We’ve moved our web hosting, they had to set up a new Cloudflare account as we couldn’t get access to the old one.
We’re now unable to receive some emails - our IT support believes this is due to a possible conflicting record with the old Cloudflare account. Has anyone resolved this before?
Or any idea what the issue could be? The website is working, we can send emails, but we aren’t receiving them and the error says “querying the DNS for the recipient’s domain location information failed”.
I am monitoring the DNS at the moment in a browser tab, the 365 email setup is validating fine - I’ve had to remove some records from the zone that were not needed, these should be all up to date. The domain also has the correct nameservers to point to the DNS.
At our end everything appears ok yes. I can’t see any erroneous records in the DNS zone, there are no duplicates either.
The only other zone I can think of that might still exist is the Cloudflare one. It might be worth trying to shut this down if It is still active in an attempt to resolve the issue in which it is only partially working.
"I have spoken with our domain registrar support and they have advised to leave the propagation of the current nameservers for another 24 hours to see if it fully resolves and if the issues still persists I am to contact the domain team who will investigate the DNS issue further.
TSO Host NS do not support DNSSEC, which I believe is why there is no DNSKEY record or RRSIGS found."
TSO Host has no role in your DNSSEC. Your registrar, Paragon Names, is publishing DNSSEC key material. This tells the world that any DNS that is not signed by that key is not authentic. This is a good thing, as long as you don’t ignore the key at your registrar when you change it.
Waiting for “propagation” is only delaying resolution. Enabling DNSSEC on the zone in your Cloudflare account and updating the registrar with the new values would have been one expedient way to remedy the situation. Removing the DNSSEC settings at the registrar is another.
Now that the invalid DNSSEC values have been removed, your MX record is visible. It points to a specific Microsoft 365 tenant. If that is who you use for email, I suspect it is correct. You can verify the hostname from within your Microsoft 365 dashboard.