Tk Domain DNS Issues

We have had a hobby website for many many years that can only exist thanks to the free services offered by Freenom.

This is not meant to get into a debate about Freenom, or .tk domains.

We recently learned about Cloudflare and it would be great to have protection of the origin server serving a .tk domain.

However, when we change away from the Freenom DNS to “Custom DNS” and include the Cloudflare DNS, the authoritative nameservers time out without a response. When checking on Freenom Whois, the DNS show up correctly.

It we switch back to Freenom DNS, the website is immediately back online at it’s A record IP.

Thus, it seems that at least for us, DNS for .tk only works when using Freenom DNS.

Before we go crazy trying to troubleshoot this, are .tk domains supported on Cloudflare? Has anyone else experienced this, if so, what have you done?

p.s. if anyone had a “pending” .tk domain like we did, just email them and they will renew you for 9 years! Unfortunately they have yet to reply regarding this DNS issue.

Thanks in advance.

Many people have .tk domains on Cloudflare (although a lot are now down for the reasons you note).

You would need to set the Cloudflare nameservers again and give the domain name so people can look and see what the issue is.

Ok great, unfortunately there seems to be a lot of “Domainism” around the .tk domains (i.e. blanket negative stereotypes applied to all folks with a .tk domain).

The DNS was switched back to cloudflare around midnight.

We actually didn’t even realize that your servers IP was public, and mistakenly thought it was just the DNS name… This is why we would like to use Cloudflare. We would rather not specify the domain due to this.

However, here are various screenshots on the matter. We knew 0 about DNS prior to this, but maybe DNSSEC is enabled and that is why? Is that what that RRSIG is?

Freenom WHOIS

DIG Results - Authoritative and NIC Nameservers

DIG Results - 1.1.1.1

Thank you very much for the help and please let us know any further troubleshooting.

Nobody has posted how long it has taken a .tk domain restoration after emailing, so in our case, it was about 1.5 days later.

1 Like

So we knew nothing about DNS resolution or what this output even meant. Just included because we saw others had…

After asking ChatGTP, we know understand better and wanted to share.

This is NOT a DNSSEC issue. This is what was said on that

As for tkmaxx. , it appears in the NSEC record, which is part of DNSSEC (DNS Security Extensions). The NSEC record is used to prove the non-existence of a record. In this case, it’s showing that there’s no record between tk. and tkmaxx. . This doesn’t necessarily mean that tkmaxx. doesn’t exist, but rather that there are no domains alphabetically between tk. and tkmaxx. in the tk. zone file. This is part of how DNSSEC prevents certain types of attacks by proving non-existence of a record.

And this explanation is great;

Yes, if you’ve changed your domain’s DNS to Cloudflare, then Cloudflare should show up as the Domain Name Servers in the dig output. Here’s a simplified version of how this works:

  1. Change DNS on Cloudflare: When you set up your domain with Cloudflare, you’re asked to change the nameservers for your domain to the ones provided by Cloudflare. This is done on the website of your domain registrar (the company where you registered your domain name).
  2. Update at Domain Registrar: The domain registrar needs to process this change. This update is crucial because the registrar is responsible for publishing the nameserver information to the rest of the internet.
  3. Propagation Time: After the change is made, it can take up to 48 hours (and sometimes longer) for the change to propagate across the internet. During this time, some users might still be directed to your old nameservers.

If the domain registrar didn’t process the change, or if there’s a delay in propagation, that could indeed cause your domain not to resolve.

Thus, it seems the output is showing that Freenom has not processed the change (i.e. step 2).

Any suggestions on that? Just wait and “hope” they update it? Or maybe it is the case that once your domain is retored you are stuck with Freenom DNS or whatever was set before it was restored. We have tried the usual flip the DNS options back and forth “trick” to no avail.

Anyone with .tk domains that were on Cloudflare prior to going pending? Does the Cloudflare DNS still work when restored?

We shall get to he bottom of this.

Its now working;

TL;DR for .tk domain issues
If your domain is down, first check if it is in “pending” status in your Freenom Dashboard. If so, email them at [email protected] and they will renew it for 9 years. For us, this took 1.5 days.

DNS issues - After you change DNS to Cloudflare in Freenom Dashboard, check dig to see if you can see an A record. If not, try to email them again and just keep trying to change it back and forth and checking dig until it works. Maybe because thy fix it in response to the email (and don’t respond) or maybe it just does.

Good like TiKinet