Clarify DNS Settings on a new domain

dns

#1

I am unclear on what the correct settings should be when migrating a domain from a previous DNS host to Cloudflare. Should I check the Cloudflare Logo to make it orange, or not? My needs for this are almost 100% used in migrating an existing WordPress website from a different host and DNS provider to my host and Cloudflare as the DNS provider. In almost every case the new site on my server will also be using HTTPS. Any advice will be much appreciated.


#2

You should do this if you want to place your server behind Cloudflare’s proxy and use their proxying service (including their web firewall), otherwise not. Typically it is not a bad idea to do that, but that depends on your use-case.


#3

This service was recommended to me because I need to block countries from my servers/sites… which I believe is the Firewall. So, to use the firewall, I need to check the icon so it is orange, correct?


#4

Your entries will need to be :orange: for firewall and most features of Cloudflare to work, but blocking countries at the Cloudflare level requires the Enterprise plan. You can block countries via your own web server’s firewall, though.


#5

An easy solution to blocking (or allowing) specific contries on non-Enterprise accounts is Workers using the Country header from Cloudflare.


#6

I’ve been able to add a number of countries to the IP Blocking feature in the Firewall on my free account. Is this not the way to do it?


#7

It should provide simply the option to challenge them, not block them.


#8

Well, it seems to have helped in cutting down traffic on my servers.


#9

That certainly, as it challenges all visitors from these countries and only forwards the request if the challenge is passed.


#10

Can anyone explain why when I do a whatsmydns.com query on my changed domain from a previous DNS Host to Cloudflare Host, it displays 2 IP addresses instead of one?

– and neither one is correct?


#11

These are the two IP addresses of the Cloudflare proxies.


#12

But, I need the dns to point to my web server IP address.


#13

Why?.


#14

When your DNS page shows :orange:, cloudflare sits in front of your server to grant performance and security. This means all requests will go to Cloudflare servers which then act as the user and forward requests to your real origin server.

Due to how Cloudflare features work, the DNS must be :orange: to take advantage of them. If you do not care about caching, security, performance, SSL, etc then you can turn the records grey :grey: and Cloudflare will only act as your (pretty good) dns provider with 500k free authoritative DNS requests per month.

Since blocking countries is not available on free/pro/business, both :orange: and :grey: will work for you use case, and country blocking will have to be done on your origin server or via Cloudflare workers (workers require :orange:).