Removed DNS record still exists, but not in the dashboard

Website, Application, Performance DNS & Network
1

What is the name of the domain?

What is the issue you’re encountering

I’ve removed 2 TXT records hours ago and they’re still showing in nslookup and dnschecker.org

What steps have you taken to resolve the issue?

I’ve tried adding/removing a new record to see if it would kick things over. The new record tested correctly and removed correctly, but the first two that are stuck have made no change.

I also tried re-adding the existing record, so I could then try to remove it again, but when I try to add it it says it already exists.

What feature, service or problem is this related to?

DNS not responding/updating

2

What exact TXT records (“Name” field) are we talking about?

3

Sorry about that. It’s for “_acme-challenge”

I’m setting up FlyingCDN for a client, and I need that record as a standalone CNAME, or it won’t validate. Basically, I’m stuck until those records disappear for me to proceed.

I’ve been using Cloudflare for a decade and this is the first time I’ve had to post, so it’s a good run!

1 Like
4

From my side, when I look at “_acme-challenge”, it seems to be following the typical format, which FlyingCDN is announcing for their set ups.

It is pointing as a CNAME, to a target generated using the format “{DOMAIN}.ffb7310192aab5b6.dcv.cloudflare.com”.

5

I’m also seeing this when I check the subdomain for TXT records. Same results with dnschecker.org

WindowsTerminal_w6pm1dG0RQ
WindowsTerminal_w6pm1dG0RQ2790×1022 68 KB

6

In that case, you need to disable Cloudflare’s Universal SSL and disable Cloudflare for the website.

Cloudflare needs to use the _acme-challenge record to work, and the CNAME would prevent that.

7

I appreciate you trying to help!

Unfortunately, this isn’t really the issue I have at the moment. I removed old TXT records with subdomain _acme-challenge, but they’re still showing to DNS servers. When FlyingCDN validates your domain, their CNAME needs to be the only record for that subdomain, which is preventing me from validating.

I just need Cloudflare to purge these records that are stuck. :sweat_smile:

8

Yes, it is.

1 Like
9

Thanks. I did try it, and have the Universal SSL disabled and the proxy off. I’ll report if anything changes.

10

I still see the 2 TXT records. Is the account maybe using Advanced Certificate Manager? Usually, disabling Universal SSL should remove the “extra” _acme-challenge records.

Can you try if you see the records if you list them via API? If not, can you create a ticket that we can escalate?

To give some more content:
As long as Universal SSL or ACM are activated, Cloudflare will automatically create _acme-challenge txt records that you can’t see or remove.
CNAME records can’t exist with any other records with the same name, so while Cloudflare allows you to create the CNAME, it doesn’t comply with the DNS standard and it shouldn’t work in most resolvers.

However, there are cases where Cloudflare doesn’t remove their own _acme-challenge records, and support might need to assist you in removing them.

If you don’t want to wait for support, you could also create a new Cloudflare account and move the domain to that new account.

11

Gotcha. The TXT records I’m referring to were added awhile back by SpinupWP, but haven’t been used in awhile.

I did already test to see if I could list them using the API, and they didn’t show up. I was hoping that would be a simple workaround :sweat_smile:

I’ll create a ticket. Thanks for your help!

12

Please share the number here and I’ll escalate it to support.

13

Great, thanks!

Case: 01459840

15

Hi @cloudnineweb

We’ve replied to your ticket!

Thank you

1 Like
16

I appreciate your help on this!

The Fix:
Turns out that zone had “Speed > Optimizations > Other > Automatic Signed Exchanges” enabled, which will apply hidden _acme-challenge TXT records.

3 Likes
17

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.