Tunnel works on one domain, but doesn't work on the second

Zero Trust Cloudflare Tunnel
1

Hi,
I am building an app on docker-compose and I added to build Cloudflare/cloudflared image. Everything works great on my old, test domain, but I bought one specially for new project, changed DNS nameservers and tried add tunnel to this new domain. Anything was okay in the dashboard, but it doesn’t work at all at my new domain. In browser I get DNS_PROBE_FINISHED_NXDOMAIN error.

cloudflared logs:

2023-01-04 14:07:14 2023-01-04T13:07:14Z INF Starting tunnel tunnelID=*****
2023-01-04 14:07:14 2023-01-04T13:07:14Z INF Version 2022.12.1
2023-01-04 14:07:14 2023-01-04T13:07:14Z INF GOOS: linux, GOVersion: go1.19.4, GoArch: amd64
2023-01-04 14:07:14 2023-01-04T13:07:14Z INF Settings: map[no-autoupdate:true]
2023-01-04 14:07:14 2023-01-04T13:07:14Z INF Environmental variables map[TUNNEL_TOKEN:*****]
2023-01-04 14:07:14 2023-01-04T13:07:14Z INF Generated Connector ID: *****
2023-01-04 14:07:14 2023-01-04T13:07:14Z INF Will be fetching remotely managed configuration from Cloudflare API. Defaulting to protocol: quic
2023-01-04 14:07:14 2023-01-04T13:07:14Z INF Initial protocol quic
2023-01-04 14:07:14 2023-01-04T13:07:14Z INF ICMP proxy will use 192.168.96.2 as source for IPv4
2023-01-04 14:07:14 2023-01-04T13:07:14Z INF ICMP proxy will use :: as source for IPv6
2023-01-04 14:07:14 2023-01-04T13:07:14Z INF Starting metrics server on 127.0.0.1:43251/metrics
2023-01-04 14:07:14 2023/01/04 13:07:14 failed to sufficiently increase receive buffer size (was: 208 kiB, wanted: 2048 kiB, got: 416 kiB). See https://github.com/lucas-clemente/quic-go/wiki/UDP-Receive-Buffer-Size for details.
2023-01-04 14:07:15 2023-01-04T13:07:15Z INF Connection *** registered with protocol: quic connIndex=0 ip=198.41.200.73 location=WAW
2023-01-04 14:07:16 2023-01-04T13:07:16Z INF Connection *** registered with protocol: quic connIndex=1 ip=198.41.192.77 location=FRA
2023-01-04 14:07:16 2023-01-04T13:07:16Z INF Updated to new configuration config="{\"ingress\":[{\"hostname\":\"***\",\"originRequest\":{},\"service\":\"http://192.168.0.100:3000\"},{\"service\":\"http_status:404\"}],\"warp-routing\":{\"enabled\":false}}" version=5
2023-01-04 14:07:17 2023-01-04T13:07:17Z INF Connection *** registered with protocol: quic connIndex=2 ip=198.41.192.27 location=FRA
2023-01-04 14:07:18 2023-01-04T13:07:18Z INF Connection *** registered with protocol: quic connIndex=3 ip=198.41.200.13 location=WAW
2

This means there isn’t a DNS record for the tunnel you are trying to access.

3

image
image1281×52 2.6 KB

But there is autogenerated DNAME DNS record

4

Sanity check: is that record for the correct domain? If so, then can you share the full hostname?

5

Yes, it’s correct domain :wink:

image
image1101×83 2.92 KB

6

Zrzut ekranu 2023-01-05 072336
Zrzut ekranu 2023-01-05 0723361275×273 45.5 KB

7

You appear to have a DNSSEC issue:

https://dnsviz.net/d/test.gregz.pl/dnssec/

8

Can you explain that issue? I see that first time.
Domain was registered by ovh. It’s problem with configuration there?

9

Yeah it’s a change you need to make at the registrar. Some allow you to configure this yourself, others you need to contact them and ask for them to modify.

Basically your registrar has DS key in place which says your records can/should be validated with a specific cypher but that cypher isn’t one provided by Cloudflare when it responds. Cloudflare does support DNSSEC, but you’d need to use the values available in the CF dashboard to replace the current/existing one.

10

Thank you very much. You helped me a lot. I will try fix that :wink:
Have a great day

1 Like
11

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.