We're experiencing difficulty. Our engineers are on it. Please check status.mailgun.com for real-time updates.

Cloudflare DNS Setup Guide

Article Preview

    Overview

    This guide demonstrates how to add a root domain or subdomain to Cloudflare and configure the (sub)domain with each Mailgun DNS record. This guide assumes that you have already created your Cloudflare account.

    While this guide is intended to be as helpful and comprehensive as possible, there is a small possibility that you will encounter an error or issue of some kind while configuring your DNS records within Cloudflare. If that is the case, we recommend contacting Cloudflare's Support Team as they will be able to most quickly identify and resolve the issue (or, at minimum, provide next steps).

     

    Deciding between a root domain or subdomain

    Deciding which domain to use - especially whether to use your root domain or a subdomain of that root domain - is key before proceeding any further. As this can be a challenging decision to make, we recommend reviewing the following Mailgun articles if needed:

    Nevertheless, let's briefly review two key terms: root domains and subdomains.

    Examples of root domains include mailgun.com, mydnsexample.com, or google.com. Examples of subdomains include relay.mailgun.com, mg.mydnsexample.com, or mail.google.com. Notice the pattern: subdomains have an extra prefix (or sometimes multiple prefixes) before the primary domain name itself. In most cases using a subdomain with Mailgun is preferred, but we cover this topic more comprehensively in the above articles.

    Finally, once a decision has been reached, add the (sub)domain to your Mailgun account, and our system will generate the various DNS records needed . We cover adding (and deleting) domains in detail within this in-depth guide.

     

    Adding the domain

    There are three methods of adding a domain or subdomain within Cloudflare:

    1. Method 1: Registering a new domain/subdomain with Cloudflare
    2. Method 2: Transferring an existing (sub)domain's registration from another Domain Registrar to Cloudflare
    3. Method 3: Configuring an existing (sub)domain's nameservers within the Domain Registrar to reference Cloudflare rather than the current DNS provider

    The first method of adding a (sub)domain within the Cloudflare Control Panel only takes 3 steps, and this is covered in this guide. We will list those steps below, but if desired, you can also reference Cloudflare's Adding (Buying) A Domain articles. If you already have a domain purchased and registered elsewhere, you'll need to transfer the domain to Cloudflare (see the next paragraph) or configure your nameserver records to reference Cloudflare (see the paragraph after the next paragraph).

    However, the second method of adding a (sub)domain within the Cloudflare Control Panel is not covered in this article; nonetheless, Cloudflare documents how the transfer process works within their system. Transferring a domain's registration between Domain Registrars is an intricate process, and a mistake can have catastrophic impact upon your online presence. Therefore, it is our recommendation to contact the Domain Registrar if you have any questions or encounter any issues regarding with the Domain Registration and Nameserver Management processes. See also section "The Domain Registrar And Nameserver Records" of the guide for more details.

    A third method, configuring an existing (sub)domain's nameservers within the Domain Registrar to reference Cloudflare rather than the current DNS provider, is partially covered in this guide. Similar to the explanation in the second method above, changes in your Domain Registrar must be carefully and precisely made. As such, working directly with the Domain Registrar may be imperative for ensuring the nameserver (NS) records are updated appropriately. Nonetheless, we cover the Cloudflare side of the equation below.

    Tip: For larger images, right-click and select the option "Open Image in New Tab" (or Window).

     

    Don't own a domain or need a new domain? (First Method)
    If you need to create a new (sub)domain and have it hosted with Cloudflare, follow the below steps to register your new domain (or subdomain) with Cloudflare.

