Ask HN: Cloudflare broke my domain’s DNSSEC making it unreachable since 4 days
by medguru on Hacker News.
tl;dr – Cloudflare rendered my domain inaccessible and support has been ignoring the ticket for 4 days, what’s the fastest way to get technical assistance when on a free plan? Last week I transferred a domain used for a personal project from my old registrar to Cloudflare. After the transfer was finalized and new NS records had propagated, everything resolved normally and everything was working fine. I then enabled DNSSEC, and after a while the domain would no longer resolve. Every DNS server I try – Google, Quad9, OpenDNS, even Cloudflare’s own DNS on 1.1.1.1 – returns SERVFAIL. The excellent diagnostic tool on dnsviz.net tells me that the domain is returning bogus DNSKEY/DS/NSEC responses and bogus delegation status. “no SEP matching the DS found”. I tried canceling the DNSSEC setup and waiting for over a day, with no effect. I re-enabled DNSSEC setup and waited for 3 days, with no effect. Cloudflare’s control panel has since several days now been saying that DNSSEC will be enabled “in the next 24 hours”. My site cannot be reached, and Cloudflare’s support cannot be reached. I’ve been forced to migrate the project and its (few) users to a completely different domain. I cannot inconvenience users by bouncing them back and forth, so the domain Cloudflare ruined for me is now effectively lost, as is the “branding” of the project which was reflected in the domain’s name. How can I get their attention without paying for an Enterprise plan? I would like to think that basic functional service should be accessible even when using Cloudflare only as a registrar with fundamental DNS on a free plan.