HTTP 523 Origin Is Unreachable — Cloudflare Cannot Resolve Origin DNS

Overview

Fix Cloudflare HTTP 523 error when the origin server's IP address cannot be resolved or routed to from Cloudflare's network.

Key Details

• HTTP 523 means Cloudflare cannot reach the origin server because DNS resolution failed or the IP is unroutable
• This differs from 521 (connection refused) — 523 means the server address itself cannot be found
• Common after DNS changes, server migrations, or when the origin IP changes
• Can also occur if the origin server's IP is in a private range not accessible from the internet
• Cloudflare caches DNS records so changes may take time to propagate

Common Causes

• DNS A/AAAA record pointing to an incorrect or decommissioned IP address
• Origin server IP changed after migration without updating Cloudflare DNS records
• Origin IP is in a private subnet (10.x, 172.16.x, 192.168.x) unreachable from the internet
• Network routing issues between Cloudflare's data centers and the origin server

Steps

1. 1Verify the origin IP in Cloudflare DNS settings matches your actual server IP
2. 2Ping the origin IP from an external location to confirm it is publicly reachable
3. 3If you recently migrated servers, update the A record in Cloudflare to the new IP
4. 4Check that the origin server has a valid public IP and is not behind a NAT without port forwarding
5. 5Purge Cloudflare cache and wait a few minutes for DNS propagation after making changes

Tags

Related Items

More in 5xx Server Error

Frequently Asked Questions