How to setup Reverse DNS


#1

I have a mail server that I am moving to my office IP. I used to manage my own DNS records on my server but not sure how to do this with Cloudflare.

AT&T is delegating Reverse Authority to us for our IP address which I normally would setup in my bind services to deal with. However, having cloudflare managing my DNS now where do I enter the PTR’s?

Thanks,

Glenn


#2

The IP addresses Cloudflare assigns to your domain are Shared IP Addresses.

The only reverse DNS PTR record you can use would have to be set where your site is hosted. The downside being that it’s your Origin IP address, and not the one the public would use.


#3

So to be clear. If I clicked the icon on their control panel to protect my mail server. Then most receiving mail servers would end up rejecting my email because they can’t do a reverse lookup on the IP it comes from?


#4

If you :orange: mail.example.com, don’t. Not only won’t you get Reverse Lookup, but you won’t receive email. Cloudflare does not proxy incoming email.

Your DNS should look like:
example.com :orange:
mail.example.com :grey:


#5

Hi.

I believe this is confirmed in this short kb article:


#6

Thanks.

I’m finding less and less usefulness in cloudflare as I go. Seems if I have a basic website design it would be awesome but for any type of dynamic content or sites that you ssh into in order to work, they all have to be exposed. And since they are what someone would like to attack anyway…

Still trying to understand what I’m paying $200 a month for but at the moment I’m lost.

Thanks again,

Glenn


#7

Could you briefly describe the nature of your site? Static HTML, dynamic content, PHP-based, Wordpress/CMS, etc? Did you try out the Free plan first or did you jump right into Business plan, and if so, what features from Business plan are you hoping to take advantage of?


#8

We have many but here is jist:

Main company is wordpress and I can see advantage here.

Main product we sell is a SaS solution and therefore can’t really be cached. I could be protected though except that some vendors require our IP’s in order to access their system and our programmers and engineers are ssh’ing into the boxes pretty much 24x7 and would therefore require direct access for the encryption keys. I could setup extra DNS entries I guess to provide them direct access while setting the main access levels behind cloudflare but trying to figure out what that would look like and whether it would really be protecting us much.

I’m also trying to get info about railgun to see what exactly it would do for us but their site doesn’t work. When I click it it takes me to a billing page with no info on the page. Not even the cost. So still waiting to hear back on that.

Glenn


#9

Thank you for providing some more information about your scenario and needs. Unfortunately I believe my usefulness to you may be limited in this case. However, others are sure to chime in with helpful suggestions - though these boards tend to be a bit quiet on the weekends. You’ve already dropped some coin on a plan so don’t give up yet, I’m sure solutions can be achieved!