How to setup with cloudflare and digital ocean

I am unsure how to setup cloudflare without glue records, apparently I do not need them but my setup keeps asking me to create them?
Any help please?

Please be more specific.

Without specifics, I am assuming that you intend to use Cloudflare for DNS rather than MiaB. If that is the case, you do not need glue records as you stated but the MiaB status checks will show you a warning/error. Since you know why you are getting that error - ignore it.

If your issue is something else, please provide specifics.

I copied the DNS records from my MIAB to the CloudFlare then told MIAB to use the external NS’s
I had to edit all the proxy IP’s to DNS only (remote)
The only errors I am getting now are

The DNSSEC ‘DS’ record for is incorrect. See further details below.
MTA-STS policy is missing: STSFetchResult.NONE
Maybe they will resolve in time.
I would have liked to use glue records on CloudFlare but couldn’t work out how?
They do not seem to have that option.

No. You can do one or the other but not both. If you copy your records to CF to be served then you need to indicate CF’s name servers at the registrar.

Wait, maybe I am reading this incorrectly. What EXACTLY do you mean by the comment:

If you are using “External DNS” you do not enter Custom DNS records for the NS records on MiaB.

MiaB will report this as you are using External DNS (Cloudflare). Ignore.

MiaB resolves this after 24 hours usually. You will need to come back and find the generated record and add it to your DNS entries on CF.

They do but only for Business and Enterprise (paying) customers…

Using a secondary nameserver

which is under the heading

Custom DNS

I do have an enterprise account


Reviewing your DNS settings within your MiaB I see that you added the two cloudflare NS servers as secondary DNS servers. If you’re using CF for External DNS then these will be ignored.

Yeah, no. That is not how that works. I’d suggest removing the 2 CF entries.

Ah ok, its a bit confusing, I still want to use a glue record

If you are using CloudFlare as the DNS provider there is absolutely no reason to have Glue records as you are not hosting DNS servers for the domain on the domain.

If your true intention is actually to allow MiaB to host DNS for the domain then yes, you will need glue records – I suggest reaching out to support for assistance on the how to.

Honestly though. MiaB hosting DNS is a single point of failure. You are indeed much better off using an External DNS provider. There are ways of mitigating this risk, by adding a PROPER Secondary DNS provider — which is something that CF seems to offer as a paid add on (even for Enterprise clients).


I recommend considering using a domain that is dedicated to your MaiB server, and nothing else. It gives MiaB the freedom to do what the developers want it to do, which is to provide a very reliable standards compliant mail server.

If I am using a remote NS do I need to manually update my settings every time I add a domain?

Yes. If you are using external nameservers, like e.g. Cloudflare, you have to mange all the DNS records for that domain on that external server. This means, If you want to add another domain to MiaB, you have to manually create all the necessary DNS records.

And here a few explanations for general understanding on how this all works :

You have to distinct between the role of a domain registrar and the role of a DNS nameserver provider. In many cases they are the same company. But most registrars / nameserver providers do have separate admin panels or separate sections in the admin panel for managing domains (the registrar part) and for manging DNS records (the nameserver part). That’s because these are two separate things.

The registrar provides you with a domain name and glue records to a primary nameserver and at least one secondary nameserver, on which you then manage the DNS records for this domain. These name servers can either be operated by the registrar itself (in your case Cloudflare) or by another provider (e.g. your MiaB server). In the first case the glue records of your domain are pointing to Cloudflare’s own nameservers, in the second case they have to be changed in order to point at your Mail-in-a-Box server. I never used Cloudflare, so I’m not sure how exactley the process fo changing the glue records works with them, but I would be surprised if there was no way to do this.

Note: If you do change the glue records at your registrar (Cloudflare) in order to point them at your MiaB server, the DNS management panel for this domain at your previous DNS provider (Cloudflare) becomes obsolete and all the DNS records for this domain on their nameservers have no effect anymore. You will then have to manage all the DNS records for this domain exclusively through your MiaB instance.

1 Like


I just found this…

Cloudflare Registrar is only available for customers that use Cloudflare as their authoritative DNS provider (also known as a full setup).

So if you have registred your domains directly with them, you would probably have to transfer them to another registrar in order to be able to change the Glue records / using MiaB as your authorative nameserver.

1 Like

I am really not sure where this misconception comes from but if you are using a different providers name servers you DO NOT list that provider’s IP addresses as glue records.

GoDaddy does this and it is maddening. And not correct.

Glue records are only required (and should only be used) when there will be DNS servers running on a domain serving the records for that same domain.

Let’s clear up some terminology and be consistent here. By “remote NS” I assume you are meaning what is referred to as “External DNS” by MiaB. An example would be using Cloudflare to host DNS for a domain that MiaB hosts email for …

So yes, IF you are using External DNS, you are required to enter all of the related records in that providers DNS control panel. This is one of the beauties of MiaB as with MiaB controlling DNS, there is no need to manually enter the dozens of records that are generated.

Please note though that there are only about 5-6 required DNS records that MUST be entered as many are optional and recommended. Honestly, to do it right you should enter all recommended records as well.

Now this brings me to a very very very important consideration … the way that MiaB is natively designed, it is a single point of failure. A user really must properly configure Secondary DNS so that there is a fallback DNS service in place. Unfortunately, the way that you were doing it was not a proper implementation of Secondary DNS. I also don’t believe that you were intending to set up Secondary DNS initially, but rather to use Cloudflare as External DNS.

1 Like

Yes my mistake. Of course you are absolutely right.

However you still have to define the nameservers you want to use for your domains. But this will of course be done by using NS records, NOT glue records as I wronly stated in my earlier post.

True. but every DNS provider that I have ever used does this automatically, including Cloudflare. Of course, you have to list the name servers at the registrar, but adding NS records themselves should be taken care of for you automatically. Again, I have yet to find a DNS provider which does not automatically include them.

So then, one might ask, why are you able to enter NS records at all?

Oftentimes, you may want to have the DNS records for a subdomain hosted elsewhere. For example, I have my hosting automation/billing software hosted elsewhere from my main website. I could have the subdomain’s DNS handled by that host’s DNS servers if I chose to do so by adding NS records for the subdomain pointing to the host’s DNS servers.

That’s what I meant. I probably should have been more precise.