Transferd dns to cloudflare, dns not updating correctly

I transferred my DNS name registration to cloudflare and have edited the DNS records with the correct IP (checked old google domain address and on the server). The Cloudflare dns has the correct server IP, but any external dns (1.1.1.1, 8.8.8.8, etc) does not. I have included the scloudflare export as well as dig output below. I have waited anywhere from 15 min to 12 hours after any changed so it should not be a TTL issue.

stephenph.com and moonunit.stephenph.com do not resolve correctly but the IPs on the console and in the cloudflare settings are correct and I can ssh to both via the correct IPs

I am not sure where the IPs
172.67.179.39 and 104.21.18.11
Come from

=================================================================
Here is the record according to cloudflare (export):
;
;; Domain: stephenph.com.
;; Exported: 2021-01-18 17:14:12
;;
;; This file is intended for use for informational and archival
;; purposes ONLY and MUST be edited before use on a production
;; DNS server. In particular, you must:
;; – update the SOA record with the correct authoritative name server
;; – update the SOA record with the contact e-mail address information
;; – update the NS record(s) with the authoritative name servers for this domain.
;;
;; For further information, please consult the BIND documentation
;; located on the following website:
;;
;; http://www.isc.org/
;;
;; And RFC 1035:
;;
;; http://www.ietf.org/rfc/rfc1035.txt
;;
;; Please note that we do NOT offer technical support for any use
;; of this zone data, the BIND name server, or any other third-party
;; DNS software.
;;
;; Use at your own risk.
;; SOA Record
stephenph.com. 3600 IN SOA stephenph.com. root.stephenph.com. 2036265665 7200 3600 86400 3600

;; A Records
moonunit.stephenph.com. 1 IN A 107.152.33.5
stephenph.com. 1 IN A 107.152.32.56
toy.stephenph.com. 1 IN A 104.192.102.96

;; MX Records
stephenph.com. 1 IN MX 40 alt4.gmr-smtp-in.l.google.com.
stephenph.com. 1 IN MX 30 alt3.gmr-smtp-in.l.google.com.
stephenph.com. 1 IN MX 20 alt2.gmr-smtp-in.l.google.com.
stephenph.com. 1 IN MX 10 alt1.gmr-smtp-in.l.google.com.
stephenph.com. 1 IN MX 5 gmr-smtp-in.l.google.com.

================================================================
Here is the record according to dig
[[email protected] .ssh]$ dig @8.8.8.8 A stephenph.com

; <<>> DiG 9.11.26-RedHat-9.11.26-2.fc33 <<>> @8.8.8.8 A stephenph.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12694
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;stephenph.com. IN A

;; ANSWER SECTION:
stephenph.com. 273 IN A 104.21.18.11
stephenph.com. 273 IN A 172.67.179.39

;; Query time: 6 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Mon Jan 18 12:27:27 EST 2021
;; MSG SIZE rcvd: 74

[[email protected] .ssh]$ dig @8.8.8.8 CNAME stephenph.com

; <<>> DiG 9.11.26-RedHat-9.11.26-2.fc33 <<>> @8.8.8.8 CNAME stephenph.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6803
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;stephenph.com. IN CNAME

;; AUTHORITY SECTION:
stephenph.com. 1799 IN SOA aiden.ns.cloudflare.com. dns.cloudflare.com. 2036261862 10000 2400 604800 3600

;; Query time: 17 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Mon Jan 18 12:27:38 EST 2021
;; MSG SIZE rcvd: 102

Hi,

I don’t understand the attempt to ask for CNAME on the domain apex, especially as you also have MX records on the apex and those two cannot co-exist by spec.

As for the IPs 172.67.179.39 and 104.21.18.11 - they’re (likely) Cloudflare’s proxy IPs - I am not sure I see a problem here.

But I’ll guess - maybe you expect the DNS server of Cloudflare to return the IPs you configured in the DNS tab? If you want that, that means that you don’t want Cloudflare’s protection service; If that is the case, make sure that the cloud icon next to the DNS record is NOT orange. If you want the protection, it has to go through Cloudflare’s IPs, not yours.

The CNAME was requested via dig just to be thorough, I was not expecting it to return an answer. The Cloudflare configuration does not set a CNAME.

Since I use these hosts for testing/learning purposes and not just http/https I needed to set to DNS only / not proxied I am now seeing the servers correctly. I am still not able to hit the cockpit pages (port 9090) but I did other changes to the the stack that might have affected that connection, so will refresh everything and see what happens.

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.