Whois.com registration issue

Have a problem with whois.com domain registration.

I registered a domain name with whois.com and received all the appropriate confirmations confirming it was mine. I set up the nameservers for Cloudflare an hour or so later.

Then the domain would not resolve to cloudflare for about a week.

I’m not sure you’re interpreting the results correctly… regardless you need to remove the non-cloudflare nameservers at the registrar leaving only the Cloudflare nameservers.

Domain Name: decisions.nz
Registrar URL: https://publicdomainregistry.com/
Updated Date: 2023-06-13T23:25:16Z
Creation Date: 2023-06-08T23:25:03Z
Original Created: 2014-12-10T11:20:38Z
Registrar: PDR Limited
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Name Server: curt.ns.cloudflare.com
Name Server: jo.ns.cloudflare.com
Name Server: ns3.whois.com
Name Server: ns4.whois.com
1 Like

This was registered by me and then I pointed to the nameservers to Cloudflare a few hours later. When I went to Cloudflare they did not pick up the nameserver transfer and still haven’t more than a week later. My Cloudflare account for this domain is still pending nameserver updating.

Whois.com told me I needed to enter 4 nameservers.

The address details for the whois request should be the data I gave whois.com

If you are using Cloudflare there are only two name servers, so you need to remove the ns?.whois.com name servers as @cscharff already mentioned.


Ok it’s resolved to Cloudflare nameservers now. The problem was entering 2 non Cloudflare nameservers as you said. Thanks guys.
Still begs the question though … Is it a case of first in first served?
If someone else had entered that domain into Cloudflare first, could they claim the domain after I had bought it and directed the nameservers to Cloudflare? But they beat me to the Cloudflare’s nameserver check?
It definitely seems possible.
It does indeed seem possible.

I believe you should adjust your posting title, as it obviously not warranted.

1 Like

Quite right, I’ve updated it

1 Like

Only if they also had the required access to change the nameservers with the registrar.

No I’m saying if I changed the registrar details to Cloudflare nameservers… But then left it for a bit … Meantime someone else on Cloudflare using the same nameservers claims the name. All cloudflare has to run with is the domain name pointing to their servers. They will give access to the first Cloudflare account doing that…

They would have to know what nameservers Cloudflare issued for the domain. These are only issue once you’ve begun the process of adding the domain to Cloudflare.

Yes but I have stated the nameserver name with the registrar, so anyone can see them including Cloudflare account holders

So you’re suggesting because the Cloudflare nameservers for your domain are listed above that someone else could change the namservers at the registrar for a domain you registered and have access to and ergo control the domain without authorisation?

No, I’ve now claimed this domain in cloudflare so it’s safe. However if I hadn’t yet claimed it but some Cloudflare account holder with the same nameservers as mine had noticed the domain had not been claimed they could indeed claim it because they were first to do so.

If they added the domain to Cloudflare, likely they would get issued different nameservers to those issued to you.


Yes that’s possible, I have no idea how many customers are on the same nameservers. What I’m saying though is that if they were on the same nameservers and they knew, they could do it.

Stop playing hypotheticals.

Your issue is resolved. Move on.

If you have another issue, open another thread.

Actually it’s a vulnerability issue don’t treat it lightly. My case might be ok but it might not have been . This is definitely a vulnerability in the process

Prove it.

1 Like

I have already done that mate. Read what I said and take it seriously. It’s not a Cloudflare vulnerability it’s the nameserver process for all registrars and it would apply to all registrations. To be absolutely safe a key should also be required as well as just providing nameservers.

There are 2550 possible combinations of Cloudflare nameservers. While they are often the same across domains in an account, they are actually issued to domain within the account. This means that if someone happened to have your domain in their Cloudflare account and it also happened to have the same nameserver combination that your other domains were using, you wild be given a different pair. The combination pushed into the root nameservers by the domain registrar is the one that Cloudflare will treat as authoritative.

1 Like