    1. Login to your account.
      Cloudflare.01.Login.png
    2. Click the Domain Registration option (or better, the down arrow to it's right) on the left-hand navigation pane. Then, click the Register Domains suboption. Finally, enter the new domain name you wish to add (buy/purchase) from Cloudflare inside the center textbox.
      Cloudflare.02.NewRegistration.AddDomain(Step1).png
    3. Enter your contact information for ICANN and complete the domain registration process.
      Cloudflare.02.NewRegistration.AddDomain(Step2).png

     

    Already own a domain hosted somewhere else? (Third Method)
    If you already own an existing (sub)domain that is registered elsewhere with another Domain Registrar, but you would like to manage the DNS at Cloudflare, this is possible by performing the following steps of adding a "website":

    1. Login to your account.
      Cloudflare.01.Login.png
    2. Click the Websites option on the left-hand navigation pane. Then, click the Add Site button in the center of the page.
      Cloudflare.02.ExistingRegistration.AddDomain(Step1).png
    3. Enter your existing (sub)domain in the textbox. Then, click the Add site button.
      Cloudflare.02.ExistingRegistration.AddDomain(Step2).png
    4. Select the relevant plan for your needs. (This example selects the Free plan).
      Cloudflare.02.ExistingRegistration.AddDomain(Step3).png
    5. Cloudflare will allow you to enter DNS records for your (sub)domain now. This is not required, however, and you can click the Continue button to add the records later.
      Cloudflare.02.ExistingRegistration.AddDomain(Step4).png
    6. Once the "website" is added, you'll see your domain listed on the Website homepage. It will not show "Active" with a green checkmark until you add Cloudflare's NS records to your Domain Registrar. You can find your domain's specific Cloudflare NS records by following the steps outlined in this article. For the specific information of how/where to add the NS records within your Domain Registrar, the Domain Registrar themselves will be the best resource to consult.
      Cloudflare.02.ExistingRegistration.AddDomain(Step5).png
    7. Once Cloudflare's NS records have been added to your Domain Registrar and Cloudflare verifies their presence, their site will display the below, which means the domain's DNS hosting is fully configured and active on their system.
      Cloudflare.02.ExistingRegistration.AddDomain(Step6).png

     

    Configuring the domain

    Once the domain has been added, you may access it in the future using the following steps.

    1. If you're shown the Home page upon login, you'll see a list of domains in the center of the page. Click the box that contains the domain name in question.  
      Cloudflare.03.ManageDomain(Step1).png
    2. Click the DNS option (or better, the down arrow to it's right) on the left-hand navigation pane. Then, click the Records suboption.
      Cloudflare.03.ManageDomain(Step2).png
    3. View, create, or edit the desired DNS records for the domain.
      Cloudflare.03.ManageDomain(Step3).png

     

    Configuring SPF

    SPF records help protect your domain against spoofed emails and decrease* the likelihood your emails will be flagged as spam. (* Exceptions apply: e.g. actual spam/phishing emails will still be considered as such by mailbox providers even with the presence of an SPF record.)

    Additionally to our guide, Cloudflare does provide their own SPF tutorial (though it is generalized for each type of record in their system). Interested in more extensive technical details concerning SPF records? Please reference this Mailgun article, RFC 7208, or Cloudflare's technical documentation

    Tip: For larger images, right-click and select the option "Open Image in New Tab" (or Window).

     

    Configuring a root domain with the SPF record

    Cloudflare.04.ConfigureSPF(Rootdomain).png

    Within your Cloudflare Control Panel, enter the SPF record information that is displayed in your Mailgun Control Panel. (In the Mailgun Control Panel, you'll click on the Sending option followed by the Domain settings suboption found within in the left-hand navigation pane, and then click on the DNS records tab).

    Both the image above and the table below - using an example domain called mydnsexample.com - provide additional guidance for adapting certain values (such as the Hostname) into Cloudflare's system. Other DNS nuances and problematic scenarios that you may encounter are also explained in detail. Generally, the bolded-in-blue-text within the table can be copied-and-pasted for each field, unless it is noted otherwise (such as the DKIM value, which is unique for every Mailgun domain). 

