NS won’t change
More than 24 hours have passed and the new NS still haven’t taken effect:Check WHOIS
lookup.icann.org or whois.com with a forced refresh.
Look at the status
clientHold, serverHold, clientUpdateProhibited — the domain is blocked, and the NS won’t change until that’s lifted (see Lifecycle).Status inactive — check the NS
Typos, stray commas, dots, spaces.
inactive means the NS are invalid.Suspect a block
Check WHOIS → find the status → act:| Status | What to do |
|---|---|
inactive | Set working NS — this isn’t a ban, just setup that wasn’t finished. |
clientHold | Message support. |
serverHold | Message support and we’ll look into it (this one is rare). |
redemptionPeriod | Request restoration if you still need the domain. |
clientTransferProhibited | This is normal — protection against hijacking. |
The site shows an old version or doesn’t open for everyone
Changed a record but your browser shows the old version? Or the site won’t load for you but opens fine for a friend? The cause is almost always the same: the DNS cache on your device or at your provider still holds the previous answer, plus propagation may not have finished (see When your domain goes live). What to do, in order:Open it in incognito mode
The browser caches pages the most aggressively of all. A private window (Ctrl+Shift+N / Cmd+Shift+N) rules the browser cache out as a suspect.
Flush your local DNS cache
Your system remembers DNS answers too. Clear the cache with the command for your OS:
- Windows
- macOS
- Linux
Command Prompt:
Check from another device or network
Open the site on your phone over mobile data (not your Wi-Fi). If it works there, the problem is local — on your machine or with your provider — and the domain itself is fine.
In Russia, Cloudflare is sometimes unstable. If the domain is connected to Cloudflare and won’t open only for you, try again later or, if it suits your project, turn off proxying (switch the record to the gray cloud) — traffic will go straight to the server, bypassing the Cloudflare network.
Cloudflare errors
1000 / 1001 / 1003
1000 / 1001 / 1003
1000 — DNS points to a prohibited IP (replace it with the server’s public IP); 1001 — no DNS record (add an A/AAAA); 1003 — accessed by IP rather than by domain name.
521 — Web server is down
521 — Web server is down
The web server isn’t running, or a firewall is blocking Cloudflare’s addresses. Start the server and allow the IPs from cloudflare.com/ips.
522 / 524 — timeout
522 / 524 — timeout
The server is unreachable or responds too slowly. Check that it’s reachable and whitelist Cloudflare’s IPs.
525 / 526 — TLS error
525 / 526 — TLS error
No certificate on the server, or an invalid one. Install a valid certificate or temporarily switch the Cloudflare mode from Full (strict) to Full. See SSL.
Errors 1001, 521, and 522 often mean the domain has no working A record, or it points to a server that’s down. Add or fix the A record via “DNS settings” in the bot — see DNS records.
Browser red warning page
This is not a domain ban by the registry: at the DNS level the domain works — the warning is shown by the browser or by Cloudflare itself. Causes: malicious content, a hacked site, an infected neighbor on the same IP, complaints (including mass ones from competitors), and, less often, a false positive.
- Google Safe Browsing (the red Chrome screen) → appeal via Search Console, see Clear red warning screens.
- Cloudflare (a Cloudflare page about phishing/malware) → Cloudflare has flagged the domain and is turning off proxying. To make the site open, switch the A records to a direct connection (gray cloud) in your account on cloudflare.com — traffic will go past Cloudflare and the warning will stop getting in the way.
Domain lifecycle
EPP statuses, lifecycle phases, WHOIS.
Clear red warning screens
Appeal via Search Console and Cloudflare.