Auto deletion occurs without warning or recovery

Hi. I’m a brand new customer as of today, and still waiting on my previously-enabled DNSSEC to get flushed out of everybody’s caches before I cut over my nameservers. However, says that in the event of changed nameservers, even if it’s a registrar’s mistake, all DNS records and site settings are automatically and permanently deleted without the possibility of recovery… I don’t understand how that’s compatible with running a business on Cloudflare.

As a good example, the early days of the .io ccTLD had many customers’ domains enter redemption or expiry several days before the expiration date, due to ridiculous prepayment policy by the TLD’s NIC regardless of the registrar used. In that event, Cloudflare would have immediately deleted the site from anybody’s dashboard instead of just halting service for that site, making swift recovery impossible even after the technical issue (NS change) was fixed. Every configuration rule and DNS record attached to it would be gone, and any service (not just web sites) relying on those settings would be broken until the owner can figure out what was there and restore it.

Can someone explain the reasoning for this policy to me, and give me some reassurance that technical mistakes by my DNS provider and/or my registrar and/or the TLD’s authority won’t cripple a business beyond the hypothetical NS “downtime period”? I don’t currently make a habit of archiving my zonefiles and configuration offline, but it sounds like I should if I cannot trust Cloudflare to not nuke them on a whim without human intervention? Perhaps I should write a utility that calls Cloudflare’s APIs in a cronjob to blindly back up all API-accessible settings to make for a quicker restore?

:wave: @ben40,

Cloudflare does send an email notification when your nameservers are incorrect. It also moves the zone into a “moved” state visible in the UI and via API. After 10-15 days it is deleted and subsequently purged.

You can and should back up your Cloudflare settings; true of any service for DR/BC purposes. You can export your DNS settings from the dashboard and there is a terraform module to export current settings on github as well.

— OG

1 Like

Thank you! Is there any chance we could get that support article modified to reflect this as official policy? Much appreciated.

It also sounds like I should set my Cloudflare notifications to go to an address on a non-Cloudflare-hosted domain… I know that Cloudflare does not proxy the MX records, of course, but even so. :thinking:

Hi @ben40,

To be honest, I thought this was documented somewhere, but can’t find it now. Maybe it was in an old article or maybe it wasn’t in the docs at all, or maybe I just can’t find it!

Either way, CC @cloonan, @fallon, @jpugh to see if this can be included.

1 Like