Website Down - DNS Mismatch


#1

Hi! We have received a call from a client today to say their website is down: redbearsports.co.uk

This website has been on our CloudFlare account for a number of months now with no issue. He has been told the DNS records are not correct. Upon checking our account, they are exactly what they should be. Upon checking the Whois records they are different and do not match our records.

I have also checked that the domain name hasn’t expired but it is up for renewal in 2019.

What could be the issue?


#2

Have their IP addresses on the host web server changed?

You said there’s a WHOIS mismatch. You mean for the name servers? WHOIS is showing jamie and rocky. That’s not what’s assigned to that domain at Cloudflare?


#3

Thanks for your response :slight_smile: We have spoken to EKM (they are the ecommerce and hosting provider), they say the www and non-www records should be pointing to 85.159.56.225 . Having checked our Cloud Flare account, this is correct and has been so for many months.

However if we check the whois records, the www and non-www records are pointing to 104.31.78.52. This is incorrect, where is this IP address coming from?


#4

The IP is Cloudflare’s. It’s normal behavior for any website protected by Cloudflare and it should not cause any issue in standard operations.

EDIT: if you really need those records to point directly to the origin (thus losing all security, performance and caching benefits of Cloudflare for those subdomains) you need to change them to :grey: in the dashboard.


#5

(Same as what @matteo said) When you enable Cloudflare and the DNS records are :orange:, Cloudflare acts as the IP address shown in the DNS and will proxy all traffic to your origin server. This shouldn’t affect whether or not your website is up.

If I change my hosts file to bypass Cloudflare to that IP you gave, it does the same thing as before I did the bypass, redirects to ekmholdingdomain.com.


#6

Thank you for your response. What would be causing the whois record to showing a different IP address to the one we have recorded with CloudFlare?


#7

This appears to be a problem with EKM. Provide them the following output which will demonstrate clearly it is an issue with the origin server:

curl -Ik --resolve  redbearsports.co.uk:443:85.159.56.225 https://redbearsports.co.uk
HTTP/1.1 302 Object moved
Cache-Control: private
Content-Length: 152
Content-Type: text/html
Location: http://www.ekmholdingdomain.com
Server: Microsoft-IIS/8.0
Set-Cookie: ekmpowershop=; expires=Fri, 14-Sep-2018 16:43:28 GMT; path=/
Set-Cookie: ASPSESSIONIDCESDCADR=CAMBNPCABDOFHFLFKCPEHOPN; secure; path=/
X-Powered-By: ASP.NET
Date: Wed, 12 Sep 2018 16:43:28 GMT

#8

Thank you so much for all your help. My client has been super understanding, very peculiar issue. I am glad it is nothing our end. Good job :slight_smile: