Our IT person has concerns about Cloudflare’s DNS hosting.
Here is what he said
“It would be good if you could email support from Cloudflare and tell them that we intend to maintain control of the DNS zone file and that if they could provide us with records to be added, we would do it ourselves.
In the case where we must have cloudfare hosting our DNS, then it is not a service worth-while.”
This is the case and fundamentally required for how Cloudflare works.
For Cloudflare to do anything, i.e for traffic to hit the caching or security features, it must reach Cloudflare. This requires that Cloudflare know your origin’s IP and are able to replace that in DNS queries with their own IPs.
Your device hits Cloudflare, goes through the traffic flow and then Cloudflare fetch your origin.
➜ ~ dig cloudflare.com A +short
The site isn’t really on those IPs but rather you hit Cloudflare and then Cloudflare fetches the real origin on your behalf transparently.
This wouldn’t work - but I also wonder why they’re against the idea? DNS is DNS, regardless of where you’re maintaining it. You can use IaC (i.e Terraform) to manage it if they don’t want to use a dashboard.
If you only wanted a single subdomain to be controlled by Cloudflare, there’s partial setup (Business plan or higher only) but you still delegate control of that subdomain to Cloudflare. https://developers.cloudflare.com/dns/zone-setups/partial-setup/
Thank you for your reply, this was very helpful!
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.