Since yesterday I updated the NS record in AWS Router53 to point to the two Cloudflare NS servers but the Cloudflare user interface still shows “Pending Nameserver Update” after so much time.
The domain does not have SSL yet because SSL will be setup after Cloudflare DNS will be OK - Letsencrypt uses cloudflare DNS to validate the domain but the domain DNS needs to be correct otherwise Letsencrypt DNS validation is not working.
What domain?
Sounds like you may have made the same mistake as over here:
Thank you for your help.
I still see Pending Nameserver Update more than 24h after the NS was updated.
The domain is vtrasca me and the NS records were updated in AWS Route53
The Windows command
nslookup -type=NS vtrasca me shows that the NS is pointing to cloudflare.
As the post that @DarkDeviL shared explains, you cannot add Cloudflare nameservers as NS records at your existing DNS provider. You must replace your existing DNS provider at your domain registrar.
Your domain whois shows that you have Amazon Route 53 nameservers set at your registrar. You need to delete those and replace them with your Cloudflare nameservers or your domain will never activate
Thank you again.
I’m not sure I understand what you are saying. I believe I correctly replaced the NS record in route53 to point to cloudflare.
I did myself whois and this is what I get
|vtrasca.me|NS|60||amy.ns.cloudflare.com|
|vtrasca.me|NS|60||rick.ns.cloudflare.com|
I tried uploading a screenshot with the output of the commands I run and with how the configuration looks in aws route53 but I get and error when I upload the screenshot and I press Reply.
NS queries for your domain to the me. root nameservers suggest that your registrar somehow updated the parent zone, but still has AWS DNS in your whois record. That is most unusual. You may want to ask your registrar about that.
This is how it looks in aws route53 - SOA record is still pointing to amazon because in cloudflare documentation it says to update only the NS records, it says nothing about the SOA record.
There is no need to post AWS screenshots as nothing in them is relevant to your situation. You cannot use AWS DNS and Cloudflare on the same zone at the same time. You need to contact Gandi and ask them why you still have AWS nameservers in your whois.
% whois vtrasca.me
Domain Name: vtrasca.me
Registry Domain ID: 62a1e2f8d85343d2a65bb25e372546e9-DONUTS
Registrar WHOIS Server: whois.gandi.net
Registrar URL: https://www.gandi.net
Updated Date: 2023-08-20T02:00:18Z
Creation Date: 2020-09-23T13:34:49Z
Registry Expiry Date: 2024-09-23T13:34:49Z
Registrar: Gandi SAS
...
Name Server: ns-1611.awsdns-09.co.uk
Name Server: ns-316.awsdns-39.com
Name Server: ns-1372.awsdns-43.org
Name Server: ns-986.awsdns-59.net
DNSSEC: unsigned
Nowhere in any Cloudflare documentation is there any instruction suggesting that you update NS records in your zone. The directions very clearly state that you must change the nameservers at your domain registrar.
Again there is no instruction to create NS records in your zone. It is a pointless action that will produce no desired effect
You are in the wrong section of that site, You need to click the button to the left labeled Whois.
when I do whois I see the above - I’m not sure how i get somethign when I do whois and you get something else.
This is the 1st time I head about gandi. The registration was with AWS route35 I never did anything in my life with gandi, how come gandi came into this discussion?
I posted aws screenshot because I did register with AWS route53 and they are my registrar.
When I click that section I get ‘WHOIS data currently unavailable.’ I don’t know why.
In any case we speak about DNS records, didn’t we? This is what I clicked on the DNS Records section of the whois answer.
You need to follow these directions at your registrar.
Hello,
The registrar is indeed AWS Route53, this is why I sent screenshots from AWS. I never had anything to do with gandi, I never bought anything from them.
After I read your last answer I went again in the AWS Route53 user interface and looked more carefully. I noticed that there are two menu entries closely related there is the Zones menu item and Domains menu item and their screens look identically they both have NS records and they both look the same - You were right previously I did modify the NS records from the Zone just because I’m doing this activity once every 2 years and the user interface looks the same in both places.
I now rolled back the zone NS changes and updated the NS records from the domain this time.
Hopefully this was the issue and it will not take 24h for the NS changes to propagate.
Thank you again for your help.
@epic.network is correct about the output shows that the registrar is Gandi.
There are indications out there, that Amazon/AWS may be using Gandi behind the scenes, at least for some kind of domain registrations.
Can you see if you have more luck using this Tutorial ?
Nevermind about 
Seems like the name servers are already on it’s way towards:
amy.ns.cloudflare.com
rick.ns.cloudflare.com
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.