Amazon AWS SSL Email DNS Cloudflare PTR in DNS settings?

Website is hosted at AWS, and Cloudflare is enabled with "Strict" SSL settings, and SSL Labs gives my domain straight A's.

When conducting a PTR validation at whatsmydns.net using the static IP of my domain, the result shows the AWS server where m domain is hosted.

Since I'm using Cloudflare, I have assumed that the DNS settings / Route53 settings at AWS don't mean anything / won't do anything.

Note, I'm using PHP for sending email from the server, for a xenforo website (i.e., system-generated emails). I also use Zoho for email to/from the domain (not system-generated).

Questions:
1) Do Route 53 settings matter, or is everything controlled by Cloudflare DNS?
2) Should PTR show AWS as the result?
3) Side question: when looking up CNAME for my domain at whatsmydns.net, I get red x's globally, but all other settings seem to be green checks (A, AAAA, SOA, etc.). It seems like my CNAME records are correct at Cloudflare, and my site works fine, but not sure why I'd get these results. Any thoughts?

 

this is actually set to "Full"

 

Got it. does dkim also need to be set up on web host side, or only cloudflare, or both?

 

Thanks eva - I know you don't provide support for specific integrations, but posting here for your help or that of anyone else's in the community.

I've read and re-read all these resources but I find it all very confusing given my specific configuration:

• Zoho for "human email"
• PHP for server-based system emails for Xenforo.
• Xenforo hosted at AWS.
• Cloudflare for traffic management.
• Registrar of domains is a separate entity as well.

Everything works fine on the surface, but I'm not getting the proper responses on mxtoolbox (or I may not be using the right query!).

Up until now, I assumed Cloudflare is the only entity that needs to carry my DNS info.

I have two A records:
hostname.domain.com
domain.com

So what I really want to know is, what does Cloudflare need to support in the DNS, and what does Route53 need to support. Let's assume Zoho is already configured properly, because I believe it is.

Is this correct?:

Cloudflare:
- needs the 2 A records mentioned above
- needs CNAME records
- needs MX records
- for email from domain.com only, needs SPF, DKIM, DMARC and PTR DNS records

Route53 (AWS):
- needs the same 2 A records mentioned above
- needs the same CNAME records as above?
- needs the same MX records as above
- for email from hostname.domain.com only, needs SPF, DKIM, DMARC and PTR DNS records
- also has an NS record
- also has a SOA record

Basically, trying to sort what is required vs. what is redundant vs. what is causing conflict.

 

When I send command line test email per instructions here, and I check the header, I get:
dkim: pass
spf: none (says IP is neither approved or denied)
dmarc: (I can't find any reference to a dmarc result in the header)

When I send from xenforo interface, I get:
dkim: (I can't find any reference to a dkim result in the header)
spf: pass
dmarc: pass

When I send from POP (zoho), I get:
dkim: pass
spf: pass
dmarc: pass