TXT record slow propagation

Website, Application, Performance DNS & Network
1

What is the name of the domain?

test.adguard0808.cloudns.ph

What is the issue you’re encountering

TXT value failed to propagate

What steps have you taken to resolve the issue?

I tried to renew my cert through certbot and it shows acme challenge failed, so i manually added a txt record at test.adguard0808.cloudns.ph, with the value “helloworld”, but later found out it does not propagate to many locations. I waited more than 10 minutes, but still failed to propagate.

What feature, service or problem is this related to?

DNS not responding/updating

What are the steps to reproduce the issue?

Add txt record in cloudflare
Watch how it propagates on https://www.whatsmydns.net/#TXT/test.adguard0808.cloudns.ph

Screenshot of the error

Snipaste_2025-02-20_15-38-33.png
Snipaste_2025-02-20_15-38-33.png1470×703 109 KB

2

Your domain isn’t using Cloudflare nameservers, so adding a record at Cloudflare isn’t going to work.

3

Sorry, i forgot to mention i have changed the nameserver to cloudflare throught the cloudns dashboard. i have updated the question now

4

UPDATE: Nameserver already changed to cloudflare, but still cant

5

Using free Cloudns subdomains with Cloudflare is best avoided, you are better to buy a cheap domain. Cloudflare lets you add the Cloudns subdomain (as they are in the Public Suffix List) and the zone activates if you add the 2 Cloudflare nameservers as NS records to the DNS, but Cloudns does not let you change the SOA (unless paying) so the domain doesn’t delegate properly.

You can delegate subdomains by adding the 2 Cloudflare NS records to the Cloudns DNS specifially for the subdomains as well but this won’t work for the apex.

In your case some weird stuff is happening, the A record seems to be delegated ok, but the TXT is not…

dig +trace +nodnssec test.adguard0808.cloudns.ph a

; <<>> DiG 9.10.6 <<>> +trace +nodnssec test.adguard0808.cloudns.ph a
;; global options: +cmd
.			517598	IN	NS	a.root-servers.net.
...
.			517598	IN	NS	m.root-servers.net.
;; Received 239 bytes from 127.0.2.2#53(127.0.2.2) in 1 ms

ph.			172800	IN	NS	1.ns.ph.
ph.			172800	IN	NS	ph.communitydns.net.
ph.			172800	IN	NS	ns2.cuhk.edu.hk.
ph.			172800	IN	NS	ns4.apnic.net.
;; Received 337 bytes from 198.97.190.53#53(h.root-servers.net) in 95 ms

cloudns.ph.		86400	IN	NS	ns42.cloudns.net.
cloudns.ph.		86400	IN	NS	ns43.cloudns.net.
cloudns.ph.		86400	IN	NS	ns44.cloudns.net.
cloudns.ph.		86400	IN	NS	ns41.cloudns.net.
;; Received 153 bytes from 206.51.255.1#53(1.ns.ph) in 14 ms

test.adguard0808.cloudns.ph. 3600 IN	A	35.212.140.137
adguard0808.cloudns.ph.	3600	IN	NS	wilson.ns.cloudflare.com.
adguard0808.cloudns.ph.	3600	IN	NS	leah.ns.cloudflare.com.
;; Received 129 bytes from 185.10.17.44#53(ns43.cloudns.net) in 26 ms


dig +trace +nodnssec test.adguard0808.cloudns.ph txt

; <<>> DiG 9.10.6 <<>> +trace +nodnssec test.adguard0808.cloudns.ph txt
;; global options: +cmd
.			517598	IN	NS	a.root-servers.net.
...
.			517598	IN	NS	m.root-servers.net.
;; Received 239 bytes from 127.0.2.2#53(127.0.2.2) in 0 ms

ph.			172800	IN	NS	ns2.cuhk.edu.hk.
ph.			172800	IN	NS	1.ns.ph.
ph.			172800	IN	NS	ns4.apnic.net.
ph.			172800	IN	NS	ph.communitydns.net.
;; Received 337 bytes from 198.41.0.4#53(a.root-servers.net) in 86 ms

cloudns.ph.		86400	IN	NS	ns41.cloudns.net.
cloudns.ph.		86400	IN	NS	ns42.cloudns.net.
cloudns.ph.		86400	IN	NS	ns43.cloudns.net.
cloudns.ph.		86400	IN	NS	ns44.cloudns.net.
;; Received 176 bytes from 2001:678:4::17#53(ph.communitydns.net) in 92 ms

adguard0808.cloudns.ph.	3600	IN	SOA	ns41.cloudns.net. support.cloudns.net. 2025021903 7200 1800 1209600 3600
;; Received 116 bytes from 2604:9a00:2100:b000:1::1#53(ns42.cloudns.net) in 99 ms

The record is in the Cloudflare DNS so looks like an issue on your Cloudns side…

dig +short test.adguard0808.cloudns.ph txt @leah.ns.cloudflare.com
"helloworld"

Do you have NS records for test pointing to the 2 Cloudflare nameservers in Cloudns?

