Cloudflare DNS migration from GCP Cloud DNS

Hi, we’d like to use Cloudflare’s DNS management tool.

We’re currently using Cloud DNS on GCP and have an integration through Google Kubernetes Engine, Terraform, Istio Service Mesh, and Let’s Encrypt.

By transferring the DNS management to Cloudflare - what implications will this have on our current infrastructure? Should we be using Cloudflare’s L7 or DNS-only?

We have reviewed the following:

Thank you

Greetings,

Thank you for asking.

Before moving to Cloudflare, I would recommend to check and make sure all the (sub)domain(s) are working over HTTPS and have got valid SSL certificate.

I would also check if I already have got the DNSSEC enabled and existing DS record.
If so, I have to disable it and remove them first before starting with Cloudflare for my domain name as far as in the process of adding a domain name to my Cloudflare account I would have to change the nameservers.

Furthermore, I would check for any app which is working over a port if it is compatible and supported with Cloudflare proxy :orange: mode from the link list on the below link:

Nevertheless, I would re-check my firewall and allow Cloudflare IPs to connect to my origin host/server:

Cloudflare IP addresses list can be found here:

Also, a good way to check in case if you are using some integrated partner already, or not, or maybe some SaaS for your (sub)domain which provides an SSL certificate and similar.

In case if I do not have an SSL certificate, I can use and setup Cloudflare Origin CA Certificate at my origin host/server:

Useful articles in terms of the SSL while using Cloudflare:

Depending what you need, you can use :grey: (DNS-only) if that’s applicable and suitable for your case and for a good starting point before changing nameserver, transfer and set DNS records as needed and make sure they are :grey: (DNS-only) so you use only the Cloudflare DNS at the beginning.

  • but you would miss out some of the great features and benefits of Cloudflare like anycast network, optimizations, security, etc.

In the process of adding your domain name to your Cloudflare account, Cloudflare will scan for the existing DNS records and re-add them. There might be some differences and some could be missing.
.
If so, there is an option to import DNS record from existing provider (in a BIND format, txt file), so if you have the option to export them from your current provider, great, otherwise manually review and add or edit them.

Later on, you can switch from :grey: (DNS-only) to proxied :orange: record like A www or A domain.com (or CNAME if using that kind of a setup).
Therefore, if everything goes smoothly, you can do it for other hostnames as desired too.

One more caution, Cloudflare proxy mode :orange: does not work with e-mail related hostname like A mail to which the MX record is pointed. Usually, the MX record should point to a hostname such as mail , and the A (or CNAME ) type record for that hostname should be set to :grey: (DNS Only).

  • or a 3rd-party email provider like Google Workspace, Office 365, etc.

That is needed to be set correctly to make sure e-mails continue to work while keeping proxy :orange: for your domain.

Other useful information can be found at the link and article from below :

I have to admit I haven’t used all of those services together, rather separate or tried out each - at least not so much and not experienced with the GKE, Terraform and Istio Service Mash.

I hope my answer helps you a bit.

Furthermore, feel free to reply more.

Kindly and patiently wait for a reply from someone else more experienced or from someone whom might used this or similar setup and could provide more and better feedback.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.