We transferred a .online domain to our company and added it to the Cloudflare DNS.
But after 4 days we noticed that the domain still was not resolved on many DNS servers in the world.
Now, 4 weeks after transferring the situation is still a drama.
What can we do about this?
Why is it that we use the DNS service from Cloudflare, even de Cloudflare DNS is not having the domain in their DNS?
Hope someone can shine a light on this and what to do next.
What’s the domain?
bailemos.online
Last update. I changed the DNS service from Cloudflare to Digital Ocean (19-12-2022 12:10 CEST) in the hope that it would trigger the propagation of the domain.
If the domain is not using the nameservers of Cloudflare, Cloudflare is not involved and you need to contact your DNS provider.
As far as Cloudflare is concerned, the domain is active for the nameservers fonzie and coraline. You need to set those if you want to use Cloudflare.
DNSSEC is enabled on your domain
% dig DS bailemos.online @a.nic.online +short
27054 13 2 A3208856DC5896C1A78178306E102D659EDD59E1E2BC50C2A08141E3 68F5CAEC
You have two options.
Enable DNSSEC on your Cloudflare dashboard and update the DS record at your registrar (Vautron Rechenzentrum AG) to the value provided by Cloudflare.
Delete the DS record completely with your registrar.
The current DNSSEC setup is broken - bailemos.online | DNSViz - but that’s something to clarify with the current DNS provider and Cloudflare won’t be involved here.
It looks like the DS record matches the DNSKEY with an old set of nameservers (ns4.combell.net and ns3.combell.net). My best guess is that the OP is changing the nameservers with their Registrar but not touching the DS records, and that DNSSEC signing is not enabled at all with either Cloudflare or Digitalocean, let alone enabled with the right keys.
Yes the were for the past 4 weeks 
I now put it back to Cloudflare again and try to sort it out with my registrar.
That may be, but with the OP having changed his configuration at this point, we unfortunately can only guess. If he want to use Cloudflare he’d need to set the Cloudflare nameservers (probably those mentioned earlier) and update the DS entry if DNSSEC is desired.
Only once the domain is properly configured for Cloudflare we could tell if something is off. Right now it’s simply not using Cloudflare.
Post here once you set them and take into account DNSSEC as well. Either disable it at your registrar or use the correct values.
How did you discover that? because that may be a very good lead!
The registry does not have a Cloudflare signature. Did you not update DNSSEC when you changed the nameservers? If not, then that will break resolution.
We just got a transfer token and no additional file with records etc.
So could be that we missed that. So our best chance is to contact our registry and let them know what is the issue and that they should take a look at the old DNSSEC of combell.net
Thanks for all the tips you guys gave me. Hope this will help me out.
What transfer token? What do you actually want to do? Transfer the domain to Cloudflare or only use the DNS service?
You have set the right nameservers at this point but you have not updated DNSSEC. You need to set the correct values at your registrar or disable it otherwise.
You mean Registrar?
What interface are you using to update the nameservers? That is the most likely place to find and either change or delete the DS records.
No, we transferred the domain from Combell.net to our registrar (Vautron Rechenzentrum AG).
At our registrar, we don’t have set the DNSSEC. And let’s assume it was set at the previous registrar, isn’t it so that when you transfer the domain this DNSSEC will be disabled?
Then your previous registrar may have enabled DNSSEC and your new registrar did not update this. You need to contact your current registrar so that they can fix that.
As long as you do not drop that incorrect DS entry, resolution will not work with any validating resolver.