DNS Query Failed

Sending emails from Microsoft managed email services like Outlook.com and Office 365 to our domain which has DNS hosted on Cloudflare has a terrible 8 hrs to 24 hrs delay. In some cases the mail is never received and a bounce email with the following error is received.

11/26/2021 2:53:45 AM - Server at abcde.com ( returned '450 4.4.312 DNS query failed

Does Cloudflare block certain Microsoft email services? Why does this happen and is there anyway around it?

We have been experiencing this for a number of months and can’t seem to find a solution around it. Any help would be much appreciated. Thank you.

May I ask is the mail hostname set to :grey: (DNS-only) and your MX records pointed to this unproxied hostname in the DNS tab at Cloudflare dashboard of your domain name?

Here is a way to re-check if you have properly configured your DNS records for your e-mail while using Cloudflare service for your domain name:

Otherwise, is this behaviour only yesterday-today or for a longer period of time? (black firday, all sending newsletters, emails, shared hosting, etc.)

MX is pointed to a CNAME which in turn is pointed to an A record and this A record is unproxied. I do not believe it is an issue with the DNS configuration because other mail services like Gmail, Yahoo mail and other self hosted emails do not have issues sending us email.

Microsoft hosted emails like hotmail, outlook and O365 however constantly have severe delays e.g. 8 - 24 hours in sending us email and other times errors like the one mentioned in the initial post are encountered and the email never arrives. On incredibly rare occasions some emails take 5 - 10 minutes which I think is acceptable. This has been happening for almost 6 months now.

I do feel there is a possibility that traffic is being blocked somewhere between Microsoft and Cloudflare and I do notice that there are others that face the same issue Redirecting.

I can confirm its something on Cloudflare’s end that may be prohibiting DNS queries from Microsoft’s servers. If I divert the DNS queries to another DNS server it has no issue delivering emails to our domain.

Is there a way to whitelist IP ranges from being blocked in Cloudflare? Microsoft’s IP listing is available.

Any help would be much appreciated. Thank you.

How are you doing this?

The trace of the original DNS request looks something like this:

“MX record of Domain A (sitting on a self hosted DNS server)” → “CNAME of a record in Domain B (hosted on Cloudflare)” → “A record in Domain B (hosted on Cloudflare)”

I changed it to:

“MX record of Domain A (sitting on a self hosted DNS server)” → IP address

I bypassed any resolution required by Cloudflare DNS services.

would you happen to know if there is anyway to whitelist IP addresses / hosts for things like this?

Ah, so your MX record points to a hostname in Cloudflare that’s a CNAME to to an “A” record in Domain B. So it’s the CNAME lookup that’s failing?

Would you happen to know if there’s an error message for this lookup by Microsoft? Or are you seeing a bunch of NXDOMAIN in DNS analytics for that domain here? Unfortunately, not until you get to Enterprise plan will you get detailed DNS analytics.

As far as I know, there’s no way to block or allow DNS queries. I don’t think Cloudflare really cares about general DNS usage until it’s attacked.

You can try opening a ticket to see if they can watch for requests for that CNAME (or the “A” record in Domain B). Maybe even try to skip a step and set Domain A’s hostname that the MX record points to be an “A” record to skip the Domain B lookup.

MX record points to a CNAME in Cloudflare (domain B) that points to an A record in Cloudflare (domain B).

Error messages in Microsoft, which when received, look something like this:

11/26/2021 2:53:45 AM - Server at abcde.com ( returned '450 4.4.312 DNS query failed

Thanks for your advice, I will open up a ticket with Cloudflare. Doesn’t seem to be much I can do beyond this.

I do not suppose we can create a ticket for free accounts? :smiley:

This is easiest via email to: support AT cloudflare DOT com

Thanks real much, let me give that a shot. @MoreHelp

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.