CNAME records being deleted by an API linked to a specific IP address

I am trying to get to the bottom of an issue where some specific Convertri CNAME records in Cloudflare are being repeatedly deleted by an API firing from a specific IP address.

I’ve been screenshotting for days in an attempt to build up a picture but as I went to share it with Cloudflare’s support resources, I stumbled across my Cloudflare audit logs that I’d been told about but hadn’t previously been able to find…

Although most of the audit log info is beyond my technical understanding, from what I can see is that while my CNAME records are being added manually via UI (user interface?); i.e. me/my tech team using my login via LastPass), the records are subsequently being deleted via an API that comes from a single IP address.

How do I trace an IP address to see if I can identify the source of that API?

Whatever is in the Audit log is all the information available. If you want to stop external updates to your DNS, you can Change your Global API Key.

Forgive my lack of technical knowledge as it’s been painstaking getting this far.

What does changing your Global API key mean and how might this affect my Cloudflare relationship with third parties such as Ezoic?

That’s the most likely cuplrit, you can ask Ezoic if that is an IP address of their system(s).

1 Like

An API key is a password to your account settings, such as DNS. People who use Ezoic and similar services permit these third parties to make changes in their account. If you can’t track down which third party it is, Changing your API key is akin to changing your password.

Thank you. I’ve already sent them an email. Let’s see what response I get overnight.

Thank you

1 Like

If I put that IP address into whois.com, it comes back as an Amazon address

That wouldn’t surprise me, as many large operations use Amazon’s AWS.

Thank you @sdayman @cscharff for listening and offering help.

I believe the problem and a permanent solution have now been identified by Ezoic…

“When you are integrated with Ezoic via the Cloudflare app, Ezoic becomes the master DNS so you need to make updates to your Ezoic DNS settings because if changes are made to Cloudflare but not in Ezoic, it will break the integration or cause the site to go down if Ezoic isn’t also looking at the updated records.”

We have made the appropriate changes in Ezoic and they appear to have immediately populated Cloudflare. Followed by the the affected Convertri pages all being found again.

My ever-growing knowledge bank is grateful for the deposits you made today as they all helped me escalate tracking the real problem and finding what appears to be the permanent solution. Thank you again.

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.