After starting to use Cloudflare Registrar I'm worried by not being able to temporarily point DNS to my Host directly


#1

I took the plunge and moved some domain names to Cloudflare (great price) but now I’m a bit worried by the drop in functionality (unless I’m missing something).

When you add a new site to Cloudflare, it scans your DNS records and re-builds in Cloudflare DNS records to match your host. This is important if you have something more than an A record and a couple of MX records.

As far as I can tell there is only one way to re-initiate that scan later: point to the original nameservers, delete the domain name from Cloudflare and then rescan and re-add. That works.

Once you’ve moved a domain to the Cloudflare registrar, however, you can’t do this.

If you want to move to a new host, for example, that would entail manually editing your DNS records on Cloudflare and I’m reaching the limits of what I’m comfortable doing.

It seems to me the ability to do that initial setup scan is very important once you’ve moved a domain name to Cloudflare!

Does this make sense?


#2

It makes perfect sense! What a lot of hosts support is exporting a BIND file containing your DNS records which you can then upload to Cloudflare.

This means that if you changed hosts, you could export a BIND file from there and import it into :logo:.

Hope this helps!


#3

I think I’m going to have to ask Host Gator how to do that, between poking around in WHM and Cpanel on a VPS server with multiple sub accounts (and which is also running the DNS servers I used to refer to) I’ve reached a hard limit on what I’m able to do on my own, this isn’t my profession, I guess I’d have to say I’m a talented amateur at this.

I know I’m only using free accounts right now but it would be nice to put this on the radar of cloudflare as a future option.

It would seem that switching from one host to another is much more complicated after you move your domain name registrations to Cloudflare.


#4

I don’t see the value of ‘rescanning’ unless you’ve changed content on the other, not-actually-active nameservers. If you’re updating records wouldn’t you do it at Cloudflare? Or are you keeping the old naemservers populated as a backup? Because a better way to do that would be to export the Cloudflare DNS config periodically. I ouldn’t make changes on an inactive nameserver just so I could use it as a rescan source in Cloudflare.

If you move to a new host you would indeed need to edit the records at Cloudflare… but for there to be any benefit of being able to rescan you would have had to make the change at the old nameservers anyway… I don’t see how or why it could be worth you changing records at your old server but not Cloudflare and then initiating a rescan via a deletion etc with all the downtime that would cause. Just update at Cloudflare instead?

It might be useful, but I can’t see it being useful in the cases you’ve outlined.

Once you’re using Cloudflare as authoritative DNS servers you should update there, not mess around updating on an old host and then moving the data across via a rescan - that’s far, far, far (can’t stress this enough) more likely to cause you a problem than just doing it locally in your DNS tab at Cloudflare.

If you must make changes elsewhere then as already mentioned, you could do a BIND export/import.

Can I ask where you presently want to rescan from because I’m keen to see if I’m missing something with what they provide.


#5

I think the case here might be that the host automatically updates the records of the domain is pointless by to their nameservers and @bol wants to scan these into Cloudflare. I don’t think they manually edited the records anywhere before moving to Cloudflare, but rather relied on the fact that the host would do this when required.


#6

Ah, that’d make sense. I forget some folk don’t necessarily control all the setup themselves and rely on hosts etc to make changes for them.


#7

I really appreciate the thoughtful help here so I’ll tell you what I’m presently looking at.

I run a VPS account at Host Gator. I have a few websites on it that I run mostly myself non professionally.

I’ll give you one simple example I came across: if you’re trying to set up mail SPF records properly, the hosting site provides some tools to do this. For users on the edge of their competence, you’d then set the SPF record on your host but then not set it at Cloudflare, you have to really know what you’re doing to transfer the setting (which would have been picked up in the initial scan when you joined Cloudflare) back to Cloudflare again.

The act of moving from one host to another would require a very much greater effort than it does today with just a simple change in pointing of nameservers at the domain registrar.

I’m not saying any of this should be dumbed down to the lowest common denominator, but Cloudflare is making these complex things look beguilingly simple.


#8

Couple of notes I’ll add to this conversation… our initial scan looks for ~= the 2,000 most common DNS host names we’ve seen and some simple queries like TXT and MX for the root domain. It is VERY likely for anyone who has even a moderately complex DNS zone file this scan will miss records.

So a BIND file import or manual double-check that records exist is always a good thing. I also recognize sometimes records will exist in an orphan zone on a hosting provider just by nature of how some tools are designed, but unless you’re doing subdomain delegation making sure those records get added the active DNS zone is kind of part of the process.

And final thought… BIND import won’t overwrite existing records on Cloudflare. So it either needs to be changed manually or scripted via API.


#9

Thanks for the reply. I know it’s not really Cloudflare’s business, but shouldn’t there be some way to (even temporarily) redirect a domain name to an external DNS even if it is just for testing or for setting up a new host?


#10

Yeah that’s sort of a hard problem to solve because DNS is supposed to be authoritative… typically if I am helping one of my customers where they want to test something that way we use a Host file or an override value in a tool like curl (to bypass DNS entirely). Technically one can also do creative things with Workers and custom headers to do dynamic redirection for testing, but that tends to be be a bit more complicated.