I need help connecting the subdomain on Cloudflare

Hi all, and sorry for my english.
I’ve had my domain www.example.com connected to Cloudflare for years and everything is working so far.

I recently created a shop.example.com subdomain. My host told me to add 2 new A records to Cloudflare:

  • A - shop - IP address;
  • A - ftp.shop - IP address.

Now my subdomain’s mail service doesn’t work anymore. My host told me to also add an MX record:

  • MX - shop - mx.shop.example.com and wait for it to propagate at least 24 hours. Nothing changed however.

Yesterday my host told me to contact Cloudflare support because they tested my subdomain with a tool and they don’t see the subdomain’s A record settings.

  1. I added these 3 records for the subdomain, in the same place where the main domain records are added, is this correct?
  2. All my old mail, mx, pop3, smtp, webmail, imap, are proxied, is this right?

I just need to connect the subdomain to Cloudflare for CDN etc, but leave the email management to my host. And I need to have everything working on the main domain, without ruining the connection with Cloudflare or my mailboxes which are working well for now.

Any help will be greatly appreciated, thanks in advance.

No, apart from webmail, mail related subdomains should all be set to “DNS only”.

If you are still stuck, can you give the domains/subdomains or a screenshot of your DNS settings.

1 Like

Thank you for your answer, @sjr

Some of these were added years ago or changed years ago, trying to fix the main domain ftp issue (which I haven’t fixed) and I don’t even know if I still need them. However, the domain mail works, the shop mail doesn’t work.
I have a warning on my domain’s MX record - This record exposes the IP address used in the A record, which I also don’t know how to solve.

If your mailserver runs on the same IP address as your webserver, that warning will always be present. The best way to eliminate that notice is to move your email to another server. It is not necessary to do so, however. The warning is purely informational.

You will need to change proxy status on the mail related hostnames: pop3 imap mail mx smtp to :grey: DNS Only.

And what about the missing A record?


Perhaps I didn’t create it properly

Does the shop.slunchoobichkamte.com. have its own email addresses or send mail using that domain? If not, it doesn’t need its own MX record. An MX record is published to instruct senders where to deliver mail to users in that domain. If no email is sent to [email protected] the MX record will not be used and should not be retained.

If you do need the MX for the shop subdomain, then you need to know what mailserver handles that mail and create the A record for the MX host.

Yes, it has its own email addresses purchased along with the subdomain. My problem is precisely this that the subdomain email address does not receive emails since it is connected to Cloudflare through the main domain. And the host says that according to the tool they use to check our DNS, my subdomain doesn’t have an A record yet.
But was the “A - shop - IP address - proxied” record added correctly? Or when we add a subdomain do we need to change something in the main domain settings?

I think I need an Italian here, who knows quite a bit about Aruba and its usual connection issues.

Non sono italiano e ieri sera non ho soggiornato all’Holiday Inn Express, ma ho mangiato pizza per cena. Ho anche più di venticinque anni di esperienza nell’amministrazione di server di posta elettronica. Spero che questo mi abbia lasciato una conoscenza sufficiente per aiutarti a riempire gli spazi vuoti mancanti nella tua attuale configurazione DNS della posta elettronica.

Any domain that sends and receives email needs all of the same things. It makes no difference if the ISP is Italian or located elsewhere.

DMARC

Unless you need different DMARC policies on your subdomain, you will be fine with one DMARC record located at _dmarc.slunchoobichkamte.com. You currently have this in place. The current policy of none offers you no protection against impersonation attacks ,but you can increas the policy to quarantine or reject once you know everything is working properly.

SPF

You will need an SPF record for each email sending domain. You have this for slunchoobichkamte.com, but you have not yet created the one required for shop.slunchoobichkamte.com. If this subdomain will only send email form the same sources as the apex domain, you can simply copy the existing SPF record for slunchoobichkamte.com to shop.slunchoobichkamte.com,

DKIM

You also will need to publish the DKIM records that correspond with your signing keys. This typically two DKIM records, but more can be required when using multiple email providers or subdomains. Regardless of the number required they are always published in the same format of selector._domainkey.example.com which is selector._domainkey.subdomain.example.com on a subdomain. Without knowing the DKIM selector values, I cannot test these records for you. DKIM records are very important because they are the only DMARC authentication that can survive email forwarding. You will want to ensure that DKIM is configured and working properly for all domains that send email.

MX

Any domain or subdomain that will receive mail needs an MX record to tell senders where to deliver their messages. We know that you cuttenly have MX in place for slunchoobichkamte.com and shop.slunchoobichkamte.com, although if they both use the same mailservers, it is unclear why the shop MX points to a different mailserver hostname. It is likely that you can use the same hostnames in the MX records for the shop subdomain as those used in slunchoobichkamte.com.

A

Any hostname used in MX record needs to have an A record. This is currently configured as required for the slunchoobichkamte.com domain. The MX record used by shop.slunchoobichkamte.com currently uses a hostname without an A record. The hostname will either need to be changed to an existing mailserver hostname such as mx.slunchoobichkamte.com. or have one or more A records created.for the hostname that is currently in use, mx.shop.slunchoobichkamte.com. If the mailservers running at the A records returned by mx.slunchoobichkamte.com. are the same servers that handle email for the shop subdomain, it would be a lot simpler to update the MX record for the shop subdomain to use the mx.slunchoobichkamte.com. hostname.

I hope that information is helpful. Please ask if anything is unclear or if you have more questions.

3 Likes

They think I have a different control panel where I set up the subdomain, so they say I have to add all the records like I did years ago for the main domain, but in its own Cloudflare panel.

The domain and subdomain have different IPs but use the same A records for mail, mx, smtp, pop3 etc. and for this reason it was not necessary to add them because I had already added them years ago.

So maybe this is the solution, if I update the MX record for the shop subdomain to use the mx.slunchoobichkamte.com. hostname. I’ll give it a try and see if it works.

I sincerely appreciate your time and willingness to help, thank you so much!

1 Like

It worked immediately. Thank you so very much!!!

1 Like

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.