Emails being blocked for delivery to Comcast.net addresses

Website, Application, Performance DNS & Network
1

Emails to clients with Comcast dot net email addresses are being blocked by Comcast. Comcast support answer is below. I have no idea how to change the Cloudflare DNS settings to fix this. Any ideas?

" It appears this is a DNS issue on your side of things. Our systems utilize DNSSEC to evaluate DNS data. If I perform a lookup as the MTAs do, we get a “SERVFAIL” (for example: dig -t MX [retirementsmarts dot com](retirementsmarts dot com/)). However, if we disable the DNSSEC checking (dig +cd -t MX [retirementsmarts dot com](retirementsmarts dot com/)), we do see results).

It’s not just our systems that are having issues: dnsviz dot
net/d/retirementsmarts.com/dnssec/

We have a policy that all sending domains (RFC5321) must resolve to some subset of DNS records. At this point, we can’t resolve anything at all for that domain. Please let me know if we can provide more information.

4

Welcome to the Cloudflare Community. :logodrop:

Make sure that you have DNSSEC enabled at Cloudflare and that you have updated GoDaddy with your DNSSEC material.

5

It appears DNSSEC is enabled at Cloudflare. Registar is Godaddy. Not sure what else is wrong. Could I pay someone to take a look at this for me?

6

You can always hire a consultant, but before you do that, did you log into GoDaddy and make sure that your DNSSEC values set there match the ones in your Cloudflare account?

1 Like
7

I logged in and since the domain is not hosted at godaddy, the DNS button is unclickable. I don’t know how to get to those values.

8

You can find your Cloudflare DS record information at https:// dash.cloudflare.com/?to=/:account/:zone/dns/settings

These get set at GoDaddy in the same area where you changed your nameservers to the pair assigned by Cloudflare.

10

I found it. Screenshot attached. It appears to match.

GoDaddy_DNSSEC.png
GoDaddy_DNSSEC.png1326×712 30.4 KB

11

Can you share a screenshot of the DS record information from Cloudflare?

1 Like
12

Sure. I appreciate the help. See attached.

DNS_Cloudflare.png
DNS_Cloudflare.png1039×754 46.5 KB

1 Like
13

There doesn’t seem to be a DNSSEC issue with your domain anymore now. Dnsviz also no longer shows any problems.

1 Like
14

That wasn’t what I was asking for in a screenshot, but as @Laudian has indicated, your DNSSEC is now valid, so we can safely conclude without it. :slightly_smiling_face:

1 Like
15

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.