Conflicting c name and a record on Railway. How do we change the a record on railway?
There's an issue with our site where many users who log onto our site get a connection refused/connection timed out error. It depends on the wifi they are using. The issue is a conflicting c name and a record on railway.
Solution:Jump to solution
there's not much we can help with here as this is not a platform issue but an issue with networking on your side, as previously mentioned, the domain works for me without issue
45 Replies
Project ID:
ac011158-e161-4174-a7ac-1559242b4b5bac011158-e161-4174-a7ac-1559242b4b5b
Would you mind sharing a screenshot of your DNS configuration?
Any update here?
the domain works fine for me
On some networks it doesn't connect properly. It's only for this domain (aibverify.com), we tried it on other domains and it works fine. Conversations with godaddy and Coudflare support told us that the issue is conficting c name and a name records on railway.
below are the errors, let me know if I can clarify anything:
curl -v https://aibverify.com/
Trying 2606:4700:3033::ac43:dd2f:443...
Connected to aibverify.com (2606:4700:3033::ac43:dd2f) port 443 (#0)
ALPN, offering h2
ALPN, offering http/1.1
successfully set certificate verify locations:
CAfile: /etc/ssl/cert.pem
CApath: none
(304) (OUT), TLS handshake, Client hello (1):
error:1404B42E:SSL routines:ST_CONNECT:tlsv1 alert protocol version
Closing connection 0
curl: (35) error:1404B42E:SSL routines:ST_CONNECT:tlsv1 alert protocol version
openssl s_client -connect aibverify.com:443 -servername aibverify.com
CONNECTED(00000005)
4565309100:error:1400410B:SSL routines:CONNECT_CR_SRVR_HELLO:wrong version number:/AppleInternal/Library/BuildRoots/a0876c02-1788-11ed-b9c4-96898e02b808/Library/Caches/com.apple.xbs/Sources/libressl/libressl-2.8/ssl/ssl_pkt.c:386:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 5 bytes and written 0 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Start Time: 1731787001
Timeout : 7200 (sec)
Verify return code: 0 (ok)
AIB
A platform.
Hello, just wanted to follow up for anyone that can help, thank you.
Solution
there's not much we can help with here as this is not a platform issue but an issue with networking on your side, as previously mentioned, the domain works for me without issue
@Fragly - does it work for you? https://aibverify.com/
yes, works fine for me
Would you be able to help change the a name? I've contacted ISPs, Cloudflare, Go daddy. They've all said its a conflicting c name and a record, and I need to switch the a name
you should not be using an A type to begin with, you need to only be using a CNAME, the cname you where given when you added the domain to railway
This is what I thought as well, but I was told otherwise. It doesn't let me add the a name to cloudflare to begin with, but they said it's because it is misconfigured. Have you ever worked with someone who has had a similar error, where they are unable to access a website through certain Wifis (ISPs) and have been through other?
Thank you for your help. Railway support has been the most repsonsive as opposed to other parties I've been corresponding with.
show me a screenshot of your current dns settings in cloudflare please
Absolutely:
is that the entire list?
Yes
show me the domains in your railway service please
Absolutely:
all looks good to me, there are no issues there, and there are no A types at the root
if the domain doesnt work, than its something to do with the ISP, and theres nothing railway, cloudflare, hostinger, etc can do about that
So we tested that out as well - we changed the domain name to "dealerhedge.com" - all other settings were kept the exact same, and it worked
All the people that were running into the issue likely because of the ISP before, were able to access the same site via dealerhedge.com, but when we switched back to aibverify.com - it stopped working
This is why it's a very confusing error for us
im sorry, i'd love to help, but that is beyond our control
theres no issues on the railway or cloudflare side of things
I understand thank you anyway. Do you know of anybody else we can contact to fix this issue? We've contacted cloudflare, go daddy, and you guys at Railway
your ISP, since this is not an issue with any of the platforms you just mentioned
But it sadly doesn't work on various ISP's not a singular one
Contact all of them?
may i ask where you are located?
NYC, my team is located in Austin, and LA. It works when we switch to mobile data, but doesn't when we use Spectrum/verizon
are you using the default isp dns?
Yep
try not doing that
We can switch our Dns's but will that solve our issue? If we switch our dns's and it works for the three of us, it won't solve the issue for other users who try to log into our website but have the default ISP dns's (exhibit A: my parents, who are in California, have tried to log in and it doesn't work for them, and they don't know what a DNS even is - they will also tell me it's "too complex" if i try to explain it to them)
its a test, while it doesnt fix the issue, it helps you understand the problem
Ok I will test and report back - thanks Brody
can you also define "doesnt work"
This is the error msg
We've checked, and even changed SSL certificate on cloudflare with no luck
It's also a different host of error msges, my team gets this, while I get the above:
hey, could you maybe try disabling Cloudflare's protection? maybe that will narrow down the cause
Totally, we did try that initially, but it's been a while and can try it again
yep, try that, wait a while for the dns cache to go away
do you have Universal SSL enabled?
and then do a curl
Yes Universal
