DNS and MX Record Additions Are Removed After 12 Hours

My DNS records are repeatedly being removed after I add them in. I add an MX record in the morning and receive email, and by the evening my email stops arriving and then I see in Cloudflare that the MX record is gone. Same for DKIM, DMARC, SPF, and any other DNS record that I add, including additions like webmail. It continually reverts back to how it was before the edits.

I’ve tried to fix this multiple times over the span of months. I’ve checked with my hosting provider at Rootpal, and they told me that this is a Cloudflare specific issue and that I should check with you. What do you suggest?

Have you given a 3rd party like Ezoic access to your Cloudflare account? If so it is likely them doing this.

You can check the Audit Log to see the changes being made.


Yes, the cdn-# CNAME records are Ezoic. I didn’t know it was possible for Ezoic to change the DNS entries after the integration was completed.

I checked the audit log as you suggested, and there are records of me adding the logs, yet also records of me deleting the logs, which I never did. In addition, the tech support at my old hosting provider at fused.com logged in for some reason without my knowledge or permission, yet there are no other records of them doing anything.

Oddly, the same account is attributed to adding and deleting the same records, but each action has a different IP address than the other. They’re both using my account, but the adding of records is with my IP in Michigan, while the deleting of records is from an Amazon Data Services NoVa Services: Datacenter in Virginia.

As a result, I’ve changed my account password.

Have you heard of this happening before?

Yes. A similar occurrence was discussed in this older thread.

I’m really hoping this does not mean that Ezoic are still doing their old practice of asking for your Cloudflare email and password rather than using API keys :grimacing:

Unfortunately, yes. That’s why Ezoic was my first suggestion when you described your issue.

1 Like

Thanks for pointing me in the right direction. Unfortunately I cannot log-in to my Ezoic account because it’s using the same email address that is not working, and they send a verification email to that address when I log-in. And their current requests for tech support require you to be logged-in to their platform to submit a ticket. So I’m stuck in an infinite loop.

From that other thread, when I do finally get access, I will have to add a DNS entry via Ezoic here: Ezoic > Settings > DNS SETTINGS > Add DNS Record.

I’m not sure what you mean by API keys in this regard. I integrated Ezoic with Ezoic’s Cloud Integration via the WordPress plug-in. The Ezoic API Key field in the plug-in settings is blank, so I never entered it.

In any case, it seems Ezoic may be the culprit. Thanks for your help.

Do reset the password of Cloudflare’s account. Roll API tokens. Then login to Ezoic and contact them, if you really want to. I’d move away from them.


Problem resolved by contacting Ezoic through their chat support. For anyone else who finds this later and has a similar problem, here is what they told me:

“To explain the Cloudflare DNS records, when integrated with Ezoic via the Cloudflare method, Ezoic is acting as the main proxy for your site rather than Cloudflare. This means that any DNS updates required to match the records found at the host need to be made within the Ezoic Dashboard first (Ezoic Dashboard > Settings > DNS Records). These changes will then automatically propagate into Cloudflare. Changing records at Cloudflare will not work, as any changes made at Cloudflare would just be overwritten by Ezoic.”

Once I jumped through some hoops to prove my identity, they matched the DNS records on my hosting provider’s info to their DNS records in Ezoic, which then updated the records on Cloudflare. Then I was able to receive emails again and log-in to Ezoic’s platform.

Thank you to everyone who guided me toward the problem.

The main question is how they are doing these changes. Because from previous experiences they are gaining access to the full account, meaning the can see, and modify everything (from records to user IPs, from zones to the password).

There is an API that can be scoped to the specific access they require (and there are CNAME records which don’t need access at all), they method, used to be the only one they should never use. Have they asked you for e-mail and password or e-mail and global API key?

1 Like

No, they haven’t asked me for my email and password, nor my global API key. They might have done so during my initial Cloud integration a few years ago. I recently changed hosting providers, and this is what led to this trouble I was in. It’s been so long that I’m not sure how they do it at this point. But I changed my Cloudflare password yesterday before asking for their help, so that’s not it.

You should roll the Global API Key as well.


And you should enable 2FA.

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.