IPv6 records point to the wrong server

director5 · November 15, 2019, 4:31pm

The ipv6 records hosted by Cloudflare point to the wrong destination server.
========================
dig @173.245.58.111 `webmail.imap.cfored.com` AAAA +short 2606:4700:30::6812:2ac6 2606:4700:30::6812:2bc6 ======================== dig @173.245.59.97 webmail.imap.cfored.com AAAA +short
2606:4700:30::6812:2ac6
2606:4700:30::6812:2bc6
========================

Whereas, the ipv4 records point to the correct server
========================
$ curl -4 https://webmail.imap.cfored.com:2096 -k

How do I update the ipv6 records to point to the correct destination server?

sandro · November 15, 2019, 9:59am

Cloudflare does not handle email at all. You need to ask your mail host.

director5 · November 15, 2019, 4:44pm

I did, here is the response:

On the Cloudflare side can you try going to the “Network” portion and try disabling “IPv6 Compatibility” as I believe that is what is causing ipv6 to come in to play in this situation. It also looks like they may require that this be done via their API so I’ve added some documentation for that below:

https://api.cloudflare.com/#zone-settings-get-ipv6-setting

sandro · November 15, 2019, 10:30am

It is not an IPv6 issue as Cloudflare does not handle mail in the first place. There is also a #Tutorials on mailing.

director5 · November 15, 2019, 3:50pm

I’ll follow the advise from my certified administrator. How do I disable IP v. 6?

sandro · November 15, 2019, 2:33pm

Via the API call you just posted yourself earlier. But again, Cloudflare does not handle mail so IPv6 should not be related.

Actually, your certified administrator gave you the wrong link -> https://api.cloudflare.com/#zone-settings-change-ipv6-setting

director5 · November 15, 2019, 3:52pm

ok, well thanks.

director5 · November 15, 2019, 3:54pm

Can we create a Cloudflare firewall rule for the hostname: webmail.imap.cfored.com to allow traffic; then, create AAAA record for the subdomain webmail.imap?

sandro · November 15, 2019, 4:03pm

That IPv6 setting is a global one.

director5 · November 15, 2019, 4:05pm

Yea, that’s why we create the AAAA records for the ipv6 global DNS records.

sandro · November 15, 2019, 4:07pm

You dont create them. You either have it enabled or not, but again all of that is not mail related.

director5 · November 15, 2019, 4:15pm

How do I create a new host on the CloudFlare DNS services that resolves directly to the imap.cfored.com server and does not go through Cloudflare’s protections?.

director5 · November 15, 2019, 4:25pm

I created anew AAAA zone

DNS record.

director5 · November 15, 2019, 4:28pm

How do I create a firewall policy to bypass the proxy?

sandro · November 15, 2019, 4:29pm

That wont work. You certainly cant proxy to a Cloudflare address. If you want an AAAA record you need to provide your own address.

director5 · November 15, 2019, 4:36pm

I’ll purchase a ipv6 address from Google Cloud host and apply the address within the zone DNS records?

sandro · November 15, 2019, 4:38pm

You can certainly do that, if you need AAAA records. For the Nth time though, none of that is mail related.

director5 · November 15, 2019, 4:45pm

Duo Circle handles the mail relay, Cloudflare the Zone DNS records.

sandro · November 15, 2019, 4:46pm

Alright, but the records need to be unproxied and hence if something does not work it comes down to your mail host.

director5 · November 15, 2019, 4:49pm

So, how do I unproxy the ipv6 address within Cloudflare’s Zone DNS records?