CNAME with 2 levels not added?

Tried several times to add CNAME with “” pointing to mailgun, its transactional mail server, and no luck. Changed DNS type to Proxied, no result, the record still does not validate from outside Cloudflare.

Welcome to the Cloudflare Community. It is always nice to see another Mailgun user.

If you need a CNAME to be returned for a query, it needs to be :grey: DNS Only. When you set a CNAME to :orange: proxied, it returns A & AAAA records instead of a CNAME. It also will also result in a subdomain too deep condition when you exceed one level of subdomains.

I recommend setting the CNAME to :grey: and testing either with command line tools (my preference) or some web DNS tools if the CLI isn’t your thing. Once you have confirmed the expected results, try the test at Mailgun again.

Negative answers can wind up cached, so it’s important to be patient. It also helps to wait until you get the answers you want Mailgun to see before running their test.


I have it DNS-only and external validation says it works now. But internal mailgun validation is not passed. The problem is thus on Mailgun verification side.

Not sure what your CNAME should be (mailgun’s documentation isn’t clear) but it shouldn’t be the same as the subdomain for which you’ve configured a MX record. By RFC standards an MX record can’t reference a CNAME.

So you should delete the CNAME for and set it to whatever their support suggests.


Not necessarily. Since CNAME in question is used for tracking actions by mailgun. The MX is different.

RFC1034 Section 3.6.2.

If a CNAME RR is present at a node, no other data should be present; this ensures that the data for a canonical name and its aliases cannot be different.


This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.