When I set up my domain, let’s call it example.org, it imported my DNS. It missed half the records, but it did find smtp.example.org, for instance. And turned, by default, proxying on for it.
If I hadn’t turned that off, I would have lost all incoming mail.
IMO, Cloudflare should be much less aggressive in enabling proxying by default, and certainly not do this on subdomains that are likely to be used for non-web purposes (e.g. smtp, mail, ftp, etc.).
You wouldn’t have, as MX records are automatically exposed by default, so you wouldn’t have lost any arriving emails.
You wouldn’t have, as MX records are automatically exposed by default, so you wouldn’t have lost any arriving emails.
I’m not sure that’s true, since I have
example.org MX smtp.example.org
and smtp.example.org wouldn’t be accepting SMTP requests.
But I’m also using smtp.example.org as MX for example.nl which isn’t Cloudflared. That one would have certainly broken.
It is true 
That record would not, but the MX record would automatically point to another host which would and so your MX records would be fine again and accept arriving email.
Receiving emails will never break when adding a domain to Cloudflare.
Cloudflare converts such MX records so they point to a 
record, like dc-randomstring.example.com.
If Cloudflare wasn’t so aggressive about proxying records, there would be other users irate that Cloudflare exposed their origin IP address that’s supposed to be a secret. I think Cloudflare weighed their options and went the more secure route.
OK, not on example.org. But they would on other domains that use smtp.example.org as MX.
But it’s not just SMTP I’m concerned about. It’s everything that is not HTTP(S). POP, IMAP, FTP, SSH, and so on. They all break with proxying turned on.
I turned proxying off for everything except the few subdomains (www and a few others) that I want to be handled. But I think the default is much too aggressive.
Correct, but that would equally happen on other domains if they use www.example.org as MX - and that you want proxied, right?
Bottom line, the basic idea of Cloudflare is proxying and someone adding his domain to Cloudflare is hopefully aware of that and will make the necessary changes. It is impossible for Cloudflare to determine which hostnames should be proxied and which should not be. Using the name is a guess at best and even if Cloudflare implemented that, there is no guarantee that they get it right, but there’ll be most definitely plenty of people who will complain why their hostnames are not properly “hidden” behind the proxies.
Bottom bottom line, when adding your domain to Cloudflare, make sure all required records are in place and have the correct proxy status.
This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.