CNAME Authentication fails
Hi everyone,
I’m having an issue with DNS records in Cloudflare. It's been 48 hours since I updated my DNS records in Cloudflare. I still see it's not reflecting while i am doing DNS lookup.
Could anyone provide some guidance on what steps I should take next or if there's something I might be missing? Your help would be greatly appreciated!
Thank you!
25 Replies
What are you seeing, and what's your domain?
I've updated my DNS records and still my CNAME records are not propogating
well what's the record(s) you've added and how are you checking for them?
I've added the records that are mentioned here - https://app.prowly.com/app/106383/config/settings/domains/4434 to authenticate the domain.
Also, I did DNS lookup to check them.
that's behind auth
what's the domain and the records they want you to add?
they wants me to add the CNAME records mentioned here to authenticate the domain,
Even after adding this I couldn't able to see my records propogating
That page is behind a login. I cannot see it, idk which ones you are referring to
The most common mistake is you added the records with Proxy enabled but if they are looking to verify them, they'll likely need to be DNS only/gray clouded
It's grayed only.
not proxied
can you give an example of one of the CNAMEs they want you to add
Here is the records they want to add;
which ones do you think don't exist? Most seem fine
chaik@ash:~$ dig sexualalpha.com txt +short "prowly-verification=16b8f962dd670980172e79bdab30d4e5c39af84ebd4a1d1106fb4af31507614c" "v=spf1 include:_spf.google.com ~all" chaik@ash:~$ dig txt pr-mail.sexualalpha.com +short "v=spf1 include:amazonses.com ~all" chaik@ash:~$ dig hky4oxogrhqt67ecqbbtrc5qn7jpvf2s._domainkey.sexualalpha.com cname +short hky4oxogrhqt67ecqbbtrc5qn7jpvf2s.dkim.amazonses.com.
Here is my DNS records;
might want to be careful about leaking your dev subdomain's origin ip
it looks like the
ymjiq one is wrong
or I can't type it right, also a possibility lol, hard to get right from a screenshot
you tried looking up them all and can't see any.. or?I just made a DNS lookup here and records are not propogating properly - https://dnschecker.org/all-dns-records-of-domain.php?query=sexualalpha.com&rtype=ALL&dns=google
DNS Checker
DNS Lookup - Check All DNS Records for Any Domain
Our DNS Lookup tool directly queries the domain's authoritative name server. It let you check all DNS records of a domain. Enter domain, and get results.
what are you expecting to see there?
all you added on the root/apex is the TXT, so that's all you'll see
you'd have to lookup each subdomain to see those cnames https://dnschecker.org/all-dns-records-of-domain.php?query=hky4oxogrhqt67ecqbbtrc5qn7jpvf2s._domainkey.sexualalpha.com&rtype=ALL&dns=google
DNS Checker
DNS Lookup - Check All DNS Records for Any Domain
Our DNS Lookup tool directly queries the domain's authoritative name server. It let you check all DNS records of a domain. Enter domain, and get results.
Will the CNAME records won't be there?
And still my domain authentication with 3rd party tools is under pending even after adding the records they suggested.
You're looking up only records on your apex/root, the CNAMEs don't exist on that label so they won't be there, you'll only see them if you lookup the exact subdomain (see my example)
check all of the cnames and records the way I showed, I only checked one of the CNAMEs because hard to transcribe from the screenshot, and then see. Or ask them for which one it's failing on exactly
Cool, thanks.
But I have a doubt here; what if we have the emails that will be actually sent through naked domain ([email protected] not [email protected]) And some platforms (even have automated verifier systems, which will automatically only check the main domain not subdomain) unlike manual verification.
But I have a doubt here; what if we have the emails that will be actually sent through naked domain ([email protected] not [email protected]) And some platforms (even have automated verifier systems, which will automatically only check the main domain not subdomain) unlike manual verification.
you deleted the screenshot now but the way that setup looked like was that all mail would come out of pr-mail
you mean this record
and the txt spf record authorizing it to send mail out of it
I would assume then all mail should be coming out of that subdomain
cool, got it. thank you so much.
So based on the conversation with you I could understand we need to do separate lookup for each
and yes in each lookup the records are appearing
so that means there is no issue with cloudfare, right?
if authentication fails then we need to talk to the specific 3rd party provider to understand what's the issues, right?
no issues with Cloudflare updating dns records yea
would have to double check all the records and ask them
Thank you so much @Chaika