Website inaccessible - DNS PROBE FINISHED NXDOMAIN error

Website, Application, Performance DNS & Network
1

I set up a Clouflare account because my emails needed additional security to stop me getting mailer daemon messages whenever I emailed a gmail account.

It seems to be working perfectly, but I was still get warning messages on my Cloudflare dashboard, and also a warning that my domain would not resolve.

I wasn’t sure if this would affect my email security, so I thought I’d better add the additional DNS records (as best I could following tutorials, but unsure what I could use from the examples and what I needed to change (except example com))

It doesn’t seem to have affected my emails, but since I made those changes my website, which was fine until then, has been unaccessible.

I deleted the additional records and the page rules thinking that this would fix that error, but it’s still inaccessible days later.

Since I deleted the records, I’m getting an NXDOMAIN error, and looking at the page on here to fix it, I’m wondering if its something to do with nameservers?

Item 1 on that page is about getting the nameservers changed. When I was setting up my Cloudflare account I was told to change the nameservers - it told me the server names to be changed, belonging to my host, but to change them to by logging on to my domain registrar. The trouble is these are different providers. I can see where to make the changes on my registrar account, but the server names there are not the ones I’m being asked to change. And I can’t access DNS management on my host account, because the domain is not registered with them.

In the end, I found a page on Cloudflare to change server names. I just entered the new names onto the form (no mention of the old names) and that seemed to be accepted. As I said, the next day I got a notice on my account that Cloudflare was protecting me, gmails were no longer bouncing and my website was working fine.

Item 2 says to allow time, which I did, both after adding the first set of records, after which everything was fine, and again after adding, then deleting the second lot of records (2 DNS records plus a Page Rules record)

Item3 talks about a subdomain which I don’t think is applicable.
Item 4 talks about a domain not resolving, and I think is the same as one of the warning messages I got on the dashboard - at least a record with mydomain and an ip address was one of those that I added later then deleted.

Can anyone help me get my website back up and running again please?
Thank you,
Sharon

4

It is related to the deleted records in most case. Best I suggest is: check the following Tutorial that would point you to the right direction.

Alternatively, you can also share the domain here in Preformatted text so that community members may also help you.

1 Like
5

Thank you. That was the tutorial I was looking at, but I’m unsure if I have changed the nameservers correctly.

How can I post using pre-formatted text please?

Thank you,
Sharon

6

You can use the </> Preformatted text button in the text box menu. It may be under the :gear: gear icon if you are on a smaller screen.

You can also type `example.com ` and it will appear as example.com.

1 Like
7

Thank you. I can see that option. I tried including things like my domain name in my first post, but I kept getting errors because of it. I’ll try again using the preformatted text button.
Regards,
Sharon.

8

Cloudflare will only let me post 4 links in a text, so I’ll break my next post down into two.

Part 1:
These are the DNS records I first created, and which are working fine as far as I can tell - ie no mailer daemons from gmail and no issues with website.

An A record for ftp with ipv4 address 79.170.74.11 (provided by my host), with proxy

An A record for mail with ipv4 address 79.170.74.57 (provided by my host), with proxy

An MX - record for [Preformatted text](http://ravenfolk.org.uk) with mail server name [Preformatted text](http://mail57.extendcp.co.uk)provided by my host, - DNS only

cont…

9

Sorry it looks like I have to make this several posts.

Part 2:
A TXT - Dmarc record with following code provided by my host: v=DMARC1; p=none; rua=mailto:[email protected] - DNS only

cont…

10

Part 3:

A TXT - record for [Preformatted text](http://ravenfolk.org.uk), with following code provided by my host:- v=spf1 include:secureserver.net
exists:%{i}.mta.spf.extendcp.co.uk exists:%{i}.web.spf.extendcp.co.uk a:www.outitgoes.com –all - DNS only

I also changed the nameservers using a page on Cloudflare but I can’t find where that page is anymore.

I assumed that the records above and the way in which I changed the nameservers must have been OK because everything was working as I wanted. It was just that there were (and still are) two warnings on my dashboard and a note that my domain is unresolved

I can’t tell you what I had in the final two DNS records I added, or in the page rules because these have now been deleted, but I was feeling very out of my depth by then, and basicaly would have just used all the information in the tutorials, only replacing [Preformatted text](http://example.com) with my domain name.

The thing I am most uncertain about is whether I have changed the nameservers properly as I only used the Cloudflare page, and didn’t change anything on my host or my registrar accounts.

Thank you,
Sharon

11

Check the DNS app in your Cloudflare dashboard to see if your assinged nameservers are lewis and rose. Go here: https://dash.cloudflare.com/?to=/:account/:zone/dns/records

% dig ns ravenfolk.org.uk +short
lewis.ns.cloudflare.com.
rose.ns.cloudflare.com.

While you are in there you can add an A record for your apex name (that’s your domain name with no other name before it). You may also want one for www. If you don’t plan on having a website, you can skip both of those and ignore the notice about them in your Cloudflare dashboard.

You mentioned hostnames of mail and ftp. I do see those resolving to Cloudflare IPs. Neither of those will work with FTP or email protocols when set to :orange: proxied. If you plan on using them with services other than HTTP and HTTPS, you will need to set them to :grey: DNS Only.

You are going to need to work with someone to clan up your invalid SPF record. You can exaine it in the dmarcian SPF Surveyor to get more detail on its errors.

1 Like
13

The dashboard is now telling me to ensure my nameservers have been changed again. I finally found the page where I changed them the first time and it wasn’t a page on Cloudflare - it was with my registrar after all. Sorry about that confusion - I am really out of my depth here.

