Proposed changes
https://developers.cloudflare.com/cloudflare-for-platforms/cloudflare-for-saas/domain-support/hostname-validation/error-codes/
Add error to table:
None of the A or AAAA records are owned by this account and the pre-generated ownership verification token was not found.",
"The hostname is using Cloudflare and cannot be activated with an TXT or HTTP validation token. To activate the custom hostname, the DNS target needs to point to the SaaS zone"
],
As this was detailed to us by an EE in case in 02053199.
vicara.co has A records resolving to Cloudflare IPs (104.21.57.64 / 172.67.189.95), meaning the root domain is already actively proxying traffic through Cloudflare's edge. The other two (argha-dot.cc and bytesonus.com) have no A records at the root at all. Their zones exist on Cloudflare but nothing is proxied at the apex.
When COMS sees a hostname already resolving to Cloudflare IPs, it blocks TXT/HTTP only validation. This is by design. The logic is: if traffic is already hitting our edge for that hostname, we need the DNS target to actually point to the SaaS zone before we'll activate the custom hostname. That's exactly what the error message says.
So we need to detail that if a custom hostname resolves to CF IP TXT/HTTP validation becomes blocked. Only way to resolve/validate this is to point DNS to the fallback origin. So we need to detail that reasoning for this error.
Subject Matter
Error codes section
Content Location
Just added to the existing error codes section.
Additional information
May need to make note of this under the custom hostname pre-validation document. As it should note they cannot use these methods if they resolve to Cloudflare IP'S due to being proxied on another zone.
https://developers.cloudflare.com/cloudflare-for-platforms/cloudflare-for-saas/domain-support/hostname-validation/pre-validation/
Proposed changes
https://developers.cloudflare.com/cloudflare-for-platforms/cloudflare-for-saas/domain-support/hostname-validation/error-codes/
Add error to table:
None of the A or AAAA records are owned by this account and the pre-generated ownership verification token was not found.",
"The hostname is using Cloudflare and cannot be activated with an TXT or HTTP validation token. To activate the custom hostname, the DNS target needs to point to the SaaS zone"
],
As this was detailed to us by an EE in case in 02053199.
vicara.co has A records resolving to Cloudflare IPs (104.21.57.64 / 172.67.189.95), meaning the root domain is already actively proxying traffic through Cloudflare's edge. The other two (argha-dot.cc and bytesonus.com) have no A records at the root at all. Their zones exist on Cloudflare but nothing is proxied at the apex.
When COMS sees a hostname already resolving to Cloudflare IPs, it blocks TXT/HTTP only validation. This is by design. The logic is: if traffic is already hitting our edge for that hostname, we need the DNS target to actually point to the SaaS zone before we'll activate the custom hostname. That's exactly what the error message says.
So we need to detail that if a custom hostname resolves to CF IP TXT/HTTP validation becomes blocked. Only way to resolve/validate this is to point DNS to the fallback origin. So we need to detail that reasoning for this error.
Subject Matter
Error codes section
Content Location
Just added to the existing error codes section.
Additional information
May need to make note of this under the custom hostname pre-validation document. As it should note they cannot use these methods if they resolve to Cloudflare IP'S due to being proxied on another zone.
https://developers.cloudflare.com/cloudflare-for-platforms/cloudflare-for-saas/domain-support/hostname-validation/pre-validation/