Problem with setup

caching
wordpress

#1

An A, AAAA, CNAME, or MX record is pointed to your origin server exposing your origin IP address.

Hi I’m new to this site and I think I have a lot of errors in installing the site, I have this error


#2

Cloudflare is a proxy service that hides your origin IP address.

This is more a security hint than an error. It happens when you have set up DNS records for the same IP and one ore more of them are not protected by Cloudflare. You can easily determine the records (:orange:) means that Cloudflare is active :grey: that it isn’t and visitors (or bad guys) will see the IP of your server instead of Cloudflare’s.

Most commonly it is the following scenario:
Website and mail server are on the same host, so the email service uses the same IP as the website. Then it would look like:

domain.com A 123.456.789.001 :orange:
www.domain.com A 123.456.789.001 :orange:
mail.domain.com A 123.456.789.001 :grey:
domain.com MX mail.domain.com

At this point your origin IP (123.456.789.001) is exposed. Nothing to be worried about if you don’t care that your origin IP is shown to the world when they are connecting to mail.domain.com for whatever the reason is.

Background: the mail. record must be set to :grey: because Cloudflare doesn’t proxy email traffic so you won’t be able to receive or send mails if you proxy this record.


#3

Actually it isn’t necessary (you could have a web UI there behind Cloudflare), but CF will create a custom record, pointing to the same origin of mail.domain.com and use it as MX to prevent this problem.


#4

Me stupid :confounded:
You’re right.

Nevertheless if it’s set to :grey:

Same counts for ftp., ssh… As long as it is not HTTP(S) it will not be proxied.

To correct my mistake :wink:


#5

For receiving email it is necessary, not for viewing and sending though. Or did I misunderstand you?


#6

No, it isn’t necessary to make it :grey:. Cloudflare, as soon as you add a :orange: subdomain as a target for a MX will create a random subdomain, keep it :grey: and use it instead of it (it won’t show to you in the DNS settings if I recall correctly).

For the Web UI il will go through Cloudflare, if you pass through the MX il go to the random subdomain created by them.


#7

Oh, you mean the automatically created MX record. I referred to that yesterday in a response - DNS issue Mx

I am not quite sure when Cloudflare creates it exactly (is it upon DNS import?) and whether it shows up or not, but what I was referring to was the fact that the MX record cant be behind Cloudflare, one way or another :slight_smile:


#8

Oh yeah yeah, but it doesn’t need to be in the DNS Dashboard, it must be to the user’s computers. But CF will fix it for you.


#9

Alright, the dc- record is admittedly still somewhat of a mystery to me but maybe this article sheds light on it :slight_smile:


#10

It’s relatively simple, actually…


#11

Probably, they just create a dummy record for the existing value and change the MX value. Not sure about the details though, obviously havent read the article yet :smiley:


#12

That’s exactly what I said :face_with_raised_eyebrow:


#13

I didnt contest that. Its the same thing I wrote yesterday. My point was that I wasnt familiar with the nitty gritty details and that the MX record cant be hidden. Thats all folks :sunglasses:


#14

This topic was automatically closed after 31 days. New replies are no longer allowed.