_acme-challenge TXT record stuck on server after deleting it
I am the owner of arknet.cloudns.nz
I have deleted my acme TXT record from Cloudflare 4 days ago. I tries to create a new one but it says the old record still exists.
I have waited 4 days. DOUBLE the maximum amount of time. Please remove these records from your server.
More importantly why does it take so long? It’s literally just text. What’s the purpose of this delay. I have zeroed out entire terabytes worth of mechanical hard drives on potato powered PCs with several passes and it didn’t take this long.
33 Replies
DNS Updates happen within seconds. What you're probably seeing is not your own txt record, but the ones from Cloudflare's ssl automation trying to issue a cert. If you go under ssl/tls -> edge certificates in the dashboard under your website, you should see the cert trying to issue. If you're not going to be using proxy/ssl, you can disable universal ssl at the bottom of the page
I disabled the edge certificate 4 days ago and I have also deleted the TXT record from cloudflares DNS dashboard as well. 4 days ago
do you still see any certs under that menu at all?
No. None
I will send you a screenshot once o load it on my phone
I believe you, the universal ssl is still trying nonetheless
oh you were the guy I talked you about these zones a few days ago
4 days ago yes
I’ve beens stuck in DNS hell for a month because of all the waiting each time i change something
I realized after poking around with these a bit more and realized that the setup with these is messed. Cloudns doesn't let you actually change the nameservers properly, which makes sense given that they're just trying to give you a free zone to use with them.
What I mean by that is, if you delegate a domain to another nameservers, the nameserver above it should return ns records for queries within it.
So like if you query
_acme-challenge.arknet.cloudns.nz, cloudns should tell you to contact Cloudflare, but it doesn't, it just returns an authoritative response from cloudns saying nothing's there.
DNS Resolvers have different behavior with this though, Google's 8.8.8.8 seems to walk up the dns tree and is ok with it, but Cloudflare's 1.1.1.1 or Quad9 just can't find records on any subdomains.
The only way I can see you "kind of" getting this to work is just on the root (arknet.cloudns.nz), and maybe if you get lucky and get Cloudflare to pick a certificate provider which checks Google or someone else, it might issue. Absolutely cursed though, not a proper setup/domain at all
Exactly. The only records I have in cloudNS is my NS records. I deleted the A record, Cname, TXTs and literally everything else
yup and that's why the root domain will work. Query subdomains under that and you get more fun experiences
_acme-challenge is a subdomain as well
So are you suggesting i should put my A list and CNAME back into CloudNS. Because that is the exact opposite off what i was told to do 4 days ago
Somone told me to delete everything except the NS
I'm suggesting this isn't really going to work because cloudns isn't letting you do this, it's not meant to do this, you're meant to use that domain with their service
I got it to work before. Somone even shown me the test web page but the DNS records didn’t replicate all the way. Which is why he was able to get to it and not me. I’ve had to wait for the records to clear before and they always do
a proper delegation looks like this with dig +trace
me. 172800 IN NS a0.nic.me. me. 172800 IN NS a2.nic.me. me. 172800 IN NS b0.nic.me. me. 172800 IN NS b2.nic.me. me. 172800 IN NS c0.nic.me. ;; Received 352 bytes from 199.7.91.13#53(d.root-servers.net) in 3 ms chaika.me. 3600 IN NS chan.ns.cloudflare.com. chaika.me. 3600 IN NS tosana.ns.cloudflare.com. ;; Received 100 bytes from 199.253.61.1#53(c0.nic.me) in 159 ms free.chaika.me. 300 IN NS gina.ns.cloudflare.com. free.chaika.me. 300 IN NS sage.ns.cloudflare.com. ;; Received 98 bytes from 2606:4700:58::a29f:2c2b#53(tosana.ns.cloudflare.com) in 3 ms free.chaika.me. 300 IN A 104.21.25.160 free.chaika.me. 300 IN A 172.67.134.94 ;; Received 75 bytes from 2a06:98c1:50::ac40:23ec#53(sage.ns.cloudflare.com) in 3 msIt asks each level "where can I find free.chaika.me", and it directs it down cloudns looks like this
