Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Interests
See all
Community resources
Top groups
Explore all groups
Community resources
Celebration

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root

Avatar

1 badge earned

Collect

Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!

Challenges
Coins

Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.

Recognition
Ribbon

Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!

Leaderboard

Join now to unlock these features and more

Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Get started Tell me more
Atlassian Community about banner
4,555,469
Community Members
 
Community Events
184
Community Groups

DNS issue with Cloudflare

ANGELO SERRA
ANGELO SERRA Aug 16, 2022

hi everyone, I am currently testing the free version of Jira Software and it seems very good!

I am thinking to upgrade to the pro version, but I am a bit confused about what is happening with DNS verication.  I have added (as suggested) all the values on my Cloudflare, but only one has been validated. I tried to take a look at the community but I haven't found anything helpful. Is there someone else who faced and solved it?

Any help would be much appreciated!

Thank you in advance,

AngeloScreenshot 2022-08-16 085842.jpg

 

Answer
Watch
Like Dirk Ronsmans likes this
1522 views

2 answers

1 accepted

1 vote
Answer accepted
Andy Heinzer
Andy Heinzer
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
Aug 17, 2022

Hi,

The free vs paid site won't make a difference here.  It looks like you are trying to follow the steps in https://support.atlassian.com/user-management/docs/verify-a-domain-to-manage-accounts/#Verify-over-DNS

But I can see that you are missing several expected DNS records here.  For example, when I ran a terminal command to lookup the DNS txt and cname records of your domain, such as

% dig curzon.com CNAME

; <<>> DiG 9.10.6 <<>> curzon.com CNAME
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2836
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;curzon.com. IN CNAME

;; AUTHORITY SECTION:
curzon.com. 2818 IN SOA denver.ns.cloudflare.com. dns.cloudflare.com. 2286121512 10000 2400 604800 3600

^ there are no entries in the ANSWER section which would seem to indicate you don't have the 3 CNAME records we expect to see on your domain.

 

And for

dig curzon.com txt


; <<>> DiG 9.10.6 <<>> curzon.com txt
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64661
;; flags: qr rd ra; QUERY: 1, ANSWER: 10, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: Message has 60 extra bytes at end

;; QUESTION SECTION:
;curzon.com. IN TXT

;; ANSWER SECTION:
curzon.com. 300 IN TXT "MS=[redacted]"
curzon.com. 300 IN TXT "atlassian-domain-verification=[redacted]"
curzon.com. 300 IN TXT "MS=[redacted]"
curzon.com. 300 IN TXT "google-site-verification=[redacted]"
curzon.com. 300 IN TXT "apple-domain-verification=[redacted]"
curzon.com. 300 IN TXT "atlassian-sending-domain-verification=[redacted]"

The last record is correct, and verifies according to your screenshot, but the TTL (time to live) values are extremely low (300).  Our documentation indicates we expect a value of 86400 instead.  The problem can be with low TTL here is that our services would have to invalidate the cache of DNS records within 5 minutes, requiring a new lookup to your DNS server each time.  If that fails for any reason, it can also cause the check to fail.

So to fix this, you will need to copy the values on your screenshot and create the appropriate DNS records on your domain.  Once that is done, it could take a few hours for our services to automatically attempt to check this and verify again.

Reply
0 votes
ANGELO SERRA
ANGELO SERRA Aug 17, 2022

Hi Andy,

thanks for your reply, I really appreciate it.

I've just noticed the SPF record took a while for validation, and now is fine. CNAMEs are still showing an error, even though I have added them on Cloudflare, am I missing something?

 

Screenshot 2022-08-17 224930.jpg

 

Screenshot 2022-08-17 225310.jpg 

Thank you in advance for your precious help,

Angelo

View More Comments
Andy Heinzer
Andy Heinzer
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
Aug 18, 2022

Thanks for the screenshot.  It looks like the CNAME records are being proxied.  This would explain why they are not being propagated to other DNS servers yet.  I found another guide some users made over in https://easydmarc.com/blog/atlassian-spf-and-dkim-setup-step-by-step/ which indicates you need to

Note: For CNAME Records, turn off the proxy status if you’re using Cloudflare.

I suspect you will need to make that change to get this to work.  Right now it looks like the value is 'proxied' but instead should be 'DNS only'.

Try that.

Like
ANGELO SERRA
ANGELO SERRA Aug 19, 2022

Hi Andy,

I have turned off proxy for CNAMEs , but weirdly after 24 hours nothing is working, even TXTs which were working previously.

Please note I haven't changed TXT as they were working before CNAME change.

 

Thanks again for your help,

AngeloScreenshot 2022-08-19 102428.jpgScreenshot 2022-08-19 102506.jpg

Like
Andy Heinzer
Andy Heinzer
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
Aug 19, 2022

Please review https://support.atlassian.com/user-management/docs/verify-a-domain-to-manage-accounts/#Verify-over-DNS

It can take up to 72 hours for your domain to verify after the DNS changes take effect.

 

But again, you need to increase the TTL (Time to live) values of these TXT records.  According to my DNS server, your value is still 500.  But our documented guide states this value should be 86400.  Having such a low value will cause your records to time out prematurely.  Also our system is limited in regards to how often our system will check for new records.  With a very low value like yours, the record has expired before we will look it up again.  That is why the TXT records were working before but stopped now. 

Like
ANGELO SERRA
ANGELO SERRA Aug 20, 2022

Thanks a lot for your help Andy!!!

it worked!!!!

Angelo SerraScreenshot 2022-08-20 160934.jpg

Like Andy Heinzer likes this
Chris Brock
Chris Brock Apr 25, 2023

I just wanted to echo Andy's comments about TTL and Proxying related specifically to Cloudflare. Leaving the TTL set to "Auto" is not sufficient and you must increase the TTL.

Andy's comments were very helpful in troubleshooting issues we had with domain verification. After making the changes below, our domain was verified within 5 minutes.

  • Set TTL to "1 day" for all records
  • Disable Proxy and set to "DNS only" for all records
  • Optional: Add a tag to each DNS entry for easier reference in the future

 

2023-04-25_12-51-42.png

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira Software
Jira Software
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
FREE
PERMISSIONS LEVEL
Site Admin
TAGS
AUG Leaders

Atlassian Community Events

See all events