Resolving CloudFlare DNS related mail delivery problems

I recently started using CloudFlare and am having a few teething problems.

Our domain is netlanguages.com and while we have a lot of sub-domains listen, we are currently only trialling a few of the servers through the CloudFlare CDN (for example, www.netlanguages.com is enabled for CDN, netlanguages.com is not). The actual CDN service seems to be reliable, but the problem that we are having is with DNS, and specifically with mail delivery.

The background is that we have contact forms on our web site which use PHP mail() to send the details to end-users' email addresses, with the "from" address of the messages being [email protected] which is a valid address on our mail server. Most of the mails are arriving correctly, but a few specific people are not receiving them. The webserver uses qmail to deliver the messages, and the qmail log files show us some of the errors that the receiving mail servers return when they reject the mail delivery attempt. Two examples:

Connected to 94.100.176.20 but sender was rejected./Remote host said: 421 DNS problem (interdominios.netlanguages.com). Try again later Connected to 213.186.33.29 but sender was rejected./Remote host said: 451 DNS temporary failure (#4.3.0)

From what I can tell, the receiving SMTP server is doing a DNS lookup of some description on either the host of the "from" email address (netlanguages.com) or the server name given in the EHLO command of the SMTP conversation (in the first example above, interdominios.netlanguages.com), both of which should resolve to non-CloudFlare IP addresses.

I've read that the CloudFlare DNS service is very reliable and fast but both of the problems above seem to point to a problem with remote servers unable to do DNS lookups.

I should also point out that we changed our DNS to CloudFlare on 6th Feb, and since then started experiencing these mail delivery problems. On 22nd Feb we moved our DNS away from CloudFlare to see if the issues were related to CloudFlare and after a few hours delivery began to work. Then on 26th Feb I moved the DNS back to CloudFlare again and delivery problems started again. The issues definitely seems to be related to DNS, but I don't know if it's a configuration issue, or something else.

Finally, I should say that our two DNS MX records point to non-CDN A record IP addresses, interdominios.netlanguages.com (the web and qmail server) also points to a non-CDN A record IP address.

Does anyone know what the problem could be here? Any light you can shed on this will be most appreciated.

Many thanks,

Andy

Hi Jenny, thanks for your input, it's good to have a second opinion to make sure I hadn't overlooked something obvious. (I was contemplating hiding my real host information but decided that there was nothing so private that someone couldn't find out from a DNS query.) I've submitted a support ticket at CloudFlare so I'll wait and see what they say but as at the moment I'm using the free service, I'm not expecting a quick reply...

I talked to the local DNS expert (the one behind much of the DNSCheck code). He suggested that as Cloudflare is a CDN, they presumably have multihomed DNS, meaning that even though they may use only one IP address they've got servers all over the world. If the one topologically closest to the recipient mailserver is failing, that will account for only certain recipients having problems.

Just to say thanks again for your feedback. Reading online it seems that CloudFlare can give errors when you have a wildcard entry setup (I had *.netlanguages.com as a CNAME to interdominios.netlanguages.com) so I've removed that and for the moment the temporary DNS failures aren't happening - I hope it continues that way!

You're very welcome, and thanks for reporting the outcome!