    Field Enter
    Type

    TXT

    Notes:

    • N/A
    Name

    @

    Notes:

    • The @ symbol is used to represent a root (apex) domain (e.g. mydnsexample.com) within Cloudflare. This is why you'll use the shorter (and quite different) value instead of the longer value seen within the Mailgun Control Panel. (As a note, once the text for the Hostname is entered, you'll notice the dynamically generated text above the Hostname textbox reflects the longer value from the Mailgun Control Panel).
    TTL

    5 min

    Notes:

    • 5 min (300 seconds) usually will lead to a swift verification of the record.
    • However, you may set this field to a different value based on your needs. 
    Content

    v=spf1 include:mailgun.org ~all
    (or, possibly only include:mailgun.org)

    Notes:

    • If you do not already have an existing SPF record for this root domain, you'll enter the entire value:
      • v=spf1 include:mailgun.org ~all
    • If you already have an existing SPF record for this root domain, you'll instead insert a smaller section of the value:
      • include:mailgun.org

      • Ensure this text occurs after v=spf1 and before ~all

      • Ensure this text has one space character to it's left and one space character to it's right

      • For example, v=spf1 include:domain1.com include:mailgun.org include:domain3.com ~all

    • If desired, you may use -all (hard fail) instead of ~all (soft fail). Using either will have no impact on the domain's verification status within Mailgun's system.

     

    Configuring a subdomain with the SPF record

    Cloudflare.04.ConfigureSPF(Subdomain).png

    Within your Cloudflare Control Panel, enter the SPF record information that is displayed in your Mailgun Control Panel. (In the Mailgun Control Panel, you'll click on the Sending option followed by the Domain settings suboption found within in the left-hand navigation pane, and then click on the DNS records tab).

    Both the image above and the table below - using an example subdomain called mg.mydnsexample.com - provide additional guidance for adapting certain values (such as the Hostname) into Cloudflare's system. Other DNS nuances and problematic scenarios that you may encounter are also explained in detail. Generally, the bolded-in-blue-text within the table can be copied-and-pasted for each field, unless it is noted otherwise (such as the DKIM value, which is unique for every Mailgun domain). 

    Field Enter
    Type

    TXT

    Notes:

    • N/A
    Name

    mg

    Notes:

    • The text "mg", without the root domain (e.g. mydnsexample.com) suffixed, is used to represent a subdomain (e.g. mg.mydnsexample.com) within Cloudflare. This is why you'll use the shorter value instead of the longer value seen within the Mailgun Control Panel. (As a note, once the text for the Hostname is entered, you'll notice the dynamically generated text above the Hostname textbox reflects the longer value from the Mailgun Control Panel).
    TTL

    5 min

    Notes:

    • 5 min (300 seconds) usually will lead to a swift verification of the record.
    • However, you may set this field to a different value based on your needs. 
    Content

    v=spf1 include:mailgun.org ~all
    (or, possibly only include:mailgun.org)

    Notes:

    • If you do not already have an existing SPF record for this root domain, you'll enter the entire value:
      • v=spf1 include:mailgun.org ~all
    • If you already have an existing SPF record for this root domain, you'll instead insert a smaller section of the value:
      • include:mailgun.org

      • Ensure this text occurs after v=spf1 and before ~all

      • Ensure this text has one space character to it's left and one space character to it's right

      • For example, v=spf1 include:domain1.com include:mailgun.org include:domain3.com ~all

    • If desired, you may use -all (hard fail) instead of ~all (soft fail). Using either will have no impact on the domain's verification status within Mailgun's system.

     

    Configuring DKIM

    DKIM records help authenticate your domain against forged emails and decrease* the likelihood your emails will be flagged as spam. (* Exceptions apply: e.g. actual spam/phishing emails will still be considered as such by mailbox providers even with the presence of an DKIM record.)

    Additionally to our guide, Cloudflare does provide their own DKIM tutorial (though it is generalized for each type of record in their system). Interested in more extensive technical details concerning DKIM records? Please reference this Mailgun article, RFC 6376, or Cloudflare's technical documentation

    Tip: For larger images, right-click and select the option "Open Image in New Tab" (or Window).

     

    Configuring a root domain with the DKIM record

    Cloudflare.05.ConfigureDKIM(Rootdomain).png

    Within your Cloudflare Control Panel, enter the DKIM record information that is displayed in your Mailgun Control Panel. (In the Mailgun Control Panel, you'll click on the Sending option followed by the Domain settings suboption found within in the left-hand navigation pane, and then click on the DNS records tab).

