherwise on my amazon ec2 istance it’s work

dig intoona.com NS

; <<>> DiG 9.16.1-Ubuntu <<>> intoona.com NS
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55121
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;intoona.com.			IN	NS

;; ANSWER SECTION:
intoona.com.		5721	IN	NS	ziggy.ns.cloudflare.com.
intoona.com.		5721	IN	NS	etienne.ns.cloudflare.com.

;; Query time: 0 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Fri Aug 19 16:27:04 CEST 2022
;; MSG SIZE  rcvd: 96

Is it possible that after more than 30 hours the 1.1.1.1 DNS server are not already refreshed?

thanks a lot

DNS record changes can take up to 48-72 hours!

So wait until the time period is up and try again!

You have a DNSSEC issue. The clue appears offscreen in the results you shared from 1.1.1.1.

("..no SEP matching the DS found for intoona.com.")

You can confirm this with DNSViz.

The resolver you are using on your EC2 instance is working because it is not performing DNSSEC validation. 1.1.1.1 is a DNSSEC validating resolver so it will not return answers that fail to validate.

Once you add your DS record to your registrar you should start to see your domain resolve on DNSSEC validating resolvers.

Thanks epic.network for your detailed explanation.

So following you link, I Enable DNSSEC on Cloudflare and copied the DS record on OVH.
now i think i just have to wait right?

One question: but this procedure for managing the DNSSEC is to be done for all the sites I manage with Cloudflare? On Cloudflare I already have 5 other sites but this is the first time I have this problem.

Thanks a lot

1 Like

Your DNSViz results are looking good.

The most likely reason would be that you didn’t enable DNSSEC on those domains. If you want to protect them with DNSSEC, you can turn it on in Cloudflare and update the registrar with generated values.

1 Like

Thanks a lot.
You gave me a great help :pray:

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.