Beyond that, as I said, probably better just to buy a cheap domain and use it in Cloudflare properly instead.

[add]
That said, I’ve set up the same in my test account and it’s working ok…

dig +trace +nodnssec test.sjr.cloudns.ch a

; <<>> DiG 9.10.6 <<>> +trace +nodnssec test.sjr.cloudns.ch a
;; global options: +cmd
.			514654	IN	NS	a.root-servers.net.
...
.			514654	IN	NS	m.root-servers.net.
;; Received 239 bytes from 127.0.2.2#53(127.0.2.2) in 0 ms

ch.			172800	IN	NS	b.nic.ch.
ch.			172800	IN	NS	e.nic.ch.
ch.			172800	IN	NS	a.nic.ch.
ch.			172800	IN	NS	d.nic.ch.
ch.			172800	IN	NS	f.nic.ch.
;; Received 352 bytes from 198.41.0.4#53(a.root-servers.net) in 98 ms

cloudns.ch.		3600	IN	NS	ns51.cloudns.net.
cloudns.ch.		3600	IN	NS	ns52.cloudns.net.
cloudns.ch.		3600	IN	NS	ns53.cloudns.net.
cloudns.ch.		3600	IN	NS	ns54.cloudns.net.
;; Received 135 bytes from 194.0.25.39#53(d.nic.ch) in 14 ms

test.sjr.cloudns.ch.	3600	IN	NS	carrera.ns.cloudflare.com.
test.sjr.cloudns.ch.	3600	IN	NS	dave.ns.cloudflare.com.
;; Received 106 bytes from 2a00:1768:1001:9::115#53(ns51.cloudns.net) in 41 ms

test.sjr.cloudns.ch.	300	IN	A	192.0.2.1
;; Received 64 bytes from 2606:4700:58::adf5:3b6d#53(dave.ns.cloudflare.com) in 16 ms


dig +trace +nodnssec test.sjr.cloudns.ch txt

; <<>> DiG 9.10.6 <<>> +trace +nodnssec test.sjr.cloudns.ch txt
;; global options: +cmd
.			514654	IN	NS	a.root-servers.net.
...
.			514654	IN	NS	m.root-servers.net.
;; Received 239 bytes from 127.0.2.2#53(127.0.2.2) in 0 ms

ch.			172800	IN	NS	a.nic.ch.
ch.			172800	IN	NS	b.nic.ch.
ch.			172800	IN	NS	d.nic.ch.
ch.			172800	IN	NS	e.nic.ch.
ch.			172800	IN	NS	f.nic.ch.
;; Received 352 bytes from 2001:7fd::1#53(k.root-servers.net) in 124 ms

cloudns.ch.		3600	IN	NS	ns54.cloudns.net.
cloudns.ch.		3600	IN	NS	ns53.cloudns.net.
cloudns.ch.		3600	IN	NS	ns51.cloudns.net.
cloudns.ch.		3600	IN	NS	ns52.cloudns.net.
;; Received 145 bytes from 194.146.106.10#53(f.nic.ch) in 28 ms

test.sjr.cloudns.ch.	3600	IN	NS	carrera.ns.cloudflare.com.
test.sjr.cloudns.ch.	3600	IN	NS	dave.ns.cloudflare.com.
;; Received 106 bytes from 2a01:4ff:f0:94c0::1#53(ns52.cloudns.net) in 93 ms

test.sjr.cloudns.ch.	300	IN	TXT	"hello world"
;; Received 72 bytes from 172.64.33.109#53(dave.ns.cloudflare.com) in 16 ms
6

Thanks for the help. This is my cloudns dashboard. there isnt a NS record for test.adguard0808.cloudns.ph. Should i add a NS record pointing to cloudflare for *.adguard0808.cloudns.ph?

image
image1680×533 45.5 KB

7

I don’t think wildcard NS records are recommended. While it may work, it may not work in all cases. Better to add the pair of NS records for each subdomain you are wanting to delegate.

8

Sorry for keep asking questions, does that mean adding a NS record for _acme-challenge.adguard0808.cloudns.ph?

9

Yes, if you want it to resolve in the Cloudflare DNS. But why not just add the TXT record for _acme-challenge to the Cloudns DNS instead? It’s only worth delegating subdomains to Cloudflare that you want Cloudflare to protect the traffic for. For other subdomains you are just making extra work for yourself by adding a hop in the DNS request.

10

Because Cloudns doesnt support certbot auto renewal at the free plan. Sorry for being cheap

11

I’m not familiar with their hosting, but _acme-challenge is just a DNS record. I can set it in the Cloudns DNS no problem…

dig +short _acme-challenge.sjr.cloudns.ch txt
"this is the challenge"
12

There will never be a problem if the TXT record is added manually. the problem is i want to renew the ssl cert by cloudns api, but the api is restricted to the paid plan

13

OK, if it works for you. Sometimes “free” costs more in time than it is worth.

1 Like
14

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.