My site is active on Cloudflare but I have a warning message regarding an A, AAAA, CNAME or MX record

  • 0
  • 1
  • Question
  • Updated 1 month ago
  • Acknowledged
Archived and Closed

This conversation is no longer open for comments or replies and is no longer visible to community members. The community moderator provided the following reason for archiving: Not an active conversation.

I have effectively changed my DNS nameservers and my website is now showing HTTPS.  But my Cloudflare dashboard is giving me this warning message: An A, AAAA, CNAME, or MX record is pointed to your origin server exposing your origin IP address.  Is this something that I need to fix?  If so, what do I need to do?
Photo of Traci9580

Traci9580

  • 240 Points 100 badge 2x thumb

Posted 1 month ago

  • 0
  • 1
Photo of Les6064

Les6064

  • 6,858 Points 5k badge 2x thumb
Hi Traci:

I have had similar problems as you and I contacted Cloudflare they are the ones that can help fix the problem.


(Edited)
Photo of Traci9580

Traci9580

  • 240 Points 100 badge 2x thumb
Thank you.  I will check with Cloudflare.
Photo of Elyzabeth

Elyzabeth , Official Rep

  • 12,140 Points 10k badge 2x thumb
Hey Traci9580

Were you able to get this resolved?
Photo of Traci9580

Traci9580

  • 240 Points 100 badge 2x thumb
Unfortunately, no. Cloudflare is trying, but I don't understand the information well enough to resolve the problem.  Here is the most recent email they sent: "Sorry for the confusion! I would be happy to clarify. If you are pointing your mail records to the same IP as your hosting provider, this IP address will be exposed, and threatened. I'll provide some additional information below regarding Orange and Gray Clouding. Basically, an orange clouded record is being proxied by and protected by Cloudflare. A Gray Clouded record is not. If possible, we recommend pointing your MX records at an IP address other than your origin so that the IP of your origin is not at risk." 

I don't even know what this means.On Cloudflare, I have 2 records that don't have any clouds (so I wouldn't know how to change them):
a) CNAM * (apparently it is some kind of wildcard record)
b) MX tracimuzikpianoinstruction is an alias of website 010.homestead.com

I think the MX record is the one she is referring to, but I don't know if my mail records point to the same IP as my hosting provider and I don't know how to find out or change it, if need be.

What should I do next?
Photo of Elyzabeth

Elyzabeth , Official Rep

  • 12,140 Points 10k badge 2x thumb
Can you post a screen shot of the DNS page on Cloudflare and I'll let you know if anything needs to be corrected?
Photo of Traci9580

Traci9580

  • 240 Points 100 badge 2x thumb
Yes.  Here is my DNS page from Cloudflare. I hope this helps.  Thank you!
Photo of Traci9580

Traci9580

  • 240 Points 100 badge 2x thumb

Photo of Traci9580

Traci9580

  • 240 Points 100 badge 2x thumb

Photo of Elyzabeth

Elyzabeth , Official Rep

  • 12,140 Points 10k badge 2x thumb
Ok, please change that first A record that points to your domain to 108.167.135.86
Please delete the CNAME for mail and smtp
Please change the MX record to mx.tracimuzikpianoinstruction.com

Also, please add these A records

mx.tracimuzikpianoinstruction.com             66.96.142.50
mx.tracimuzikpianoinstruction.com             66.96.142.51
mx.tracimuzikpianoinstruction.com             66.96.142.52
pop.tracimuzikpianoinstruction.com            66.96.135.134
imap.tracimuzikpianoinstruction.com          66.96.135.134
smtp.tracimuzikpianoinstruction.com          66.96.135.134
mail.tracimuzikpianoinstruction.com           66.96.135.134
webmail.tracimuzikpianoinstruction.com    66.96.135.48
email.tracimuzikpianoinstruction.com         66.96.135.48
This will be easiest if you are able to do it from a computer instead of a phone.
Photo of Traci9580

Traci9580

  • 240 Points 100 badge 2x thumb
Also, here is the most recent information from Cloudflare: "Since we don't proxy mail records, there is no option to Orange Cloud that record type. Your MX records and hosting IP would be provided by your mail host and website host. If they are the same, it could cause this warning."
Photo of Traci9580

Traci9580

  • 240 Points 100 badge 2x thumb
I did my best to follow your directions.  Cloudflare would not let me include "tracimuzikpianoinstruction.com" with the names of the A records.  Now I have additional warnings. Here are current screenshots of my DNS:
Photo of Elyzabeth

Elyzabeth , Official Rep

  • 12,140 Points 10k badge 2x thumb
Ah, try an @ symbol instead of your domain
Also, everything looks good except the MX record. Just replace the part that says inbound.*** to mx.tracimuzikpianoinstruction.com
(Edited)
Photo of Traci9580

Traci9580

  • 240 Points 100 badge 2x thumb

Photo of Traci9580

Traci9580

  • 240 Points 100 badge 2x thumb

Photo of Traci9580

Traci9580

  • 240 Points 100 badge 2x thumb

Photo of Traci9580

Traci9580

  • 240 Points 100 badge 2x thumb

Photo of Traci9580

Traci9580

  • 240 Points 100 badge 2x thumb
Do you mean (for example):
email@tracimuzikpianoinstruction.com instead of email.tracimuzikpianoinstruction.com?

@ instead of "."
Photo of Traci9580

Traci9580

  • 240 Points 100 badge 2x thumb
I'm sorry for being so needy.  This is WAY over my head.
Photo of Elyzabeth

Elyzabeth , Official Rep

  • 12,140 Points 10k badge 2x thumb
No it's ok, you aren't being needy! Go ahead and change it back to mx.tracimuzikpianoinstruction.com. I just asked a higher tech and apparently that error is not an issue. It is basically just saying that you are pointing to Homestead.
Photo of Traci9580

Traci9580

  • 240 Points 100 badge 2x thumb
Okay. So I now have the mx record pointing to: mx.tracimuzikpianoinstruction.com

So then I still have the original warning: "An A, AAAA, CNAME, or MX record is pointed to your origin server exposing your origin IP address" and the new warning: 

"This record is exposing your origin server's IP address, potentially  exposing it to denial of service."  So it doesn't seem that anything was resolved.  Is this correct? 
Photo of Elyzabeth

Elyzabeth , Official Rep

  • 12,140 Points 10k badge 2x thumb
Yes that is correct. Like I said, I asked a higher tech and they informed me that error is not an issue. Basically don't worry about it, it isn't anything bad. Go ahead and continue with the rest of the instructions.
Photo of Traci9580

Traci9580

  • 240 Points 100 badge 2x thumb
Okay! Thank You!

This conversation is no longer open for comments or replies.