    Both the image above and the table below - using an example domain called mydnsexample.com - provide additional guidance for adapting certain values (such as the Hostname) into Cloudflare's system. Other DNS nuances and problematic scenarios that you may encounter are also explained in detail. Generally, the bolded-in-blue-text within the table can be copied-and-pasted for each field, unless it is noted otherwise (such as the DKIM value, which is unique for every Mailgun domain). 

    Field Enter
    Type

    TXT

    Notes:

    • N/A
    Name

    pic._domainkey
    (or, one of several other values such as krs._domainkey, smtp._domainkey, or mailo._domainkey)

    Notes:

    • Your Hostname could be one among a range of other values:
      • krs._domainkey
      • smtp._domainkey
      • mailo._domainkey
      • etc. As such, only use the value Mailgun has assigned for your domain.
    • The text "pic._domainkey", without the root domain (e.g. mydnsexample.com) suffixed, is used to represent a subdomain (e.g. pic._domainkey.mydnsexample.com) within Cloudflare. This is why you'll use the shorter value instead of the longer value seen within the Mailgun Control Panel. (As a note, once the text for the Hostname is entered, you'll notice the dynamically generated text above the Hostname textbox reflects the longer value from the Mailgun Control Panel).
    TTL

    5 min

    Notes:

    • 5 min (300 seconds) usually will lead to a swift verification of the record.
    • However, you may set this field to a different value based on your needs. 
    Content

    k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUA
    A4GNADCBiRgK1eQ/xth8dqLiuzqwmNBI+
    TPmpq71Yka2ZNh7Iws8gsbqEGvRmT5KT
    mZcXwW9BOK8emkBacGxINayXbeg2K2J
    0J0WrTFJvRXZnykmDpLzhpSAyeValF6jFF
    p8cUFyNmCAUnjwIDAQAB
    (your domain's value certainly will be different)

    Notes:

    • Within Mailgun, you can create either a 1024- or 2048-bit DKIM key.
      • However, not all DNS providers support 2048-bit DKIM keys. Further, some providers who do support 2048-bit DKIM keys require splitting a key over 2 records (due to a 255 byte character limit associated with the value of the DKIM).

      • Cloudflare does support 2048-bit DKIM keys.

      • Further, Cloudflare allows you to enter the full 2048-bit DKIM key into the Data field, and they will split the key into 2 records automatically on your behalf.
      • Manually splitting a 2048-bit DKIM key over two records generally can be performed by following the main steps of this article.
      • However, the DNS provider themselves will be the best resource for any assistance needed with this more uncommon, advanced DNS configuration.
    • v=dkim1 is not used in our records since dkim1 is the only version that exists at this time.

     

    Configuring a subdomain with the DKIM record

    Cloudflare.05.ConfigureDKIM(Subdomain).png

    Within your Cloudflare Control Panel, enter the DKIM record information that is displayed in your Mailgun Control Panel. (In the Mailgun Control Panel, you'll click on the Sending option followed by the Domain settings suboption found within in the left-hand navigation pane, and then click on the DNS records tab).

    Both the image above and the table below - using an example subdomain called mg.mydnsexample.com - provide additional guidance for adapting certain values (such as the Hostname) into Cloudflare's system. Other DNS nuances and problematic scenarios that you may encounter are also explained in detail. Generally, the bolded-in-blue-text within the table can be copied-and-pasted for each field, unless it is noted otherwise (such as the DKIM value, which is unique for every Mailgun domain). 

