There is a basic thought that putting DNS records behind Cloudflare, those records/ip are protected and no one can see those.
In fact, those are not protected at all. It is extremely easy to add someone else’s domain and voila, all DNS records will appear. Even those with Cloudflare status activated because the web script get’s the info from database directly.
There is no verification of the domain once it is typed a second time, etc.
Cloudflare, I expect a discount. Lol.