I got sick of jumping through hoops every 4 months having to turn off cloudflare so that AutoSSL can update my SSL certificates for my MX records. I always had to contact customer service at my web host to do it manually on their end and it took a lot of time out of at least 4 work days every season. Always at the worst possible day.

This time I just canceled the cloudflare service and went with the host's DNS service. I'm losing the country blocking (china, Russia, all the other bad actors) but I won't have to worry about the SSLs anymore.

For some reason the DNS records aren't propagating as they normally would. I've heard it can take 24-48 hours but I've never had it take longer than 15 minutes before.

So if you email me, it may just bounce back. If you have my number, feel free to text me.

Sorry, but the karma picker is also down.

If anyone wants to keep an eye on it, try https://imaginekitty.com/karma.php

This message has been edited. Last edited by: mark123,

quote:

Originally posted by mark123:

For some reason the DNS records aren't propagating as they normally would. I've heard it can take 24-48 hours but I've never had it take longer than 15 minutes before.

Maybe try a new flux capacitor?

Edit - the karma picker is also down until I work this out.

https://imaginekitty.com/karma.php

I’m sorry, I have nothing useful to add, but I did chuckle at the check box for “Choose high profile members only:”

quote:

Originally posted by trapper189:
I’m sorry, I have nothing useful to add, but I did chuckle at the check box for “Choose high profile members only:”

Oh, is it working now? Good. Thanks.

The "not propagating" was likely because of the massive caching that resolvers do these days, The DNS record gets updated, along with the SOA serial number, and the TTLs can be down to near nothing, but the various provider's resolvers ignore these, and pump out old data. Then you have Cloudflare, etc. caching content, and who knows how long before updates will be seen by the general 'net.

Understandable, I guess, last I looked, some time ago DNS traffic was 40% of all traffic, and there's no money in resolving queries.

It's working for me at the moment (9:17 EST, 1/8). I used this thread as input, and radioman was #1, trapper189 was #2, and architect was #3.

quote:

Originally posted by architect:
The "not propagating" was likely because of the massive caching that resolvers do these days, The DNS record gets updated, along with the SOA serial number, and the TTLs can be down to near nothing, but the various provider's resolvers ignore these, and pump out old data. Then you have Cloudflare, etc. caching content, and who knows how long before updates will be seen by the general 'net.

Understandable, I guess, last I looked, some time ago DNS traffic was 40% of all traffic, and there's no money in resolving queries.

I think it was because my host doesn't support DNSSEC. That's the original reason that I went to cloudflare. I had to stop cloudflare from trying to attach to my host's server with DNSSEC since there wasn't a DS record there. Then I had to delete my DNSSEC keys from Epik.com and then finally it started to propagate.

DNSSEC obviously doesn't work in china, Russia or Thailand as the new DNS records propagated there in mere seconds before I even tried deleting the DNSSEC stuff.

quote:

Originally posted by mark123:

quote:

Originally posted by architect:
The "not propagating" was likely because of the massive caching that resolvers do these days, The DNS record gets updated, along with the SOA serial number, and the TTLs can be down to near nothing, but the various provider's resolvers ignore these, and pump out old data. Then you have Cloudflare, etc. caching content, and who knows how long before updates will be seen by the general 'net.

Understandable, I guess, last I looked, some time ago DNS traffic was 40% of all traffic, and there's no money in resolving queries.

I think it was because my host doesn't support DNSSEC. That's the original reason that I went to cloudflare. I had to stop cloudflare from trying to attach to my host's server with DNSSEC since there wasn't a DS record there. Then I had to delete my DNSSEC keys from Epik.com and then finally it started to propagate.

DNSSEC obviously doesn't work in china, Russia or Thailand as the new DNS records propagated there in mere seconds before I even tried deleting the DNSSEC stuff.

DNSSEC is like most encryption-enabled technology, great on paper, but fails in the real world (unless everybody is using it, e.g S/MIME or PGP). Yes, with a DS record, but with a KSK query failure, DNSSEC will cause a propagation failure to servers respecting DNSSEC. This is how it is supposed to work. Another way: your DNS server instance says it wants to provide secure DNS, but is unable to provide a well-rooted chain of trust because your "upstream" fails to participate, so it becomes untrustworthy.

quote:

Originally posted by trapper189:
I’m sorry, I have nothing useful to add, but I did chuckle at the check box for “Choose high profile members only:”

At least now I know why I never win karmas anymore... I'm not "high profile" enough to make the cut! Oh well...