Having found that page again on my registrar’s website (LCN), the fields for the server names are blank. Whois still has lewis and rose so I’m not clear what is happening here. I’ve updated them again to lewis and rose on LCN so hopefully tomorrow that message on my dashboard will have gone away.

I have a very simple website which I want to keep so I think I do have to add those extra A records back in, but I’ll wait until tomorrow to see if my nameserver changes work this time.

Thank you for all your help so far. I will very likely need more help when it comes to creating those extra A records and a Page Rules record again.
Thank you again,
Regards,
Sharon

14

I have now changed the ftp and mail records to DNS only as you advise.

I clicked on the surveyor link and ran it on my domain and it came up with 3 errors
1 The record is present but is invalid
2. The record for [Preformatted text](ravenfolk.org.uk) contains invalid characters - only printable ASCII characters are allowed.
3. The record for [Preformatted text](ravenfolk.org.uk) has invalid syntax - no terms will be evaluated.

It then goes on to ignore all ip addresses.
The score at the bottom is 0/10 and 0 netblocks are authorised.

I don’t understand the output from the check, but is clear the text in the record is very wrong - yet it was given to me by my host! My host is Falcoda by the way, and I am planning to move this domain and another I have to another host when it comes up for renewal as I am no longer happy with their performance or customer service.

I found I needed extra security on my emails when when messages to gmail accounts were not getting through to recipients and I was getting maelor daemon bounces. I’m just a user, not a developer, and I’m wondering if every email user is having to delve so deeply into technical language like this? (sorry, desperation rant over :sob:)

Thank you,
Sharon

Regards,
Sharon

15

What nameserver names were assigned in your Cloudflare dashboard?

The ones who value their time have an IT support provider to handle these things. :wink:

You might direct your host to check your SPF record with the dmarcian SPF Surveyor and set of they can explain how to fix it.

What nameserver names were assigned in your Cloudflare dashboard?

16

The nameservers assigned by Cloudflare are [Preformatted text](lewis.ns.cloudflare.com) and [Preformatted text](rose.ns.cloudflare.com).

As to having an email support provider, I am not running a business, just a small local music club and festival, both run by volunteers. Unfortunately about half of them have gmail accounts and the run up to festival planning was a nightmare with my emails not getting through to half the people on the group email account and having to follow up with texts and phone calls. The website which is down is in respect of the club. I also have a seperate website, also hosted by Falcoda, for my family history, but I do not use emails on that domain. The websites have not had any issues until now and I cannot afford to pay for IT support for the emails on my ravenfolk domain. :slightly_frowning_face:

I will ask them to check the SPF record, though it took them 2 months to give me a response to my original emails about this issue. so fingers crossed. :crossed_fingers:

Thank you very much for your help though. You have given me som leads to follow and it is very much appreciated. I will let you know how I get on.
Many thanks,
Sharon

1 Like
17

With lewis and rose appearing in both your dashboard and your whois, that’s a solid confirmation that the correct account is active. You should not need to do anything with your nameservers at the registrar now.

As an IT consultant and service provider, I’m obviously biased in my opinion that anyone whose IT is operating anything important should have an arrangement with a dedicated IT service provider. While I am fan of paying for services outright as it keeps things more clear, perhaps you can see if anyone in your festival community might be willing to either donate some IT skills or trade them for event tickets or other consideration that you may find easier than cash payment.

I have two important suggestions concerning account security that will cost you nothing but your time and can save you lots of headache in the future.

  1. Be sure that your Cloudflare account is secured with two factor authentication and that you have safely and securely stored a set of backup codes.
  2. Do not share your account credentials with anyone. If you need someone to access your account to help you, invite their account to access yours.
1 Like
18

Thank you, I’ll do that.

I don’t think my nameservers have been set up properly. This is what I have on my dashboard page.

nameservers
nameservers1408×411 49.1 KB

The first time I set up the records, before adding those final two that brought my website down, I got a message to say Cloudflare was protecting my site.

If I delete my Cloudflare account, will it put everything back to how it was before I started? Then I can start again and try and get it right from the start.

Thank you,
Sharon

19

Your name servers have been correctly assigned at your registrar.

% whos ravenfolk.org.uk
...
    Name servers:
        lewis.ns.cloudflare.com
        rose.ns.cloudflare.com

Please do not do that.

Not only will it not do that, it makes things considerably more difficult for you and anyone trying to help you.

Did you ever add the required A records for your website? You typically would have one for the domain itself, entered with a name of @ and www is also quite common. I would expect them to use the same IP that you shared previously and used for you ftp hostname. Check the hosting details in your Falcoda account if you are uncertain.

20

Thank you for that. I certainly don’t want to make it worse.

I did try and add the 2 A records for my website, and the Page Rules record that the tutorial said I needed. That’s when the website became inaccessible and I deleted them.

I was planning to try and create them again tomorrow.
Regards,
Sharon

21

My website is back up and running!

I added those last two A records again, this time I dug deep into my original Falcoda documentation to find the correct ip address and use it for both the domain and www records. I didn’t add a Page Rules record, but my website is accessible again and it’s a great relief.

SPF Surveyor still says my SPF record is all wrong but I’ll have to wait for Falcoda to get back to me on that. I don’t know if it’s relevant my domian ip address is not amongst those in the long list of those ‘ignored’ by the surveyor. :woman_shrugging:

Many thanks for all your help, it really has been much appreciated.
Regards,
Sharon

2 Likes
22

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.