I needed to turn off proxy for many of my sub-domains due to an issue with Let’s Encrypt certificate renewal. To speed up the process, I wrote a script that called the Cloudflare API to set the proxy=false. After all Let’s Encrypt certificates were successfully renewed, I called the Cloudflare API to set proxy=true for my sub-domains.
All of my sub-domains were successfully proxied except for bioinspired.sinet.ca. Even though the dashboard shows bioinspired.sinet.ca is proxied, dig @gordon.ns.cloudflare.com bioinspired.sinet.ca shows the actual server address rather than one of the Cloudflare servers (same if I resolve via live.ns.cloudflare.com). I have tried turning off proxy for my subdomain and then turning it on without resolving the name resolution issue.
Does anyone have any ideas? I have not tried to delete bioinspired.sinet.ca and add it back again - I am concerned that the subdomain has somehow become locked.
Dumb user mistake. There was a typo in the control file that was used to call the Cloudflare API. The result was that Cloudflare had proxied “boininspired.sinet.ca” . I corrected the subdomain name and life is once again good.
A summary of yesterday’s events for those interested in what happened and as a cautionary tale. I wrote a small script that used https://developers.cloudflare.com/api/operations/dns-records-for-a-zone-list-dns-records to extract the DNS information for my various zones and copied the A-record name, id, and proxy status into a flat file. Another script processed the flat file, skipped any records where proxy was already disabled, and then used https://developers.cloudflare.com/api/operations/dns-records-for-a-zone-patch-dns-record to disable proxy and later re-enable it . The API documentation included a sample - I removed the request parts that I was not modifying - in addition to the DNS record id, I passed the DNS name and desired proxy state. I did not make the connection that all the optional request parameters are modifiable.
When I built the flat file, I accidentally missed selecting all of the input data. I noticed that my bioinspired.sinet.ca subdomain name was incorrect, manually corrected the problem, but in my rush to finish, did not notice that the subdomain was still missing a letter. The result was that I disabled the proxy status of bioinspired.sinet.ca but also accidentally renamed the subdomain. The correct subdomain was still resolving but to my server IP. Toggling the proxy status of the renamed subdomain via the dashboard was pointless. It was only after I made my original post that I copied the subdomain from the Cloudflare dashboard into a DIG command and noticed the typo (it had been a long day). Only passing the desired proxy status in the PATCH DNS Record request would have avoided the issue.