Pending site nameservers delay
Hello, I'm attempting to transfer my domain to Cloudflare, but the site appears to be stuck waiting for the nameservers to update. I understand DNS propagation can take a while, but the updated values have been appearing on 1.1.1.1 and 8.8.8.8 for a few hours now
19 Replies
what's the domain?
unweb.io
You changed your nameservers at your DNS, but not at your registrar
chaik@ash:~$ whois unweb.io Domain Name: unweb.io Registry Domain ID: 7060b5ae782e48faafafa825530c0aa3-DONUTS Registrar WHOIS Server: whois.gandi.net Registrar URL: https://www.gandi.net ... Name Server: ns-1101.awsdns-09.org Name Server: ns-60.awsdns-07.com Name Server: ns-880.awsdns-46.net Name Server: ns-1996.awsdns-57.co.uk DNSSEC: unsignedYou need to change them at your registrar, who appears to be Gandi
oh ok, its currently hosted on aws and I changed the NS record in the hosted zone. let me see how I get that to propagate to the registrar
thanks for taking a look 🙌
yea that doesn't work as otherwise that'd be a horizontal referral which isn't allowed, ex: .net tld -> unweb.io aws -> unweb.io cf, you're going horizontally rather then down further, also would be relying on aws to answer all the queries to refer and such
https://docs.gandi.net/en/domain_names/common_operations/changing_nameservers.html?highlight=nameservers
ok i found the spot where I should have changed the values in Route 53, it does make me wonder though why there would be DNS NS records, if the source of truth is the whois ?
2 reasons
1: You might have more then just AWS responsible for your nameservers. For example, just for fun/extra redundancy, I have a setup where I have AWS + GCloud + Azure as DNS for a domain. Resolvers will retry a fair bit, and chances are at least one of the major clouds will be alive lol. So I put all my ns records there.
2. You can delegate subdomains to another nameservers, that is allowed as per dns spec. To do that with Cloudflare (delegate just a subdomain to them via ns records), you'd need Enterprise
ah okay, so in your whois info you have multi-cloud nservers. out of curiousity, where is that set of nservers stored & what happens if that service goes down?
are you asking who serves clients the list of nameservers to try? It's the TLD's nameservers they operate
my example is with a
me domain, you can do dig me ns and you get the list of responsible nameservers:
;; ANSWER SECTION: me. 3600 IN NS a0.nic.me. me. 3600 IN NS a2.nic.me. me. 3600 IN NS b0.nic.me. me. 3600 IN NS b2.nic.me. me. 3600 IN NS c0.nic.me.
just to check - the list of nameservers stored at your registrar are different from DNS NS records right? (presumably stored with your DNS provider)
the same, although only the registrar's ones matter (..mostly)
When you use 1.1.1.1 or 8.8.8.8 to resolve a domain's nameservers, they are recursive resolvers, so they recurse all the way to the bottom. Hence why you saw your nameservers as being right, they were asking AWS for the nameservers of that domain
But only what you set at your registrar for your domain really matters, as they are the ones who get pushed up to the TLD, and what the TLD serves to requests ".me tells me to query xxxx for an answer"
(TLD meaning top level domain, the domain extension (com/net/org/me/etc), in case you don't know, realized I was throwing acronyms at you)
dns is just a big tree/hierachy, only what you set at your registrar gets pushed up the tree
ah okay, ive also been trying to hash this out with chatgpt just now and i might be beyond help haha
would it be fair to say registration info is pushed out to the network (aka up the tree), while DNS records are pulled (with ttl cache)?
depends on your point of view. Really what's happening is just that your registrar is calling the TLD's internal apis to update that information, which eventually gets to their dns systems/databases, and then their dns servers start serving those updated records. Just like how you update dns records in AWS and clients eventually start seeing them. The only major difference is that nameservers for a domain are usually cached for 12 hours - a day or so (depends on TLD), and some TLDs are just slow to update
oh ok, i think that makes sense. thanks for all the info 🙂
I swear some of these country owned TLDs (ccTLDs) like me/ms just use ftp and cron jobs every few hours to sync all the records lol
so slow
to be fair though the main thing that matters to them is just uptime/redundancy and speed
lots of slow steps in the process (eg. going to take at least 5 days to transfer my squarespace domains to cloudflare). but i guess that also helps a lot with security
transfers take 5 days only if your registrar doesn't support approving them (it's the automatic unlock period)
you can do transfers in like 30 mins otherwise, depends on the tld a bit (some tlds have special requirements), but at least for com/net and stuff
thats true, once i changed the nameservers in the right place in AWS route 53 it only took max 10 more minutes to complete the transfer to cloudflare
usually you get an email like "are you trying to transfer to xxx, click here to approve this now or we will automatically allow it in 5 days"
that's if you mean the actual domain registration, dns itself can take a bit for propagation and such, and if you were just doing dns there's no approval or anything of course