Sites down, Awaiting Netlify DNS

Support
42

Hi, @rbatista191. The error in this case is caused by this incorrect configuration in your screenshot.

To be clear, this is not a bug at Netlify nor a bug in Cloudflare. It is a bug in the configuration you made at Cloudflare. You caused the 522s.

Those are not IP addresses that Netlify is using. They likely were at one point but not anymore. You should never hard code an IP address Netlify uses into Cloudflare as those IP addresses can and will change without notice.

You should be connecting to your site’s subdomain at <site name here>.netlify.app and not to an IP address.

Now, Cloudflare does require an IPv4 address for apex domains in which case you should use the load balancer IP address found in the external DNS documentation:

That IP address is quoted below:

If your DNS provider does not support ALIAS, ANAME, or flattened CNAME records, use this fallback option.

  1. Find your DNS provider’s DNS record settings for your apex domain, such as petsofnetlify.com.
  2. Add an A record. Depending on your provider, leave the host field empty or enter @.
  3. Point the record to Netlify’s load balancer IP address: 75.2.60.5 .

Actually, Cloudflare does allow you to set a CNAME on the apex when proxying. So you should use the <site name here>.netlify.app CNAME target for the apex as well.

So, in your case, @rbatista191, the root cause was not Netlify and not Cloudflare. The root cause was you not configuring the proxying at Cloudflare correctly.

I am guessing that may others here have done the same thing (hard coding IP addresses guaranteed to change over time instead of using the equivalent of the external DNS instructions at Cloudflare).

EDIT: Recommending the CNAME for the apex as well.

1 Like
44

Thanks for this reply, it is fixed now.
Not sure exactly where I took this configuration from, but indeed I may not have been the only one.

45

I think this config is autopopulated by Cloudflare? Not 100% sure though. I will take a look at mine later and see if this also works for me

46

Hi Sid. My website was also showing error 522. I tried to ping “xx.nsone.net” from my own PC and got no response. I unchecked the proxy usage on Cloudflare and still got no response. I then decided to temporarily return to my default registration (Registro.br in Brazil) and my access to my website is now back to normal.

47

Here are my records. on cloudflare and netlify. I believe i set up this way because cname didnt work.

Screenshot 2024-10-31 at 11.06.03 AM
Screenshot 2024-10-31 at 11.06.03 AM2272×1011 176 KB

Screenshot 2024-10-31 at 11.01.12 AM
Screenshot 2024-10-31 at 11.01.12 AM2241×1020 258 KB

48

In order to solve this issue, you’ll need to update your DNS records as Luke suggested above. You should use the <site name here>.netlify.app CNAME target when configuring DNS.

49

I’d recommend following the advice provided by Luke earlier in this thread

51

Like this?

IMG_7534
IMG_75341242×2688 245 KB

52

For some reason it’s not working still.

53

The DNS zone for josephdumke.com at Netlify should be deleted because the domain is not using Netlify DNS so the DNS zone at Netlify is inactive. Inactive DNS zones are neither supported nor recommended as covered here:

For some reason, Cloudflare is not returning any DNS records for the domain josephdumke.com (or www.josephdumke.com). However, I cannot see the Cloudflare configuration to determine why that is so.

Here is a recursive DNS lookup for josephdumke.com (and please note dig +trace output is invaluable when troubleshooting DNS issues):