    Field Enter
    Type

    TXT

    Notes:

    • N/A
    Name

    pic._domainkey.mg
    (or, one of several other values such as krs._domainkey.mg, smtp._domainkey.mg, or mailo._domainkey.mg)

    Notes:

    • Your Hostname could be one among a range of other values:
      • krs._domainkey.mg
      • smtp._domainkey.mg
      • mailo._domainkey.mg
      • etc. As such, only use the value Mailgun has assigned for your domain.
    • The text "pic._domainkey.mg", without the root domain (e.g. mydnsexample.com) suffixed, is used to represent a subdomain (e.g. pic._domainkey.mg.mydnsexample.com) within Cloudflare. This is why you'll use the shorter value instead of the longer value seen within the Mailgun Control Panel. (As a note, once the text for the Hostname is entered, you'll notice the dynamically generated text above the Hostname textbox reflects the longer value from the Mailgun Control Panel).
    TTL

    5 min

    Notes:

    • 5 min (300 seconds) usually will lead to a swift verification of the record.
    • However, you may set this field to a different value based on your needs. 
    Content

    k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUA
    A4GNADCBiRgK1eQ/xth8dqLiuzqwmNBI+
    TPmpq71Yka2ZNh7Iws8gsbqEGvRmT5KT
    mZcXwW9BOK8emkBacGxINayXbeg2K2J
    0J0WrTFJvRXZnykmDpLzhpSAyeValF6jFF
    p8cUFyNmCAUnjwIDAQAB
    (your domain's value certainly will be different)

    Notes:

    • Within Mailgun, you can create either a 1024- or 2048-bit DKIM key.
      • However, not all DNS providers support 2048-bit DKIM keys. Further, some providers who do support 2048-bit DKIM keys require splitting a key over 2 records (due to a 255 byte character limit associated with the value of the DKIM).

      • Cloudflare does support 2048-bit DKIM keys.

      • Further, Cloudflare allows you to enter the full 2048-bit DKIM key into the Data field, and they will split the key into 2 records automatically on your behalf.
      • Manually splitting a 2048-bit DKIM key over two records generally can be performed by following the main steps of this article.
      • However, the DNS provider themselves will be the best resource for any assistance needed with this more uncommon, advanced DNS configuration.
    • v=dkim1 is not used in our records since dkim1 is the only version that exists at this time.

     

    Configuring MX

    MX records describe where emails intended for your domain should be sent.

    Additionally to our guide, Cloudflare does provide their own MX tutorial (though it is generalized for each type of record in their system). Interested in more extensive technical details concerning MX records? Please reference RFC 5321 or Cloudflare's technical documentation

    Tip: For larger images, right-click and select the option "Open Image in New Tab" (or Window).

     

    Configuring a root domain with the MX records

    Cloudflare.06.ConfigureMX(RootdomainRecord1).png

    Cloudflare.06.ConfigureMX(RootdomainRecord2).png

    Within your Cloudflare Control Panel, enter the MX records information that is displayed in your Mailgun Control Panel. (In the Mailgun Control Panel, you'll click on the Sending option followed by the Domain settings suboption found within in the left-hand navigation pane, and then click on the DNS records tab).

    Both the image above and the table below - using an example domain called mydnsexample.com - provide additional guidance for adapting certain values (such as the Hostname) into Cloudflare's system. Other DNS nuances and problematic scenarios that you may encounter are also explained in detail. Generally, the bolded-in-blue-text within the table can be copied-and-pasted for each field, unless it is noted otherwise (such as the DKIM value, which is unique for every Mailgun domain). 

    Field Enter
    Type

    MX

    Notes:

    • N/A
    Name

    @
    (no value is entered in this field)

    Notes:

    • The @ symbol is used to represent a root (apex) domain (e.g. mydnsexample.com) within Cloudflare. This is why you'll use the shorter (and quite different) value instead of the longer value seen within the Mailgun Control Panel. (As a note, once the text for the Hostname is entered, you'll notice the dynamically generated text above the Hostname textbox reflects the longer value from the Mailgun Control Panel).
    Mail server

    mxa.mailgun.org
    (for the first MX record)

    mxb.mailgun.org
    (for the second MX record)

    Notes:

    • Keep in mind there are two MX records, and the only difference between them will be this field. The first record will have mxa.mailgun.org and the second record will have mxb.mailgun.org.

