DNS Assistance

dns

#1

Hi, currently if I activate DNS+HTTP Proxy I can no longer get to my website so I am thinking I have my DNS records filled out incorrectly.

Can someone provide a screen shot of what a correct one is supposed to look like? I attempted to find one but they are all in pieces.

My site works when I only have the DNS option turned on. BTW I am the owner of the host its on.

If you are not comfortable with displaying your host then can you DM me instead?

Thank you.

site is arch1mede dot com


#2

:wave: @rfanch3r,

Check your Crypto tab and make sure the SSL level is set to Full or Full (strict). Since your site is listening on port 443 you want that over Flexible.

-OG


#3

Ahhhh that must have been it. I read that it should be flexible, I guess in my case it should not. I wouldn’t have thought to change that if you hadn’t mentioned it. So thank you!


#4

OK now onto my next dns issue, currently with DNS+HTTP Proxy turned on and working (Thanks to @OliverGrant), I now have a warning for my mx entry, my entries currently look like this:

A myhost.com 1.2.3.4
CNAME mail myhost.com
CNAME www myhost.com
CNAME webmail myhost.com
MX mail mail.myhost.com

In the MX portion there is a warning saying This record is exposing your origins servers IP which may open this up to DOS attacks. Is this configured wrong?


#5

No, it’s correct. If you activate Cloudflare for mail. you’d not bei able to use mail protocols. To hide your origin IP completely you need a different server or at least a different IP for email handling.


#6

:wave: @rfanch3r,

Cloudflare doesn’t proxy SMTP traffic (unless you are an Enterprise customer using Spectrum) so your Mx record will point to the true IP of the server. As @MarkMeyer says if that IP is the same as your website than technically you have exposed the origin IP. The only way around that is to either use a different server for mail or Spectrum (different server is probably cheaper).

But depending on your use case this might not be a big deal. I have several domains configured like that.

-OG


#7

This topic was automatically closed after 31 days. New replies are no longer allowed.