On Sun, Jan 23, 2022 at 10:13:17PM +0100, Joachim Lindenberg wrote: > I am really wondering why it works for one domain and doesn´t for mine.
See: https://dnsviz.net/d/et.lindenberg.one/dnssec/ It appears that "et.lindenberg.one" is a CNAME for "io.lindenberg.one", and it is not valid to have both CNAME and MX records at the same name. And the "io.lindenberg.one" name has no MX records. Cloudflare are doing some dodgy magic for your domain, returnig CNAME responses in some cases and MX in others ("hsdig" is my own private DNS lookup CLI, but you'd get similar results with "dig"): $ hsdig -n 1.1.1.1 -t mx et.lindenberg.one et.lindenberg.one. IN MX 0 mx06.et.lindenberg.one. ; NoError AD=1 et.lindenberg.one. IN MX 1 mx04.et.lindenberg.one. ; NoError AD=1 et.lindenberg.one. IN MX 2 mx03.et.lindenberg.one. ; NoError AD=1 et.lindenberg.one. IN MX 3 mx05.et.lindenberg.one. ; NoError AD=1 $ hsdig -n 1.1.1.1 -t a et.lindenberg.one et.lindenberg.one. IN CNAME io.lindenberg.one. ; NoError AD=1 io.lindenberg.one. IN A 82.165.56.12 ; NoError AD=1 Once a resolver has cached the CNAME record, it won't look for MX at that name, and will instead query the CNAME target. $ hsdig -n 8.8.4.4 -t a et.lindenberg.one et.lindenberg.one. IN CNAME io.lindenberg.one. ; NoError AD=1 io.lindenberg.one. IN A 82.165.56.12 ; NoError AD=1 $ hsdig -n 8.8.4.4 -t mx et.lindenberg.one et.lindenberg.one. IN CNAME io.lindenberg.one. ; NoError AD=1 lindenberg.one. IN SOA adi.ns.cloudflare.com. d...@cloudflare.com. 2268458758 10000 2400 604800 3600 ; AD=1 This sort of DNS "magic" (breakage) may be fine for some CDN web sites, but works poorly if you want to publish anything other than A/AAAA records. Get rid of the dodgy CNAME + MX hackery, and you should be fine. -- Viktor.