    • Ensure that only Mailgun's MX records are configured for your domain.
      • Having another email provider's or email host's MX records also present will result in unpredictable email delivery to your domain (in short, lost emails).
      • As such, if your domain already has non-Mailgun MX records, it is almost always the best and safest course of action to use a different domain - or ideally a subdomain - for Mailgun instead.
    • Though the MX records are "technically optional" for using Mailgun's system, they are "virtually required" for optimal email deliverability and the avoidance of certain types of bounces (such as those due to Sender Address Verification).
    TTL

    5 min

    Notes:

    • 5 min (300 seconds) usually will lead to a swift verification of the record.
    • However, you may set this field to a different value based on your needs.
    Priority

    10

    Notes:

    • Both records can have any priority (as long as they are the same priority), but 10 is a standard value.

     

    Configuring a subdomain with the MX records

    Cloudflare.06.ConfigureMX(SubdomainRecord1).png

    Cloudflare.06.ConfigureMX(SubdomainRecord2).png

    Within your Cloudflare Control Panel, enter the MX records information that is displayed in your Mailgun Control Panel. (In the Mailgun Control Panel, you'll click on the Sending option followed by the Domain settings suboption found within in the left-hand navigation pane, and then click on the DNS records tab).

    Both the image above and the table below - using an example subdomain called mg.mydnsexample.com - provide additional guidance for adapting certain values (such as the Hostname) into Cloudflare's system. Other DNS nuances and problematic scenarios that you may encounter are also explained in detail. Generally, the bolded-in-blue-text within the table can be copied-and-pasted for each field, unless it is noted otherwise (such as the DKIM value, which is unique for every Mailgun domain). 

    Field Enter
    Type

    MX

    Notes:

    • N/A
    Name

    mg

    Notes:

    • The text "mg", without the root domain (e.g. mydnsexample.com) suffixed, is used to represent a subdomain (e.g. mg.mydnsexample.com) within Cloudflare. This is why you'll use the shorter value instead of the longer value seen within the Mailgun Control Panel. (As a note, you'll notice the dynamically generated text above the Hostname textbox reflects the longer value from the Mailgun Control Panel).
    Mail server

    mxa.mailgun.org
    (for the first MX record)

    mxb.mailgun.org
    (for the second MX record)

    Notes:

    • Keep in mind there are two MX records, and the only difference between them will be this field. The first record will have mxa.mailgun.org and the second record will have mxb.mailgun.org.

    • Ensure that only Mailgun's MX records are configured for your subdomain.
      • Having another email provider's or email host's MX records also present will result in unpredictable email delivery to your domain (in short, lost emails).
      • As such, if your domain already has non-Mailgun MX records, it is almost always the best and safest course of action to use a different domain - or ideally a subdomain - for Mailgun instead.
    • Though the MX records are "technically optional" for using Mailgun's system, they are "virtually required" for optimal email deliverability and the avoidance of certain types of bounces (such as those due to Sender Address Verification).
    TTL

    5 min

    Notes:

    • 5 min (300 seconds) usually will lead to a swift verification of the record.
    • However, you may set this field to a different value based on your needs. 
    Priority

    10

    Notes:

    • Both records can have any priority (as long as they are the same priority), but 10 is a standard value.

     

    Configuring CNAME

    CNAME records alias (point or direct) one domain name to another domain name, which in this case effectively associates your emails with Mailgun and allows tracking of opens and clicks.

    Additionally to our guide, Cloudflare does provide their own CNAME tutorial (though it is generalized for each type of record in their system). Interested in more extensive technical details concerning MX records? Please reference RFC 1034 or Cloudflare's technical documentation.

    Tip: For larger images, right-click and select the option "Open Image in New Tab" (or Window).

     

    Configuring a root domain with the CNAME record

    Cloudflare.07.ConfigureCNAME(Rootdomain).png

    Within your Cloudflare Control Panel, enter the CNAME record information that is displayed in your Mailgun Control Panel. (In the Mailgun Control Panel, you'll click on the Sending option followed by the Domain settings suboption found within in the left-hand navigation pane, and then click on the DNS records tab).

