DNS Error 1000: Cloudflare - When putting render services behind a load balancer

Hey,

I’ve currently got 3 render web services running my api in different regions (Ohio, Frankfurt and Singapore). I’m trying to put them behind a load balancer and single domain but am getting the following DNS points to prohibited IP error when trying to access them via the load balanced domain:

Result (Ray ID: 86d0c30f5dda6aa6):

I’ve tried using both AWS Route53 as well as Cloudflare load balancers and am seeing the same result.

I’ve kept the load balancer setup live in case it helps with testing.

Route53 Domain: web.api.findgg.com
Cloudflare loadbalanced domain: loadbalancer.findgg.com

There’s a healthcheck endpoint at /health that should return a 200 when live

Is this an issue with my setup, or is this not supported by render?

This is what my route53 setup looks like:

And my cloudflare setup sees the same issue:

Setup

I see that cloudflare mentions this error can occur when a load balancer points to a proxied record. I’m guessing that may be the issue here? (The provided onrender domain is a proxied record?)

Edit: I’ve tried giving my services custom domains that are dns only - but see the same issue unfortunately

I’ve also attempted to proxy requests through cloudflare workers as seen here (and also played around with resolveOverride) but no luck there either

Hi there,

You will likely need to override the HOST header for each region and set it to the specific onrender.com domain for each regional service.

The reason you get the Error 1000 in the Cloudflare setup, is that Cloudflare sees the host as loadbalancer.findgg.com pointing to our Cloudflare IP address for your onrender.com domain. However, because you have not added loadbalancer.findgg.com as a custom domain, we haven’t registered this host in our Cloudflare setup. Cloudflare doesn’t know which origin to send requests to, for loadbalancer.findgg.com in our account. So Cloudflare instead replies with the Error 1000.

The issue will be similar for the Route53 setup, but it will be our proxies instead of Cloudflare having an issue. They will not know how to send requests for web.api.findgg.com to your service.

Our Cloudflare account and proxies will know how to handle requests where the HOST is your onrender.com domains.

You could also add additional custom domains to your services for each region for example ohio.api.findgg.com, singapore.api.findgg.com etc., and CNAME them to the onrender.com domains for each region. These could then be used as your load-balancing origins and HOST’s. However, this would require more DNS setup for little benefit.

I hope this helps.

Regards,

Keith
Render Support, UTC+10 :australia:

1 Like

Perfect, that solved the issue, really appreciate it!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.