Cloudflare DNS allowing abuse from unauthorized individuals?

I decided it was time to find out what the heck is going on, and why it has not been addressed.

Yesterday, I received a DMCA notice for a .net domain which I had on Cloudflare and I had directed to an active .com website. I found my domain was no longer pointing at the correct website, and it appears there are two issues which lead to the redirection of my domain.

# 1 - Cloudflare had dropped the domain from my account.

The name servers for ~ snip ~ no longer point to Cloudflare. They now point to:

DNS1: [not set]
DNS2: [not set]
DNS3: [not set]
DNS4: [not set]
DNS5: [not set]

As this account was created a long time ago, the email assigned to it was not being monitored. I’m not the first person to receive a false positive.

So how much checking is actually done before dropping a domain from an account?

# 2 - Some other person was then able to add my domain back into the Cloudflare DNS system, and pass or bypass verification.

I first noticed this type of activity about a year ago with one of my domains, but didn’t think it was that wide spread until I noticed it again a few months ago. This is when I decided to do a little digging.

dig -t NS
;; AUTHORITY SECTION:             86400   IN      NS             86400   IN      NS

dig SOA
;; ANSWER SECTION:             3600    IN      SOA 2025384261 10000 2400 604800 3600

dig -t NS
;; ANSWER SECTION:             86400   IN      NS             86400   IN      NS

That’s not my domain, but is one of the others I found with identical website content and with their DNS in the same condition.

Domains have been set to one pair of Cloudflare nameservers,
while Cloudflare DNS shows a different pair of assigned nameservers.

How has this problem remained quiet for so long? It doesn’t seem like something that would be flying under the radar.

1 Like

If you’d like to open a support ticket we’d be happy to investigate your issue. Please include the domains impacted, the account you registered the domains with Cloudflare for managing that domain and any email messages you may have received from us regarding the domain’s status.

1 Like

I’m curious about Issue #1, no name servers listed. Isn’t that something that was taken up with your registrar? When I point name servers away from Cloudflare, it seems to take several days (or more than a week) before Cloudflare finally drops my domain.

I can’t speak to this specific case, but generally there are several checks made before our system designates a zone for removal from the network. Typically this type of occurrence is related to some sort of renewal lapse or error on the registrar side, but I can’t say for sure. Looking forward to some more info from @GWhiz so we can investigate this instance.

I have the same issue and Cloudflare don´t help me.

Have @GWhiz get any help or get a way to find host IP?

Can you elaborate a little on your situation?


The site is cloned to . But also inserted abuse text and ads that harm companies.

All whois / DNS IP for the cloned site goes to Cloudflare.

I report it to Cloudflare.
After 2 weeks waiting I got this answer from Cloudflare.

“Cloudflare is a network provider, and does not host websites or content. We have no alternative information to provide for the hosting provider indicated, as the information is sourced from a WHOIS lookup of the IP address against the public WHOIS database.”

I also got a gmail address that didn´t work. That should go to the host provider.

Cloudflare only reply to 20% of emails sent to them, and also they don´t pass forward the real IP or Help at any point.
For me it looks like Cloudflare is protecting criminals. Cloudflare makes it possible to criminals to be anonymous and protect their illegal behaviour.

GoDaddy is the register of the domain and GoDaddy point that Cloudflare is the hosting company to the site so it is up to Cloudflare to take action of the site.

Good day cloudflare.
I am having the same issue on the domain since 2 days. All looks green in cloudflare but I get the same strange results in dns testtools.

You’ll need to speak with your registrar.