CNAME Authentication fails

Hi everyone, I’m having an issue with DNS records in Cloudflare. It's been 48 hours since I updated my DNS records in Cloudflare. I still see it's not reflecting while i am doing DNS lookup. Could anyone provide some guidance on what steps I should take next or if there's something I might be missing? Your help would be greatly appreciated! Thank you!
25 Replies
Chaika
Chaika6mo ago
What are you seeing, and what's your domain?
Saran Ravindran
Saran RavindranOP5mo ago
I've updated my DNS records and still my CNAME records are not propogating
Chaika
Chaika5mo ago
well what's the record(s) you've added and how are you checking for them?
Saran Ravindran
Saran RavindranOP5mo ago
I've added the records that are mentioned here - https://app.prowly.com/app/106383/config/settings/domains/4434 to authenticate the domain. Also, I did DNS lookup to check them.
Chaika
Chaika5mo ago
that's behind auth what's the domain and the records they want you to add?
Saran Ravindran
Saran RavindranOP5mo ago
they wants me to add the CNAME records mentioned here to authenticate the domain, Even after adding this I couldn't able to see my records propogating
Chaika
Chaika5mo ago
That page is behind a login. I cannot see it, idk which ones you are referring to The most common mistake is you added the records with Proxy enabled but if they are looking to verify them, they'll likely need to be DNS only/gray clouded
Saran Ravindran
Saran RavindranOP5mo ago
It's grayed only. not proxied
Chaika
Chaika5mo ago
can you give an example of one of the CNAMEs they want you to add
Saran Ravindran
Saran RavindranOP5mo ago
Here is the records they want to add;
Chaika
Chaika5mo ago
which ones do you think don't exist? Most seem fine
chaik@ash:~$ dig sexualalpha.com txt +short "prowly-verification=16b8f962dd670980172e79bdab30d4e5c39af84ebd4a1d1106fb4af31507614c" "v=spf1 include:_spf.google.com ~all" chaik@ash:~$ dig txt pr-mail.sexualalpha.com +short "v=spf1 include:amazonses.com ~all" chaik@ash:~$ dig hky4oxogrhqt67ecqbbtrc5qn7jpvf2s._domainkey.sexualalpha.com cname +short hky4oxogrhqt67ecqbbtrc5qn7jpvf2s.dkim.amazonses.com.
Saran Ravindran
Saran RavindranOP5mo ago
Here is my DNS records;
Chaika
Chaika5mo ago
might want to be careful about leaking your dev subdomain's origin ip it looks like the ymjiq one is wrong or I can't type it right, also a possibility lol, hard to get right from a screenshot you tried looking up them all and can't see any.. or?
Saran Ravindran
Saran RavindranOP5mo ago
I just made a DNS lookup here and records are not propogating properly - https://dnschecker.org/all-dns-records-of-domain.php?query=sexualalpha.com&rtype=ALL&dns=google
DNS Checker
DNS Lookup - Check All DNS Records for Any Domain
Our DNS Lookup tool directly queries the domain's authoritative name server. It let you check all DNS records of a domain. Enter domain, and get results.
Chaika
Chaika5mo ago
what are you expecting to see there? all you added on the root/apex is the TXT, so that's all you'll see
Chaika
Chaika5mo ago
DNS Checker
DNS Lookup - Check All DNS Records for Any Domain
Our DNS Lookup tool directly queries the domain's authoritative name server. It let you check all DNS records of a domain. Enter domain, and get results.
Saran Ravindran
Saran RavindranOP5mo ago
Will the CNAME records won't be there? And still my domain authentication with 3rd party tools is under pending even after adding the records they suggested.
Chaika
Chaika5mo ago
You're looking up only records on your apex/root, the CNAMEs don't exist on that label so they won't be there, you'll only see them if you lookup the exact subdomain (see my example) check all of the cnames and records the way I showed, I only checked one of the CNAMEs because hard to transcribe from the screenshot, and then see. Or ask them for which one it's failing on exactly
Saran Ravindran
Saran RavindranOP5mo ago
Cool, thanks.
But I have a doubt here; what if we have the emails that will be actually sent through naked domain ([email protected] not [email protected]) And some platforms (even have automated verifier systems, which will automatically only check the main domain not subdomain) unlike manual verification.
Chaika
Chaika5mo ago
you deleted the screenshot now but the way that setup looked like was that all mail would come out of pr-mail
Saran Ravindran
Saran RavindranOP5mo ago
you mean this record
Chaika
Chaika5mo ago
and the txt spf record authorizing it to send mail out of it I would assume then all mail should be coming out of that subdomain
Saran Ravindran
Saran RavindranOP5mo ago
cool, got it. thank you so much. So based on the conversation with you I could understand we need to do separate lookup for each and yes in each lookup the records are appearing so that means there is no issue with cloudfare, right? if authentication fails then we need to talk to the specific 3rd party provider to understand what's the issues, right?
Chaika
Chaika5mo ago
no issues with Cloudflare updating dns records yea would have to double check all the records and ask them
Saran Ravindran
Saran RavindranOP5mo ago
Thank you so much @Chaika
Want results from more Discord servers?
Add your server