How to Create DNS Records at Cloudflare

In my mail server tutorials, I recommend running mail server on ScalaHosting VPS, because their IP addresses are not on any blacklist. And I also recommend purchasing a domain name from NameCheap because the price is low and they give whois privacy protection free for life. It’s a good practice to buy web hosting and domain name from different vendors. This can minimize damages to your business if your account is compromised. You can transfer your domain name to NameCheap and learn how to create DNS records at NameCheap.

The DNS zone editor at ScalaHosting for self-managed VPS users is not very useful. If you accidentally bought a domain name from ScalaHosting, I recommend migrating your name server to Cloudflare, which features an easy-to-use DNS zone editor. Cloudflare can propagate your DNS records to the Internet in an instant, so you don’t have to wait several hours. Cloudflare also provides CDN (content delivery network) service and DDoS protection for free, so I highly recommend it.

Migrate Name Server to Cloudflare

To migrate name servers to Cloudflare, go to your ScalaHosting client area, click the Domains tab.

Then click the Manage button on the right and select Manage Nameservers.

Choose theuse custom nameservers option and enter the following Cloudflare name servers.

• brenda.ns.cloudflare.com
• kurt.ns.cloudflare.com

Click the Change Nameservers button to apply your changes. Please note that DNS records can take up to 24 hours to propagate to the whole Internet. Next, you should go to https://cloudflare.com to create a free account at Cloudflare. Then click the Add a site button in your Cloudflare dashboard.

Then enter your domain name.

On the next page, it will ask you to select a plan. You can choose the free plan, which is enough for a small/medium website. (I have been using Cloudflare for 5 years and never paid a penny.)

After that, Cloudflare will fetch your current DNS records and import them to your Cloudflare account. Simply click the Continue button.

Once the transfer is complete, you can start editing DNS records at Cloudflare.

Create DNS Records at Cloudflare

Click the DNS tab in your Cloudflare dashboard to edit DNS records.

Here are some DNS records you might want to add to your domain.

• MX (Mail Exchanger) record: specifies which hosts are responsible for email delivery for a domain name, i.e. the hostnames of your mail server.
• A (Address) record: Converts DNS names into IPv4 addresses.
• TXT record: SPF, DKIM, DMARC, etc.

And I will show you how to add the above DNS records.

MX Record

The MX record specifies which host or hosts handle emails for a particular domain name. For example, the host that handles emails for linuxbabe.com is mail.linuxbabe.com. If someone with a Gmail account sends an email to [email protected], then Gmail server will query the MX record of linuxbabe.com. When it finds out that mail.linuxbabe.com is responsible for accepting email, it then queries the A record of mail.linuxbabe.com to get the IP address, thus the email can be delivered.

Note that when you create the MX record, you should enter @ or your apex domain name in the name field like below. An apex domain name is a domain name without sub-domain. The priority value can be any number between 0 and 65,356. A small number has a higher priority than a big number. It’s recommended that you set the value to 0, so this mail server will have the highest priority for receiving emails.

A Record

A Record (Address Record) maps a domain name to an IP address. After creating MX record, you also need to create an A record for mail.your-domain.com , so that it can be resolved to an IP address.

Enter mail in the Name field. Then enter the public IPv4 address of your mail server. Note that when you create A record for the hostname of your mail server, the Proxy status should be changed to DNS only. If it shows an orange cloud, click on it and it will change to a grey cloud icon. (Cloudflare does not support SMTP or IMAP proxy.)

SPF Record

SPF (Sender Policy Framework) is a type of TXT record. It specifies which hosts or IP address are allowed to send emails on behalf of a domain. You should allow only your own email server or your ISP’s server to send emails for your domain.

Create a new TXT record. Enter @ or your apex domain name in the Name field. Enter v=spf1 mx ~all in the Content field. Click the Save button to save your changes.

Explanation:

• v=spf1 indicates this is an SPF record and the version is SPF1.
• mx means all hosts listed in the MX records are allowed to send emails for your domain and all other hosts are disallowed.
• ~all indicates that emails from your domain should only come from hosts specified in the SPF record. Emails that are from other hosts will be flagged as forged.

To check if your SPF record is propagated to the public Internet, you can use the dig utility on your Linux machine like below:

dig your-domain.com txt

The txt option tells dig that we only want to query TXT records.

DKIM Record

This is also a type of TXT record. DKIM (DomainKeys Identified Mail) uses a private key to digitally sign emails sent from your domain. Receiving SMTP servers verify the signature by using the public key, which is published in the DNS DKIM record.

The DKIM private/public key pair is produced by software on the mail server. The method to get the DKIM public key can be different depending on the software you use. If you follow my iRedMail or Modoboa tutorial, please read that tutorial to find how to get the DKIM public key.

Once you have the key, create a new TXT record in your Cloudflare dashboard. Enter dkim._domainkey in the Name field if you follow my iRedMail tutorial. Enter modoboa._domainkey in the Name field if you follow my Modoboa tutorial. Next, copy the DKIM public key to the Content filed. Note that you need to Delete all double quotes and line breaks. You can copy the DKIM public key to a text editor first, delete the double quotes and line breaks, then copy it to the Value field in ScalaHosting.

Click the Save button to save your changes.

DMARC Record

DMARC stands for Domain-based Message Authentication, Reporting, and Conformance. DMARC can help receiving email servers to identify legitimate emails and prevent your domain name from being used by email spoofing.

Create a new TXT record. Enter _dmarc in the Host field. Enter v=DMARC1; p=none; pct=100; rua=mailto:[email protected] in the Value field. (You should create the [email protected] email address.) Click the check button to save your changes.

PTR record

A pointer record, or PTR record, maps an IP address to an FQDN (fully qualified domain name). It’s the counterpart to the A record and is used for reverse DNS lookup, which can help with blocking spammers. Many SMTP servers reject emails if no PTR record is found for the sending server.

To check the PTR record for an IP address, run this command:

dig -x IP-address +short

or

host IP-address

PTR record is not controlled by your domain registrar. Because you get IP address from your hosting provider or ISP, not from your domain registrar, so you must set PTR record for your IP in the control panel of your hosting provider, or ask your ISP. Its value should be your mail server’s hostname: mail.your-domain.com. If your server uses IPv6 address, be sure to add a PTR record for your IPv6 address as well.

To edit the reverse DNS record for your ScalaHosting VPS, log into ScalaHosting client area, then use the live chat on the bottom-right corner, tell the support team to update the PTR record of your server IP addresss to mail.your-domain.com.

Wrapping Up

I hope this article helped you create DNS record at Cloudflare. As always, if you found this post useful, then subscribe to our free newsletter to get more tips and tricks. Take care 🙂