Announcement

Collapse
No announcement yet.

Cloudflare and DNS and Broken Email

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Cloudflare and DNS and Broken Email

    I switched a client to Cloudflare a couple of days ago. The DNS records imported seem to correct, but many are missing. I did take a look at DNS per support recommendations before switching to Cloudflare nameservers. We had no issues prior to the switch.

    I have a ticket submitted for this email issue, but it seems some of the missing records have caused some issues and I'm adding them as I come across the problem caused. The immediate "crash" is email.

    Initially, the mail.domainname record was missing. I added that and some emails started to be received. But, it didn't solve the whole problem.

    The MX and SPF records did import. The MX record, by default, was set to DNS only (proxied -- isn't an option).

    I am wondering if the email server URLs need to point to a different server? What email server URL should the MX and SPF records point to?

    Thanks,

    Scott


    Need to offer Shipping Insurance?
    Interactive Design Solutions https://www.myids.net
    MivaMerchant Business Partner | Certified MivaMerchant Web Developer
    Competitive Rates, Custom Modules and Integrations, Store Integration
    AutoBaskets|Advanced Waitlist Integration|Ask about Shipping Insurance Integration
    My T-shirt Collection is mostly MivaCon T-shirts!!

    #2
    Cloudflare looks for common DNS record types and names, but has no way to know records may exist if the records are not ones they've been pre-programmed to look for; they must be explicitly entered if missing.

    Cloudflare only proxies web requests, they cannot proxy email traffic, which is why those do not have an option to be taken out of bypass mode. That being said, if email and web are going to the same server, this provides a way for an attacker to find the real server's IP. Email should really not be hosted on the web server. If this is a site with us, we will be discontinuing all email services before the end of the year, so now would be a good time to also focus on an email service provider migration.

    The email related DNS records, including SPF and MX, will be specific to any given entity; it's not something there is a correct generic default for.
    David Hubbard
    CIO
    Miva
    [email protected]
    http://www.miva.com

    Comment


      #3
      The email related DNS records, including SPF and MX, will be specific to any given entity; it's not something there is a correct generic default for.
      The same records worked before the nameserver switch. Now they don't. I don't know how to fix whatever is wrong for "our" customer.

      Scott
      IDS
      Need to offer Shipping Insurance?
      Interactive Design Solutions https://www.myids.net
      MivaMerchant Business Partner | Certified MivaMerchant Web Developer
      Competitive Rates, Custom Modules and Integrations, Store Integration
      AutoBaskets|Advanced Waitlist Integration|Ask about Shipping Insurance Integration
      My T-shirt Collection is mostly MivaCon T-shirts!!

      Comment


        #4
        This is not something that can be corrected with advice in a forum; if the email is currently hosted on a server at Miva, our support staff would have to retrieve the proper records, and if the prior MX records had used the domain itself as the MX, that would no longer work with Cloudflare now serving the domain. The record would need to be changed to something else that points at the server here.
        David Hubbard
        CIO
        Miva
        [email protected]
        http://www.miva.com

        Comment


          #5
          Thanks, David.

          Scott
          Need to offer Shipping Insurance?
          Interactive Design Solutions https://www.myids.net
          MivaMerchant Business Partner | Certified MivaMerchant Web Developer
          Competitive Rates, Custom Modules and Integrations, Store Integration
          AutoBaskets|Advanced Waitlist Integration|Ask about Shipping Insurance Integration
          My T-shirt Collection is mostly MivaCon T-shirts!!

          Comment


            #6
            Is this something I could determine in Plesk?

            Scott
            IDS
            Need to offer Shipping Insurance?
            Interactive Design Solutions https://www.myids.net
            MivaMerchant Business Partner | Certified MivaMerchant Web Developer
            Competitive Rates, Custom Modules and Integrations, Store Integration
            AutoBaskets|Advanced Waitlist Integration|Ask about Shipping Insurance Integration
            My T-shirt Collection is mostly MivaCon T-shirts!!

            Comment


              #7
              Kind of, but if the prior MX had been the domain itself without a hostname, that has to change to an all new record that points at the same IP the domain had previously pointed at. So the name the users use for connecting may need to change, or the MX record may need to change, probably not both. SPF could be wrong too as a slight reconfig should be performed to have email leave the server using a new IP that has a reverse DNS entry (PTR record) not matching the site itself.
              David Hubbard
              CIO
              Miva
              [email protected]
              http://www.miva.com

              Comment

              Working...
              X