Strage cache for DNS Proxy

Hello,

I have 54 domains hosted with CF. 44 domains are working perfectly. But for exactly 10 domains I have the same issue: when I activate the DNS proxy for the “WWW” subdomain the behavior changes. Let’s say WWW was set in the past to and old hosting provider with IP 1.1.1.1 and now I put it to a new hosting provider with IP 2.2.2.2. When DNS proxy is disabled WWW resolves to 2.2.2.2 (the new IP). When i access www.example.com in browser (I am using Firefox in incognito mode and cleared the browser cache completely) I am going to the right web page. After I activate the DNS proxy for it then WWW will take me to the old IP 1.1.1.1 and in browser I am seeing and old website.

I tried putting WWW as CNAME going to the @(root) or WWW as A directly to the new IP. After activating DNS proxy same issue for both. I tried to delete WWW and wait for my ISP cache to clear. Pinged it until i received “Name or service not known”. Then created it again and accessed www.example.com was OK, after activating DNS proxy went back to the old hosting.
I tried to delete the domain from cloudflare completely and added it again. Issue is coming back as well.
I tried to Purge Cache for Everything, did not help. I tried to wait for several months, the information for the old hosting provider is still saved somewhere…

The information that makes the WWW to go to the old hosting provider after activating DNS proxy is cached somewhere and I cannot clear that cache.

Please help!!! :slight_smile:

This happens if the old hosting provider had their own Cloudflare integration, but did not completely remove your site from their Cloudflare setup. So when you try to use :orange: Proxied Cloudflare again, it’s still connecting to your old hosting.

Ask the old hosting provider to completely remove your site from their Cloudflare setup.

1 Like

@sdayman Thank you for your reply. This will solve 9 of my 10 domains. For 1 domain, this behavior happens since I bought it. I don’t know who is the old hosting provider for it. And for the issue to be more complex, for this one domain after activating DNS proxy the destination page is not some landing page that can give me a hint about the old hosting provider, it is only this error “Secure Connection Failed” and page do not load at all.

Any other idea? Or can someone from CF reset the DNS for me for this domain?

You’d have to open a ticket via email: support AT cloudflare DOT com

And then post the Ticket # here. @Tobi is here for a bit longer, so if you hurry, he might be able to reset it this morning.

2 Likes

Ticket nr #2268416

created another one because i used the wrong email, not the one from the account. Ticket nr # 2268420. thank you so much @sdayman @tobi

1 Like

That domain I said before still have the issue. Did someone reset the DNS for the domain in ticket I raised? Or it is still pending?

@sdayman Because I am on a free plan the ticket was automatically marked as solved in several seconds and robot told me to ask community. I feel like I am in a closed circle now :slight_smile:

Can @tobi help me as free user? Or that domain cannot be fixed until I pay?

Thank you guys!

Hi there @VFY!

I’ve just replied to your support ticket. Can you please have a look, retry your testing, and follow up on the ticket with your results?

Thanks!

2 Likes

Hi @blas,

Just replied to the ticket with HAR archive attached.

Thank you

Got it, thanks for that! Any chance you have any firewall rules in place at your server that match and maybe triggering on the hostname www? Also, does this only happen with www, can you test with another subdomain?

1 Like

Sounds to me like this could be a cipher suite compatibility issue. Please review my latest comment in your ticket which includes the list of cipher suites supported by Cloudflare, and the ones currently allowed at your origin.

1 Like

The list of cipher suites supported by Cloudflare include all of the cipher suites currently allowed at my origin. No firewall rules or anything. Firewall Log is not recording any new line when accessing WWW for that domain. All my domains currently hosted at Cloudflare are on the same machine with identical configuration for each domain. I never was able to make WWW work on that respective domain. I also deleted it and created it again in my Cpanel and nothing made it work. I thought always there is an issue on my sever, until I tested the WWW with DNS proxy disabled and it worked. On origin I am using Let’s Encrypt for all my domains, all are working fine. I just created now a new subdomain called “test” and it is working fine accessing it over HTTPS. I put it on CF DNS as CNAME for @ exactly as I did with WWW and has DNS proxy enabled for it. Same certificate as WWW has, same issuer, same DNS configuration as WWW has, TEST is working fine, WWW not. Also when you access my website without WWW the certificate is working fine, and it is the same certificate for root+WWW they are simply alternative names on the same certificate. Are you seeing any cache from another CF account setup for WWW?

My thoughts are that WWW is “DNS proxy cached” somewhere else where it leads to another landing page with no SSL certificate or maybe some self-signed one. That’s why we received that NO_CYPHER_OVERLAP ssl error. I did a mistake when i first added that domain to cloudflare. I set-up first the CF nameservers and forgot about adding it to my CF account. Just let it sleep on some random CF nameservers. When i came back after some time i saw that another CF user added it to his account and used it for some shady content. I immediately added to my CF account and validated myself as the owner. CF asked me to change the nameservers to new ones and it was added to my account with success. But since that event happened WWW never worked properly with DNS proxy enabled, maybe my WWW is still on that user setup and was never deleted by him from his account… Makes some sense? :slight_smile:

Hi @blas ,

Any new ideas on my ticket #2268420 ?

Thank you