DNS Settings optimisation


Based on another post I made, I have been told my DNS settings might need to be optimised. Can anyone shed any light on how I can do this please?

DNS settings: https://snipboard.io/qiPrzK.jpg

I am newbie, so please help me with detailed instructions.

Thank you

This would be best addressed by someone familiar with your use case and your infrastructure, that is to say your regular contracted technical advisor. While I am willing to share my opinions, I recommend making sure that you make a current backup of your DNS by exporting from your Cloudflare dashboard before making any changes. I also encourage you to find someone you can contract to function as your technical advisor. While these are important things, they aren’t things that you should be doing yourself unless your business is providing technology support.

All of your AAAA records are IPv4-Mapped Address.

2.2 IPv4-Mapped Addresses
::FFFF:0:0/96 are the IPv4-mapped addresses [RFC4291].
Addresses within this block should not appear on the public Internet.

I would delete them, since they aren’t serving any purpose.

Your mail and ftp hostnames are :orange: proxied, but neither FTP or any email protocols are passed by the Cloudflare proxy.

Your MX record points to your apex name, which is also proxied, resulting in both the warning triangle next to that MX record as well as the synthetic MX record beneath it which is pointing to _dc-mx.5f2d6f442ce2.theisifiso.com. The _dc-mx hostnames are created automatically by Cloudflare when you point your MX at a proxied hostname. They usually work, but it is definitely better to simply use a valid configuration and avoid the automated workaround.

You can fix this by setting your mail hostname to :grey: DNS Only. Then delete your current MX records and replace them with one that points to mail.

Your SPF record could stand some cleanup, too. It contains both redundant and inapplicable content. Discussion of SPF record management is veering slightly off-topic for the Cloudflare Community, so I will keep it brief. If you need to dig deeper into SPF, I recommend the dmarcian forum. Since your MX resolves to the +mx following ip4: is redundant. All of the + signs are superfluous as that is the default condition. The +a is inapplicable as it will resolve to Cloudflare proxy IPs which will never be sending mail on your behalf. The invalid IPv4-Mapped Addresses that you published in your AAAA records are also inapplicable. The remaining sections, comprised of +a:smtp.servconfig.com +ip4: +include:smtp.servconfig.com appear to be relics from InMotion Hosting. Not knowing whether you may still have any of their email services in use, I am hesitant to suggest you remove them, although were it my record to clean up, I would be keen to.

While setting the ftp hostname to :grey: DNS Only will allow FTP to function using that hostname, it brings us to the question of why an insecure protocol like FTP is even enabled on your web server. FTP transmits usernames, passwords and content unecrypted. SFTP or FTPS are more secure options of moving files to your server.

Hopefully some of this made sense and was helpful. I cannot reiterate enough my recommendation to find a trusted technical advisor to aid you in these matters. I don’t say that in an attempt to discourage you from learning any of these topics. It just isn’t the best use of most business owners’ time.