$ dig +trace josephdumke.com A

; <<>> DiG 9.20.2 <<>> +trace josephdumke.com A
;; global options: +cmd
.			87203	IN	NS	m.root-servers.net.
.			87203	IN	NS	d.root-servers.net.
.			87203	IN	NS	h.root-servers.net.
.			87203	IN	NS	j.root-servers.net.
.			87203	IN	NS	i.root-servers.net.
.			87203	IN	NS	l.root-servers.net.
.			87203	IN	NS	a.root-servers.net.
.			87203	IN	NS	c.root-servers.net.
.			87203	IN	NS	b.root-servers.net.
.			87203	IN	NS	k.root-servers.net.
.			87203	IN	NS	f.root-servers.net.
.			87203	IN	NS	e.root-servers.net.
.			87203	IN	NS	g.root-servers.net.
.			87203	IN	RRSIG	NS 8 0 518400 20241113170000 20241031160000 61050 . S5pijJpAcJYG3+WIYebXI8UHU7/8MDT2fhUZPu5T3DDd78fH9a6ichvL CorRzXTPv9c+wbQSIFM+Xb6EIcA4bqrbxbQqz9GflewsIa56hIhxqb3m tPkYQfwPCLY518kiZ9OTIUImqZ9m/I6jLVKrtsmTFD6jlNcV28a/oUOo 3rPWtNDXed5BCjatCsi/yg588J0zenG6rTE8trm+UVKLpiqST/o/pKli 7wTx0C41IZdIST4rhiuyDSSzUChdxjkTcH/8WfeXKOphsh3A/cAnBKZy JdwEDtxVNFAzFa/R1WprPEVgheKBQZIi7pPUa0d4Z6G3WzVSxK0BRxY6 MEAq0w==
;; Received 525 bytes from 8.8.8.8#53(8.8.8.8) in 30 ms

com.			172800	IN	NS	g.gtld-servers.net.
com.			172800	IN	NS	h.gtld-servers.net.
com.			172800	IN	NS	b.gtld-servers.net.
com.			172800	IN	NS	l.gtld-servers.net.
com.			172800	IN	NS	c.gtld-servers.net.
com.			172800	IN	NS	d.gtld-servers.net.
com.			172800	IN	NS	j.gtld-servers.net.
com.			172800	IN	NS	e.gtld-servers.net.
com.			172800	IN	NS	f.gtld-servers.net.
com.			172800	IN	NS	i.gtld-servers.net.
com.			172800	IN	NS	k.gtld-servers.net.
com.			172800	IN	NS	a.gtld-servers.net.
com.			172800	IN	NS	m.gtld-servers.net.
com.			86400	IN	DS	19718 13 2 8ACBB0CD28F41250A80A491389424D341522D946B0DA0C0291F2D3D7 71D7805A
com.			86400	IN	RRSIG	DS 8 1 86400 20241113170000 20241031160000 61050 . mRj9l6Xf3a0fx1R0RnAfMzy4ymu95VpVcLvMfbA006on5PzkIJKRVC4w qDScV8eIDF1SdhuARDTKLPk7e+kgWYa76xtUkiDEUaXYC/F3qHTKO9rU yo+zGRQSE7NCloBO76VCgtDhBS1gz0L3M2oYVxShOO947odr9uZBqfW0 PaW9pmQHAGrp1/HWvHDOZwDhOI5tjXgjz4ISIWMKpDCcj6DStSr4WQ85 9i2PjFd3RmIcCx3KqtnJO7CGBcBSD07aqR3/HLoFPIu24WuIUekJwZfG s10AxohnbwGVugPWdhvQmRckA+RQUl/3Q8kMv4x5XCZ4e7F3KpFrt0L4 9uybzQ==
;; Received 1203 bytes from 192.36.148.17#53(i.root-servers.net) in 89 ms

