> ## Documentation Index
> Fetch the complete documentation index at: https://wiki.lumiweb.cc/llms.txt
> Use this file to discover all available pages before exploring further.

# Domain not working

> NS, blocks, Cloudflare errors, browser warnings

## NS won't change

More than 24 hours have passed and the new NS still haven't taken effect:

<Steps>
  <Step title="Check WHOIS">
    [lookup.icann.org](https://lookup.icann.org) or [whois.com](https://www.whois.com/whois/) with a forced refresh.
  </Step>

  <Step title="Look at the status">
    `clientHold`, `serverHold`, `clientUpdateProhibited` — the domain is blocked, and the NS won't change until that's lifted (see [Lifecycle](/en/domains/lifecycle)).
  </Step>

  <Step title="Status inactive — check the NS">
    Typos, stray commas, dots, spaces. `inactive` means the NS are invalid.
  </Step>

  <Step title="Glue records">
    Lumi doesn't support glue. The NS can't be on the domain itself (`ns1.example.com` for `example.com`) — you need NS on an external domain.
  </Step>
</Steps>

<Tip>
  Most of the time NS should point to Cloudflare. Don't set this up by hand: open "My domains" → the domain → **"Cloudflare settings"** or **"DNS settings"** — if the domain isn't on Cloudflare yet, the bot offers to switch the NS for you. Change NS manually only when you run third-party DNS, via the **"Change NS"** button. More in [Cloudflare](/en/domains/cloudflare) and [DNS records](/en/domains/dns).
</Tip>

## Suspect a block

Check WHOIS → find the status → act:

| Status                     | What to do                                                          |
| -------------------------- | ------------------------------------------------------------------- |
| `inactive`                 | Set working NS — this isn't a ban, just setup that wasn't finished. |
| `clientHold`               | Message [support](https://t.me/lumisup_robot).                      |
| `serverHold`               | Message support and we'll look into it (this one is rare).          |
| `redemptionPeriod`         | Request restoration if you still need the domain.                   |
| `clientTransferProhibited` | This is normal — protection against hijacking.                      |

## The site shows an old version or doesn't open for everyone

Changed a record but your browser shows the old version? Or the site won't load for you but opens fine for a friend? The cause is almost always the same: the **DNS cache** on your device or at your provider still holds the previous answer, plus propagation may not have finished (see [When your domain goes live](/en/domains/propagation)).

What to do, in order:

<Steps>
  <Step title="Open it in incognito mode">
    The browser caches pages the most aggressively of all. A private window (Ctrl+Shift+N / Cmd+Shift+N) rules the browser cache out as a suspect.
  </Step>

  <Step title="Flush your local DNS cache">
    Your system remembers DNS answers too. Clear the cache with the command for your OS:

    <Tabs>
      <Tab title="Windows">
        Command Prompt:

        ```bash theme={"system"}
        ipconfig /flushdns
        ```
      </Tab>

      <Tab title="macOS">
        Terminal (it will ask for your password):

        ```bash theme={"system"}
        sudo dscacheutil -flushcache; sudo killall -HUP mDNSResponder
        ```
      </Tab>

      <Tab title="Linux">
        Terminal:

        ```bash theme={"system"}
        sudo systemd-resolve --flush-caches
        ```
      </Tab>
    </Tabs>
  </Step>

  <Step title="Check from another device or network">
    Open the site on your phone over mobile data (not your Wi-Fi). If it works there, the problem is local — on your machine or with your provider — and the domain itself is fine.
  </Step>

  <Step title="Switch to public DNS">
    Your provider's DNS servers sometimes update slowly. Set public resolvers in your network settings: `8.8.8.8` (Google) or `1.1.1.1` (Cloudflare) — they pick up changes faster.
  </Step>
</Steps>

<Note>
  In Russia, Cloudflare is sometimes unstable. If the domain is connected to Cloudflare and won't open **only for you**, try again later or, if it suits your project, turn off proxying (switch the record to the gray cloud) — traffic will go straight to the server, bypassing the Cloudflare network.
</Note>

If the site still doesn't open for everyone after all the steps above, message support [@lumisup\_robot](https://t.me/lumisup_robot) and include the domain, your region, and your provider (or mobile carrier). That helps determine whether it's a local block or a problem on the domain's side.

## Cloudflare errors

<AccordionGroup>
  <Accordion title="1000 / 1001 / 1003" icon="triangle-exclamation">
    **1000** — DNS points to a prohibited IP (replace it with the server's public IP); **1001** — no DNS record (add an A/AAAA); **1003** — accessed by IP rather than by domain name.
  </Accordion>

  <Accordion title="521 — Web server is down" icon="server">
    The web server isn't running, or a firewall is blocking Cloudflare's addresses. Start the server and allow the IPs from cloudflare.com/ips.
  </Accordion>

  <Accordion title="522 / 524 — timeout" icon="clock">
    The server is unreachable or responds too slowly. Check that it's reachable and whitelist Cloudflare's IPs.
  </Accordion>

  <Accordion title="525 / 526 — TLS error" icon="lock">
    No certificate on the server, or an invalid one. Install a valid certificate or temporarily switch the Cloudflare mode from **Full (strict)** to **Full**. See [SSL](/en/vps/ssl).
  </Accordion>
</AccordionGroup>

<Note>
  Errors 1001, 521, and 522 often mean the domain has no working **A record**, or it points to a server that's down. Add or fix the A record via "DNS settings" in the bot — see [DNS records](/en/domains/dns).
</Note>

## Browser red warning page

<Info>
  This is **not a domain ban by the registry**: at the DNS level the domain works — the warning is shown by the browser or by Cloudflare itself. Causes: malicious content, a hacked site, an infected neighbor on the same IP, complaints (including mass ones from competitors), and, less often, a false positive.
</Info>

You can tell who's showing the warning from the page:

* **Google Safe Browsing** (the red Chrome screen) → appeal via Search Console, see [Clear red warning screens](/en/domains/google-cleanup).
* **Cloudflare** (a Cloudflare page about phishing/malware) → Cloudflare has flagged the domain and is turning off proxying. To make the site open, switch the A records to a **direct connection** (gray cloud) in your account on [cloudflare.com](https://dash.cloudflare.com) — traffic will go past Cloudflare and the warning will stop getting in the way.

Without Cloudflare proxying, its free SSL is gone too: the site won't open over HTTPS until you install **your own certificate** on the server (Let's Encrypt — see [SSL](/en/vps/ssl)). While you're at it, file an appeal for the warning from your Cloudflare account. If that doesn't help, message [@lumisup\_robot](https://t.me/lumisup_robot) and include the domain and its WHOIS status.

<CardGroup cols={2}>
  <Card title="Domain lifecycle" icon="hourglass-half" href="/en/domains/lifecycle">
    EPP statuses, lifecycle phases, WHOIS.
  </Card>

  <Card title="Clear red warning screens" icon="broom" href="/en/domains/google-cleanup">
    Appeal via Search Console and Cloudflare.
  </Card>
</CardGroup>
