Lot's of DNS records

Hi, there are many DNS records associated with my domain. And honestly I’m not sure if it’s OK that all of them are set to be proxied (except those where this setting isn’t available). Attached is the screenshot of my dashboard. I replaced my actual domain with ‘mydomain.com’ and my original server’s IP with 100.10.100.100.

Would anyone be so kind and let me know whether I should toggle anything to ‘DNS only’?

Greetings,

Thank you for asking.

I would go with below:

  1. I’ would suggest to remove A ftp → it’s more securely way to connect/access by the server IP directly via FileZilla or some other FTP app
  2. Remove CNAME mail → maybe better to keep it as is, as far as you are using 3rd-party email service? (seen at MX record) if so make sure the target of that CNAME mail hostname is the same as in MX record, just make sure it’s set to :grey: (DNS-only), if you are going to use mail.yourdomain.com hostname in some e-mail client (MS Outlook, AppleMail, Mozilla Thunderbird …) it might throw an error due to the SSL certificate (as the hostname of your domain name wouldn’t be located in the SAN field of the SSL cert. and you should use your e-mail provider’s hostname for POP/IMAP/SMTP rather than your mail.yourdomain.com)
  3. Add A mail and point it to your server IP, make sure it’s unproxied and set to :grey: (DNS-only)
  4. A webdisk → if not using, remove, otherwise set to :grey: (DNS-only)
  5. A cpanel → if you are uploading/download (or using WAF at Cloudfalre), it’s better to set it to :grey: (DNS-only), nevertheless I usually access to my Website’s cPanel through my hosting provider interface (or using a hosting provider’s hostname), therefore no need to keep the cPanel DNS record and I remove it
  6. A cpcalendars and A cpcontacts, I usually keep them at :grey: (DNS-only) when using cPanel Webmail (if not using them, you can remove them)
  7. A webmail → I keep it on :grey: (DNS-only), otherwise if using 3rd-party, you can keep it on :orange: therefore create a Page Rule so it would redirect to the 3rd-party Webmail rather than to the cPanel integrated Webmail
  8. I use A www, so would prefer to remove CNAME www, therefore add new A www pointed to the server IP and make sure it’s set to proxied :orange:

As far as using cPanel, I assume you also have got AutoSSL.

  • for removed DNS records at Cloudfalre, as far as I am using Cloudfalre Origin CA Certificate in some cPanel instances, I usually set the “exclude AutoSSL” option for that hostnames there so it doesn’t start automatically each month/3 months …

If AutoSSL couldn’t be generated for yourdomain.com and www.yourdomain.com afterwards, there is a solution for it to temporary switch A www and A domain.com records to :grey: (DNS-only), wait for a few minutes, then run the AutoSSL at cPanel.
Upon success, switch them both back to proxied :orange: and make sure you are using Full (Strict) SSL option under the SSL/TLS tab of Cloudflare dashboard for your domain name.

I hope it helps a bit :slight_smile:

thank you very much for your generous reply!

I need to dig deeper on the SSL issue, but first I need to read the available content

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.