First Check nearly 600 DNS records

Hi cloudclare-community,

I wanted to migrate my newly hosted domains to Cloudflare, as I have done with several other domains.

Normaly there are only 5 or 6 DNS records. But now, the first check per domain shows me extremely many (almost 600) DNS records that look suspicious to me (names like cash, affiliate, blog, bot…).

This happens with a new domain, but also with a domain which I hosted since many years. I have already asked my provider, but they also don’t have a clue. They said: We can only guess here. It looks like a list of possible subdomains. Since we have the * set, this catches every subdomain. However, you end up on the IP of the server, but only with created subdomains also a web page is displayed.

This has never been the case normally. As in their tutorial Anleitungen, KAS, Tools, DNS-Werkzeuge: Nameserver ändern there are normally few DNS records in a domain transfer.

Virus and malware check do not show any suspicious results. Can you explain this? How should I proceed now for a switch to Cloudflare? Do I really have to erase all of the 600 unnecessary DNS-entries? Is there a way to do it in one step?

Kind regards

Benjamin

Hi, I don’t think this is anything to be concerned about. I have a few guesses about what could have caused this:

  1. The Cloudflare quick DNS setup may query subdomains from a set list to attempt to catch the most common ones. In combination with the wildcard set, this could lead to most, if not all of the subdomain list being added as individual records.
  2. The quick setup could also populate list of subdomains through some other source of data (such as passive DNS data from 1.1.1.1) that has been tainted by someone or a bot attempting to enumerate the subdomains from a list using a tool like Dnscan.
  3. Depending on the settings for your website, it may also be that search engines are recognizing the each subdomain as a valid site rather than just the ones you use. This could happen for example each subdomain returns a 200 (OK) status page rather than something like 404 (Not Found) or 301/302 (Redirect). Cloudflare import could also be using this data.

As far as removing all these records without going insane, there are other posts talking about this same problem. Some of which include scripts users made to bulk delete records. Alternatively, temporarily deleting the wildcard and zone from Cloudflare and re-importing may also work.

1 Like

Thank you very much! That helped a lot. :grinning:

This is why there are an excessive number of DNS records. Here is a better explanation of how the scanning tool works:

2 Likes

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.