DNS Auto Import completely mangled

I just want to flag up that the Automatic DNS import when adding my site to Cloudflare did a pretty terrible job and completely mangled a number of important records that caused our email bulk sending platform to fail.

The email sending platform makes use of NS records for the ‘email’ subdomain in order to handle the management of link tracking etc etc.

The specific records before Import to hand off this subdomain:

NS email ns1.emailplatform.com
NS email ns2.emailplatform.com

This allows it to handle any requirements for sub subdomains. For example, it defines a sub subdomain for link tracking (r.email.ourdomain.com in this case).

Cloudflare removed those records and bizarrely replaced them with:

A email ip4address
MX email ourdomain.com

Neither an A nor an MX record existed for the email subdomain previously. It just invented them.

I cannot fathom out why it would do something so dumb but I guess I’m the idiot for assuming it would import the DNS records properly. I have learnt my lesson!

Hopefully this helps the team improve the import.


You can’t add Nameservers after adding the domain to Cloudflare

The DNS import “jump start” uses a predefined list of the most common DNS records, and tries to import them. I would be sure that it does not attempt to import any NS records for subdomains. In any case, you need to verify that all records are in place before you change the NS records for the domain with your registrar.

The best way to import records is to import a BIND formatted file into Cloudflare.

Cloudflare allows subdomain NS records just like anyone else. Just added them to fix the problem.

Thanks Michael. Learnt that the hard way! I had assumed it could simply ‘scan the DNS’ or something like that but clearly I was wrong and that’s not possible. Still, I think the email subdomain is common enough, and the NS record pattern is common enough for bulk sending that it’s worth an enhancement request. As I stated, though, I am primarily at fault for imagining it more powerful than it actually is, and for not checking it!

The “or something” is AXFR, but most domains do not (and should not) allow AXFR transfers to public servers. Cloudflare only support AXFR for certain Enterprise products. In reality, it is unlikely to be used by the vast majority of zones, and not worth the support headache it would cause for the initial setup.

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.