I recently moved my domain’s DNS and CDN to Cloudflare, and I noticed that all I had to do was to get my domain registrar to change my NS records to point to Cloudflare nameservers.
My question is, how does Cloudflare know that I’m the real owner of the domain creating the account and attempting the move, and not someone else? If someone else had created their own Cloudflare account before I did and also attempted to move my domain’s DNS to their Cloudflare account before I did, would Cloudflare have given me an error when I’d try to do the same thing? If not, would Cloudflare have given us the same Cloudflare nameservers to point to? What would have happened?
Cloudflare authenticates you by the provided nameservers. If you (or someone else) were to add your domain to another account, it will get a unique set of nameservers, and none of the configuration applied to that account will go live until the nameservers are switched.
Thanks. I asked the question on the assumption that there weren’t many combinations of Cloudflare nameservers. After reading your answer, I found it hard to believe that there were so many that they could be used for authentication, because all the nameservers are only differentiated by common names like “logan.ns.cloudflare.com” and “gail.ns.cloudflare.com”. But after a bit of Googling, I found this blog article that says that there are indeed enough, and I’m inclined to agree.