IPv6 records point to the wrong server

The ipv6 records hosted by Cloudflare point to the wrong destination server.
========================
dig @173.245.58.111 `webmail.imap.cfored.com` AAAA +short 2606:4700:30::6812:2ac6 2606:4700:30::6812:2bc6 ======================== dig @173.245.59.97 webmail.imap.cfored.com AAAA +short
2606:4700:30::6812:2ac6
2606:4700:30::6812:2bc6
========================

Whereas, the ipv4 records point to the correct server
========================
$ curl -4 https://webmail.imap.cfored.com:2096 -k

How do I update the ipv6 records to point to the correct destination server?

Cloudflare does not handle email at all. You need to ask your mail host.

I did, here is the response:

On the Cloudflare side can you try going to the “Network” portion and try disabling “IPv6 Compatibility” as I believe that is what is causing ipv6 to come in to play in this situation. It also looks like they may require that this be done via their API so I’ve added some documentation for that below:

https://api.cloudflare.com/#zone-settings-get-ipv6-setting

It is not an IPv6 issue as Cloudflare does not handle mail in the first place. There is also a #Tutorials on mailing.

I’ll follow the advise from my certified administrator. How do I disable IP v. 6?

Via the API call you just posted yourself earlier. But again, Cloudflare does not handle mail so IPv6 should not be related.

Actually, your certified administrator gave you the wrong link -> https://api.cloudflare.com/#zone-settings-change-ipv6-setting

2 Likes

ok, well thanks.

Can we create a Cloudflare firewall rule for the hostname: webmail.imap.cfored.com to allow traffic; then, create AAAA record for the subdomain webmail.imap?

That IPv6 setting is a global one.

Yea, that’s why we create the AAAA records for the ipv6 global DNS records.

You dont create them. You either have it enabled or not, but again all of that is not mail related.

How do I create a new host on the CloudFlare DNS services that resolves directly to the imap.cfored.com server and does not go through Cloudflare’s protections?.

I created anew AAAA zone

DNS record.

How do I create a firewall policy to bypass the proxy?

That wont work. You certainly cant proxy to a Cloudflare address. If you want an AAAA record you need to provide your own address.

I’ll purchase a ipv6 address from Google Cloud host and apply the address within the zone DNS records?

You can certainly do that, if you need AAAA records. For the Nth time though, none of that is mail related.

Duo Circle handles the mail relay, Cloudflare the Zone DNS records.

Alright, but the records need to be unproxied and hence if something does not work it comes down to your mail host.

So, how do I unproxy the ipv6 address within Cloudflare’s Zone DNS records?