Unable to access old Cloudflare account - Conflicting DNS record

We’ve moved our web hosting, they had to set up a new Cloudflare account as we couldn’t get access to the old one.

We’re now unable to receive some emails - our IT support believes this is due to a possible conflicting record with the old Cloudflare account. Has anyone resolved this before?

Or any idea what the issue could be? The website is working, we can send emails, but we aren’t receiving them and the error says “querying the DNS for the recipient’s domain location information failed”.

What’s the domain? Where do you get this error?

The domain is smilekitchens . com and I get that error when I try and email from my personal account, the email bounces back and that’s the error message included

Is that correct? Well, it doesn’t for me.
Apart from that, it seems you’ve not proxied :orange: your origin ip. I suggest you to fix that first.

The website is loading fine for me, do you get an error message when you try to load it? Thank you I will ask them to do that first.

May I suggest you to check this? The record is not :orange: proxied

Check this error:

That could be cache.

These are the last replies from the IT support:

I am monitoring the DNS at the moment in a browser tab, the 365 email setup is validating fine - I’ve had to remove some records from the zone that were not needed, these should be all up to date. The domain also has the correct nameservers to point to the DNS.

At our end everything appears ok yes. I can’t see any erroneous records in the DNS zone, there are no duplicates either.

The only other zone I can think of that might still exist is the Cloudflare one. It might be worth trying to shut this down if It is still active in an attempt to resolve the issue in which it is only partially working.

That’s correct. It is pointed to Cloudflare. But your ip is not proxied. The ip what you see is your origin ip and not cloudflare one.

I have now ensured in Cloudflare that proxy is on for both A records.

Is that rolling back?

That was the reply from the IT support, he has made the changes

Until your IT support fixes the invalid DNSSEC, any validating resolvers will return NXDOMAIN for all queries in your zone.

1 Like

Thank you, he said he is looking into this error and that he hasn’t seen it previously. Are there any other issues you can see that need checking?

Could the old Cloudflare account be an issue? Or is that never really a problem?

Latest reply from IT support:

"I have spoken with our domain registrar support and they have advised to leave the propagation of the current nameservers for another 24 hours to see if it fully resolves and if the issues still persists I am to contact the domain team who will investigate the DNS issue further.

TSO Host NS do not support DNSSEC, which I believe is why there is no DNSKEY record or RRSIGS found."

We’ve removed Cloudflare from the setup to try and establish if the old Cloudflare account is an issue

TSO Host has no role in your DNSSEC. Your registrar, Paragon Names, is publishing DNSSEC key material. This tells the world that any DNS that is not signed by that key is not authentic. This is a good thing, as long as you don’t ignore the key at your registrar when you change it.

Waiting for “propagation” is only delaying resolution. Enabling DNSSEC on the zone in your Cloudflare account and updating the registrar with the new values would have been one expedient way to remedy the situation. Removing the DNSSEC settings at the registrar is another.

1 Like

Hi thank you for this. We have removed the DNSSEC settings at the registrar. Emails are still not coming through, can you see any other issues we need to look into?

Now that the invalid DNSSEC values have been removed, your MX record is visible. It points to a specific Microsoft 365 tenant. If that is who you use for email, I suspect it is correct. You can verify the hostname from within your Microsoft 365 dashboard.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.