How are my DNS records getting changed automatically?

This has happened twice within this week. I recently moved to a new server hence updated the IP address in the A record for the primary domain. It got changed to the previous entry automatically last week. I did check the audit logs and saw records being deleted and then old ones getting added.

The same things happened again today. Has someone else experienced this? This is totally messed up. The traffic on our website suffers because of this configuration change.

Please help me resolve this or I will have to pause and stop using Cloudflare altogether.

So who’s the one changed the DNS records? Audit logs should show that.

Got an IP address - 54.210.182.168 and the Interface says - API
How do I find out who did this from this information? Please help.

This IP address owns by Amazon, particularly someone who is using Amazon Web Services for the EC2.

Try to see if there are any active API tokens here?

https://dash.cloudflare.com/profile/api-tokens

Yes. I too found that this IP is used by some Amazon EC2 instance. The same IP changed it last time too. There are no active API tokens. I even changed my Password and enabled Two-factor authentication after last time.

Try to rotate your Global API Key then.

How to do this? And will it have any impact on my general setup on Cloudflare? We do not use any keys though, I always login to the Cloudflare dashboard myself.

And why would someone revert back the A records to exact same. Also, I deleted one DNS record which I no longer need, that is also getting added again.

I have changed the Global API Key. I hope everything keeps on working fine now.

1 Like

I’m not sure whether your domain was configured under a partner hosting setup previously - it could happen.

If you have changed the global API key and there are no API tokens, then it shouldn’t happen again.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.