nz. 172800 IN NS ns3.dns.net.nz. nz. 172800 IN NS ns6.dns.net.nz. nz. 172800 IN NS ns5.dns.net.nz. nz. 172800 IN NS ns4.dns.net.nz. nz. 172800 IN NS ns2.dns.net.nz. nz. 172800 IN NS ns1.dns.net.nz. nz. 172800 IN NS ns7.dns.net.nz. ;; Received 536 bytes from 2001:7fe::53#53(i.root-servers.net) in 103 ms cloudns.nz. 86400 IN NS ns41.cloudns.net. cloudns.nz. 86400 IN NS ns44.cloudns.net. cloudns.nz. 86400 IN NS ns43.cloudns.net. cloudns.nz. 86400 IN NS ns42.cloudns.net. ;; Received 187 bytes from 202.46.190.130#53(ns1.dns.net.nz) in 207 ms arknet.cloudns.nz. 3600 IN SOA ns41.cloudns.net. support.cloudns.net. 2025090804 7200 1800 1209600 3600 ;; Received 150 bytes from 2a0b:1640:1:1:1:1:762:9aa6#53(ns44.cloudns.net) in 87 msIt asks cloudns "where do I find _acme-challenge.arknet.cloudns.nz", and it says "I've got it" and doesn't redirect to Cloudflare. Because it's not proper delegation, what you're doing is just changing ns records on the root, normally used if you have more then one nameserver setup to handle the same queries/domain alongside the service you are using yea like I said you could probably get it working with the just root (arkns.cloudns.net) and if you use a certificate authority (or get one picked by cf by random) that has the behavior of walking the tree like 8.8.8.8 does seem to have, but any subdomains would still always be broken
You can see this same behavior here https://dnschecker.org/#TXT/_acme-challenge.arknet.cloudns.nz with how only a few providers return the txt records. It's not dns propagation, it's because this setup isn't proper lol
DNS Checker
DNS Checker - DNS Check Propagation Tool
Check DNS Propagation worldwide. DNS Checker provides name server propagation check instantly. Changed nameservers so do a DNS lookup and check if DNS and nameservers have propagated.
The real tldr is to get a proper domain, .xyz has 99c ones which are numeric or cheaper TLDs like .win, and you won't have any weirdness, or expect random issues/bugs/etc, because this really isn't pointed at Cloudflare. Cloudflare will remove pending domains after 28 days as well
So in other words, cloudNS can refer the A records to be managed by other DNS servers such as the two cloudflare ones. but CNAMES will not pass over to be managed remotely right?
What if I delete my zone in cloudNS but recreate it?
I could go for xyz but the whole idea was that my homelab is marketed on the idea of being 100% free
If i absolutely have to i’ll just get an XYZ but i want to make that my absolute last resort
it's more complex then that, I believe it's some of the providers are caching the ns lookup and reusing them which makes the A record lookup slightly better. Your CNAME in cloudns did probably make this better, but this is beyond cursed lol
I would honestly just not use cloudns and just get a proper domain. they are really cheap honestly.
I know not free but $7.5 usd per year ain't that much tbh
I’ll do xyz. I wouldn’t consider domains cheap. I bout a .US domain on godaddy and that was $70 a year. That’s a Hulu subscription right there
But thank you for letting me know that
Spaceship, porkbun, or cloudflare registrar are way cheaper then godaddy. Us domains are also generally a bad idea because no whois redaction (your contact info gets published)
.org is $7.52/year on CF registrar
.win is like ~5 something. Porkbun has .org slightly more expensive renewal ($10/year) but cheaper first year (6.88/year). Not bad
.xyz is $12.30
if the name doesn't matter, go numeric like
98090908.xyzcool for testing domains
https://gen.xyz/number
how is that premium lol
Premium is just a catchall for any special pricing