    Both the image above and the table below - using an example domain called mydnsexample.com - provide additional guidance for adapting certain values (such as the Hostname) into Cloudflare's system. Other DNS nuances and problematic scenarios that you may encounter are also explained in detail. Generally, the bolded-in-blue-text within the table can be copied-and-pasted for each field, unless it is noted otherwise (such as the DKIM value, which is unique for every Mailgun domain). 

    Field Enter
    Type

    CNAME

    Notes:

    • N/A
    Name

    email

    Notes:

    • It is possible to change this value - what we call the Tracking Hostname - from "email" to another value of your choosing within the Mailgun Control Panel or through the Domains API.
      • In the Control Panel, click the Sending option in the left-hand navigation pane.

      • Click the Domain settings suboption in the same left-hand navigation pane.

      • In the Tracking section of the resulting page, you'll find the Tracking hostname field, which you can proceed to edit.
    • The text "email", without the root domain (e.g. mydnsexample.com) suffixed, is used to represent a subdomain (e.g. email.mydnsexample.com) within Cloudflare. This is why you'll use the shorter value instead of the longer value seen within the Mailgun Control Panel. (As a note, once the text for the Hostname is entered, you'll notice the dynamically generated text above the Hostname textbox reflects the longer value from the Mailgun Control Panel).
    Target

    mailgun.org

    Notes:

    • Ensure that only Mailgun's CNAME record is configured for your domain.
      • Having another CNAME record also present will result in unpredictable aliasing of your domain (in short, unreliable downstream behavior).
      • Some DNS providers automatically create a CNAME record for the "email" hostname. It may not always be safe to remove or edit such a record.
      • As such, if your domain already has a non-Mailgun CNAME record, it is almost always the best and safest course of action to use a different domain - or ideally a subdomain - for Mailgun instead.
    • Ensure that the only DNS record configured for the Hostname is the CNAME record.
      • Since the behavior of a CNAME is to alias (point or redirect) requests somewhere else, any other DNS records configured on the same Hostname will never be "seen".
      • When DNS lookups are performed by the services that interact with websites and emails, their lookups are aliased/redirected to another hostname instead. 
      • This would lead to any such records being unverifiable by Mailgun's system as well as hidden from email hosts who upon receipt of an email will attempt to verify whether your domain has the expected DNS records present.
      • As such, if the Hostname your CNAME record is configured on has any other DNS records, it is almost always the best and safest course of action to change the Hostname from "email" to another value that is not used by your other DNS records. 
      • The Name row (above) in this table explains how to change this value. Once changed, you can proceed with adding the Mailgun CNAME record.
    • Though the CNAME record is "optional" for using Mailgun's system, it is "required" for tracking the open and click rates of your emails as well as rewriting links using HTTPS rather than HTTP.
    Proxy Status

    DNS only

    Notes:

    • Toggle the indicator so that the orange cloud icon no longer shows and only a gray cloud icon shows with the text DNS only displays to the right of the gray cloud icon. 
    TTL

    5 min

    Notes:

    • 5 min (300 seconds) usually will lead to a swift verification of the record.
    • However, you may set this field to a different value based on your needs. 

     

    Configuring a subdomain with the CNAME record

    Cloudflare.07.ConfigureCNAME(Subdomain).png

    Within your Cloudflare Control Panel, enter the CNAME record information that is displayed in your Mailgun Control Panel. (In the Mailgun Control Panel, you'll click on the Sending option followed by the Domain settings suboption found within in the left-hand navigation pane, and then click on the DNS records tab).

    Both the image above and the table below - using an example subdomain called mg.mydnsexample.com - provide additional guidance for adapting certain values (such as the Hostname) into Cloudflare's system. Other DNS nuances and problematic scenarios that you may encounter are also explained in detail. Generally, the bolded-in-blue-text within the table can be copied-and-pasted for each field, unless it is noted otherwise (such as the DKIM value, which is unique for every Mailgun domain). 

    Field Enter
    Type

    CNAME

    Notes:

    • N/A
    Name

    email.mg

    Notes:

    • It is possible to change this value - what we call the Tracking Hostname - from "email" to another value of your choosing within the Mailgun Control Panel or through the Domains API.
      • In the Control Panel, click the Sending option in the left-hand navigation pane.

