Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,359,756
Community Members
 
Community Events
168
Community Groups

DNS issue with Cloudflare

hi everyone, I am currently testing the free version of Jira Software and it seems very good!

I am thinking to upgrade to the pro version, but I am a bit confused about what is happening with DNS verication.  I have added (as suggested) all the values on my Cloudflare, but only one has been validated. I tried to take a look at the community but I haven't found anything helpful. Is there someone else who faced and solved it?

Any help would be much appreciated!

Thank you in advance,

AngeloScreenshot 2022-08-16 085842.jpg

 

2 answers

1 accepted

1 vote
Answer accepted
Andy Heinzer Atlassian Team Aug 17, 2022

Hi,

The free vs paid site won't make a difference here.  It looks like you are trying to follow the steps in https://support.atlassian.com/user-management/docs/verify-a-domain-to-manage-accounts/#Verify-over-DNS

But I can see that you are missing several expected DNS records here.  For example, when I ran a terminal command to lookup the DNS txt and cname records of your domain, such as

% dig curzon.com CNAME

; <<>> DiG 9.10.6 <<>> curzon.com CNAME
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2836
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;curzon.com. IN CNAME

;; AUTHORITY SECTION:
curzon.com. 2818 IN SOA denver.ns.cloudflare.com. dns.cloudflare.com. 2286121512 10000 2400 604800 3600

^ there are no entries in the ANSWER section which would seem to indicate you don't have the 3 CNAME records we expect to see on your domain.

 

And for

dig curzon.com txt


; <<>> DiG 9.10.6 <<>> curzon.com txt
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64661
;; flags: qr rd ra; QUERY: 1, ANSWER: 10, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: Message has 60 extra bytes at end

;; QUESTION SECTION:
;curzon.com. IN TXT

;; ANSWER SECTION:
curzon.com. 300 IN TXT "MS=[redacted]"
curzon.com. 300 IN TXT "atlassian-domain-verification=[redacted]"
curzon.com. 300 IN TXT "MS=[redacted]"
curzon.com. 300 IN TXT "google-site-verification=[redacted]"
curzon.com. 300 IN TXT "apple-domain-verification=[redacted]"
curzon.com. 300 IN TXT "atlassian-sending-domain-verification=[redacted]"

The last record is correct, and verifies according to your screenshot, but the TTL (time to live) values are extremely low (300).  Our documentation indicates we expect a value of 86400 instead.  The problem can be with low TTL here is that our services would have to invalidate the cache of DNS records within 5 minutes, requiring a new lookup to your DNS server each time.  If that fails for any reason, it can also cause the check to fail.

So to fix this, you will need to copy the values on your screenshot and create the appropriate DNS records on your domain.  Once that is done, it could take a few hours for our services to automatically attempt to check this and verify again.

Hi Andy,

thanks for your reply, I really appreciate it.

I've just noticed the SPF record took a while for validation, and now is fine. CNAMEs are still showing an error, even though I have added them on Cloudflare, am I missing something?

 

Screenshot 2022-08-17 224930.jpg

 

Screenshot 2022-08-17 225310.jpg 

Thank you in advance for your precious help,

Angelo

Andy Heinzer Atlassian Team Aug 18, 2022

Thanks for the screenshot.  It looks like the CNAME records are being proxied.  This would explain why they are not being propagated to other DNS servers yet.  I found another guide some users made over in https://easydmarc.com/blog/atlassian-spf-and-dkim-setup-step-by-step/ which indicates you need to

Note: For CNAME Records, turn off the proxy status if you’re using Cloudflare.

I suspect you will need to make that change to get this to work.  Right now it looks like the value is 'proxied' but instead should be 'DNS only'.

Try that.

Hi Andy,

I have turned off proxy for CNAMEs , but weirdly after 24 hours nothing is working, even TXTs which were working previously.

Please note I haven't changed TXT as they were working before CNAME change.

 

Thanks again for your help,

AngeloScreenshot 2022-08-19 102428.jpgScreenshot 2022-08-19 102506.jpg

Andy Heinzer Atlassian Team Aug 19, 2022

Please review https://support.atlassian.com/user-management/docs/verify-a-domain-to-manage-accounts/#Verify-over-DNS

It can take up to 72 hours for your domain to verify after the DNS changes take effect.

 

But again, you need to increase the TTL (Time to live) values of these TXT records.  According to my DNS server, your value is still 500.  But our documented guide states this value should be 86400.  Having such a low value will cause your records to time out prematurely.  Also our system is limited in regards to how often our system will check for new records.  With a very low value like yours, the record has expired before we will look it up again.  That is why the TXT records were working before but stopped now. 

Thanks a lot for your help Andy!!!

it worked!!!!

Angelo SerraScreenshot 2022-08-20 160934.jpg

Like Andy Heinzer likes this

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
FREE
PERMISSIONS LEVEL
Site Admin
TAGS
Community showcase
Published in Jira Software

An update on Jira Software customer feedback – June 2022

Hello Atlassian Community! Feedback from customers like you has helped us shape and improve Jira Software. As Head of Product, Jira Software, I wanted to take this opportunity to share an update on...

4,955 views 18 31
Read article

Atlassian Community Events