josephdumke.com.	172800	IN	NS	boyd.ns.cloudflare.com.
josephdumke.com.	172800	IN	NS	penny.ns.cloudflare.com.
CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 900 IN NSEC3 1 1 0 - CK0Q3UDG8CEKKAE7RUKPGCT1DVSSH8LL NS SOA RRSIG DNSKEY NSEC3PARAM
CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 900 IN RRSIG NSEC3 13 2 900 20241104002556 20241027231556 29942 com. 91X1yPcVakmmDBB4610js+PlS6tsWXkckWFbTVELLHTxMPp59zhHBr4l tmpQNcq+1jif9HVX3wzuMqzt562zlw==
K1SB46K1ROC96GVI4T67R5I2Q7CNGNA9.com. 900 IN NSEC3 1 1 0 - K1SBPLNKM4C5Q9FDB44ON0UBJI537EG0 NS DS RRSIG
K1SB46K1ROC96GVI4T67R5I2Q7CNGNA9.com. 900 IN RRSIG NSEC3 13 2 900 20241107021638 20241031010638 29942 com. xXGgROLzoxbJiQnElyCBW3njKwV7gp+1DP0yq1zM6MBmmIj2JOOiql47 3iEcx4g6c86QJIj3xepwsctc37Z/NQ==
;; Received 718 bytes from 2001:503:83eb::30#53(c.gtld-servers.net) in 86 ms

josephdumke.com.	1800	IN	SOA	boyd.ns.cloudflare.com. dns.cloudflare.com. 2355887072 10000 2400 604800 1800
;; Received 103 bytes from 2803:f800:50::6ca2:c14b#53(boyd.ns.cloudflare.com) in 20 ms

I requested the A record for josephdumke.com above but the Cloudflare name server (boyd.ns.cloudflare.com) returned an SOA type record instead. Returning SOA records is default behavior when a name server does not have the record being requested. The name server cannot return the requested record and it sends an SOA type record instead.

To summarize, there is still some DNS issue at Cloudflare for the domain josephdumke.com. I cannot see what the reason for that is, but the Cloudflare DNS is not working for this domain currently.

I think what happened here is that the Cloudflare UI “wizard” auto-detected the IP addresses that were being by the domains at the time and then hardcoded the IP addresses into the config at Cloudflare. However, that is always wrong for sites hosted at Netlify. Cloudflare should always use the CNAME target of <site name here>.netlify.app and never a hard coded IP address when the site Cloudflare proxies to is hosted at Netlify. Some people may have manually hardcoded the IP addresses but most people probably got into this incorrectly configured state via the UI wizard.

54

@ciro-mota, we need to know the exact domain name which is impacted and you have not shared that information with us.

What domain name is not working?

55

What do you recommend me doing? Should i delete everytiing on both sides and start over?

56

I do not think you need to delete and start over but I also cannot see the configuration to see what the issue is.

Here is an example of an apex and www subdomain configured correctly:

image
image1465×472 78.5 KB

Both apex and www are configured to proxy to site-name.netlify.app via CNAME records. That is a working proxy configuration above.

Have you tried doing something similar with your domain at Cloudflare? If so, would you be willing to please share a screenshot of the settings here?

1 Like
58

here is both

Screenshot 2024-10-31 at 3.08.05 PM
Screenshot 2024-10-31 at 3.08.05 PM1920×1200 123 KB

59

wanted to say happy halloween to everyone and thank you for helping and its up and running! I have the values in backwards.

60

Glad to learn it is working now, @Josephadam. Happy Halloween to you as well! :ghost: :smiley:

61

That’s sorted it for me as well. Thank you to everyone in this post.

And I really appreciate the Netlify peeps helping here even though this wasn’t anything to do with you guys.

Have a good one :+1:

1 Like
62

Hi Luke. As I mentioned, my site is now working after switching back to my default registrar (Registro.br in Brazil). I haven’t been able to switch back to Cloudflare and test it yet.

Anyway, the domain is “ciromota.tec.br”.

63

I had the same 522 problem, and the same DNS set up as rbatista191 so I think putting in Netlify IPs is something Cloudfare is/was doing automatically in the past - or maybe it was suggested in a legacy setup article?

Either way, the solution for me was the same - remove the DNS records pointing to IP addresses and replace them with CNAME records pointing to my netlify app url.
Thanks @luke :slight_smile:

64

Cloudflare have CNAME flattening:
https://developers.cloudflare.com/dns/cname-flattening/

1 Like