Something I’ve been thinking about lately… when first setting up a domain for Cloudflare DNS, you have to set the domain’s nameservers to two specific values, for example, john.ns.cloudflare.com and jane.ns.cloudflare.com, for ownership verification.
However, all the domains in my account use the same pair of nameservers. Even after domains are transferred to Cloudflare Registrar, and even new domains that are registered from scratch via Cloudflare Registrar, they still use that same pair of nameservers.
A very old blog post stated that there are 2550 different nameserver pairs, meaning there are probably multiple Cloudflare customers that get assigned to each pair, but I don’t know if that number is still accurate.
Even if the nameserver pair on its own isn’t enough to uniquely identify a customer, it seems like combining that with other data (for example, since Cloudflare Registrar doesn’t redact Country & State WHOIS data, you have at least two additional data points to compare) you could get a reasonably level of certainty that two domains are owned by the same person.
So some questions:
Why does Cloudflare use the same nameserver pair for all domains on an account?
Is there a way to request that each domain be assigned a different nameserver pair?
When domains have been transferred to Cloudflare Registrar, why do they still use the same nameserver pair, even though there’s no longer the same need for domain ownership verification?
When a new domain is registered through Cloudflare Registrar, why does it still use the same nameserver pair, even though there’s no need for domain ownership verification?
I suppose you could work around this by using multiple Cloudflare accounts (such that each account gets a different pair of nameservers) however that seems like it could carry its own problems and limitations as well as being cumbersome to manage.
I know most people probably don’t care if someone can compile a list of all their domains just by correlating WHOIS data, but some people might care.