      • Click the Domain settings suboption in the same left-hand navigation pane.

      • In the Tracking section of the resulting page, you'll find the Tracking hostname field, which you can proceed to edit.
    • The text "email.mg", without the root domain (e.g. mydnsexample.com) suffixed, is used to represent a subdomain (e.g. email.mg.mydnsexample.com) within Cloudflare. This is why you'll use the shorter value instead of the longer value seen within the Mailgun Control Panel. (As a note, once the text for the Hostname is entered, you'll notice the dynamically generated text above the Hostname textbox reflects the longer value from the Mailgun Control Panel).
    Target

    mailgun.org

    Notes:

    • Ensure that only Mailgun's CNAME record is configured for your domain.
      • Having another CNAME record also present will result in unpredictable aliasing of your domain (in short, unreliable downstream behavior).
      • Some DNS providers automatically create a CNAME record for the "email" hostname. It may not always be safe to remove or edit such a record.
      • As such, if your domain already has a non-Mailgun CNAME record, it is almost always the best and safest course of action to use a different domain - or ideally a subdomain - for Mailgun instead.
    • Ensure that the only DNS record configured for the Hostname is the CNAME record.
      • Since the behavior of a CNAME is to alias (point or redirect) requests somewhere else, any other DNS records configured on the same Hostname will never be "seen".
      • When DNS lookups are performed by the services that interact with websites and emails, their lookups are aliased/redirected to another hostname instead. 
      • This would lead to any such records being unverifiable by Mailgun's system as well as hidden from email hosts who upon receipt of an email will attempt to verify whether your domain has the expected DNS records present.
      • As such, if the Hostname your CNAME record is configured on has any other DNS records, it is almost always the best and safest course of action to change the Hostname from "email" to another value that is not used by your other DNS records. 
      • The Name row (above) in this table explains how to change this value. Once changed, you can proceed with adding the Mailgun CNAME record.
    • Though the CNAME record is "optional" for using Mailgun's system, it is "required" for tracking the open and click rates of your emails as well as rewriting links using HTTPS rather than HTTP.
    Proxy status

    DNS only

    Notes:

    • Toggle the indicator so that the orange cloud icon no longer shows and only a gray cloud icon shows with the text DNS only displayed to the right of the gray cloud icon. 
    TTL

    5 min

    Notes:

    • 5 min (300 seconds) usually will lead to a swift verification of the record.
    • However, you may set this field to a different value based on your needs. 

     

    The domain registrar and nameserver records

    A somewhat common situation we witness concerns a customer having recently migrated (or currently being in the process of migrating) from one DNS hosting provider to another; however, their Mailgun DNS records are failing to verify within their Mailgun Control Panel. Perhaps you yourself are experiencing this exact situation. If so, there is a solution: update the domain's registration information.

    Whenever anyone switches DNS hosting providers (e.g. from DigitalOcean to Cloudflare), they must also update their Nameserver (NS) records within their Registrar's system. Your Registrar is the company through whom you purchased the domain and with whom the domain is registered on the Internet. As a note, Cloudflare is a Domain Registrar, but they may not be your domain's Registrar.

    If you need assistance identifying the Registrar for your domain, the ICANN WHOIS website can assist you in this task. Alternatively, you can use a MacOS/Linux terminal to obtain this information:

    whois myexampledomain.com

    Scan the output results for the line that contains the Registrar URL information. It is this field that will identify the domain's Registrar and their website.

    For more guidance on updating your registrar and the associated nameserver records to reflect your DNS hosting with Cloudflare, please review Cloudflare's nameserver documentation and registration documentation. Additionally, if you're experiencing a domain registration issue, it is best to reach out to the Registrar directly. Mailgun, in such a scenario, would not have any insight additional to the publicly available WHOIS information mentioned above.

     

    Need Support?

    Our Support Team here at Sinch Mailgun is happy to help! Reach out to us in the Support page of your Mailgun Control Panel, and we'll be with you shortly!