HTTPSERVER_ERRORCritical5xx CloudflareHIGH confidence

Origin Unreachable (DNS failure)

Q: How to fix HTTP 533 Origin Unreachable (DNS failure)?

Verify the origin DNS A/AAAA record exists: If no A or AAAA record exists for the origin hostname Cloudflare cannot route requests to it. Adding the correct IP address record resolves 533 immediately after DNS propagation.

Q: How to fix HTTP 533 Origin Unreachable (DNS failure)?

Wait for DNS propagation after a record change: DNS changes require propagation time. Cloudflare caches DNS records; the 533 will resolve automatically once the new record is visible to Cloudflare's resolver.

Production Risk

High — a 533 means all traffic to the origin is failing; monitor with Cloudflare Health Checks and alert on sustained 533 rates.

What this means

533 Origin Unreachable indicates that Cloudflare cannot resolve the DNS hostname for the origin server. This is distinct from 523 (Origin Is Unreachable) which covers network-routing failures — 533 specifically means the DNS A/AAAA record for the origin cannot be resolved.

Why it happens

1The origin hostname in the Cloudflare DNS settings has no A or AAAA record, or the record was deleted.
2A recent DNS change has not propagated; Cloudflare's resolver cannot yet reach the updated record.
3The origin is configured as a CNAME that itself points to a hostname with no address record.

How to reproduce

A Cloudflare-proxied request is made to an origin whose DNS cannot be resolved by Cloudflare's edge.

trigger — this will error

curl -v https://example.com/
# Response: HTTP/1.1 533
# CF-RAY header identifies the Cloudflare data centre

expected output

HTTP/1.1 533 Origin Unreachable

Fix 1

Verify the origin DNS A/AAAA record exists

WHEN When the origin record may have been deleted or never created.

Verify the origin DNS A/AAAA record exists

# Check from Cloudflare dashboard: DNS → Records
# Or verify externally:
nslookup origin.example.com 8.8.8.8
dig +short origin.example.com A

Why this works

If no A or AAAA record exists for the origin hostname Cloudflare cannot route requests to it. Adding the correct IP address record resolves 533 immediately after DNS propagation.

Fix 2

Wait for DNS propagation after a record change

WHEN When the origin IP was recently changed.

Wait for DNS propagation after a record change

# Monitor propagation across global DNS servers:
# https://dnschecker.org
# Most records propagate within 5 minutes when TTL is low.

Why this works

DNS changes require propagation time. Cloudflare caches DNS records; the 533 will resolve automatically once the new record is visible to Cloudflare's resolver.

What not to do

✕ Confuse 533 with 523

523 is a network-routing failure (Cloudflare can resolve DNS but cannot connect); 533 is a DNS-resolution failure. The diagnosis and fix differ — check DNS first for 533, check firewall/IP for 523.

Version notes

Cloudflare

Cloudflare-specific; not defined in any IETF RFC. Distinct from 523 Origin Is Unreachable (network failure) and 530 Origin DNS Error (broader DNS issues).

Sources

Official documentation ↗

Cloudflare Support — 5xx Errors

https://developers.cloudflare.com/dns/troubleshooting/ ↗

Content generated with AI assistance and reviewed for accuracy. Found an error? hello@errcodes.dev

At a glance

PlatformHTTP Status Codes

Code533

Class5xx Cloudflare

SeveritySERVER_ERROR

TierCritical

ConfidenceHIGH

← All HTTP errors