Moving *just* DNS from another cloudflare account

Hello. New Cloudflare user with new account. We have a vendor with a cloudflare DNS account which contains our domain (among others) and we want to take control of of our domain ourselves.

I am attempting to follow the directions here:

which vaguely refers to the term “domain”, but clarifies that this won’t work if Cloudflare is also your registrar, so I’m concluding it’s specific to the DNS records (and perhaps other services), not domain registration (which is what “move a domain” usually refers to). First question: in Cloudflare parlance is “moving a domain” what I’m trying to do, when in fact I just want to move DNS?

I can’t move between these two steps:
2. Add the domain to the account (as if you were adding it for the first time).
3. Log in to your domain registrar account and update the nameservers to the provided Cloudflare nameservers.

because Cloudflare complains that the domain already exists. I attempted to get support, which requires upgrading, but the first step in upgrading is choosing which domain to upgrade, and of course we don’t have a domain, because we can’t do these steps. Catch-22.

So, what’s the secret sauce for requesting a DNS transfer from another Cloudflare user? I have read several of the threads on how to do this, but none addressed the specific error (xyz.com already exists).

[Our registration is at another registrar altogether, and we don’t want to move DNS there.]

Not a great introduction to the platform : (

You should be able to just add the domain to your account. The only reason it would complain that it already exists is if you already added it to that account. Is your new account empty, with no domains in it at all?

1 Like

Yes, new, empty account with no domains in it. I’m a user (the tech guy) on an account someone else (the business owner) opened today.

I follow the instructions to add a domain, get to this URL:
https://dash.cloudflare.com/[hex string removed]/add-site

enter xyz.com in the field,

and get “xyz.com already exists” when I hit the continue button.

I just tried every combination of adding a domain that isn’t in any account I have access to, adding a domain to one account that exists in another account I have access to, and adding a domain that already exists in the same account.

The only way I can get the “already exists” error is by trying to add a domain to an account when that account already has that domain in it.

You said that you’re a user on an account someone else opened. Are you a Super Administrator on that account? Is it possible that your access to the account is limited? Is it possible that the account owner added the domain already but didn’t give you access to it?

2 Likes

This is going to come down to another poor nomenclature problem, I believe. The owner said " I created an account and invited ***@buggysoftware.com as an administrator." I accepted that invitation.

However, when I go to “Account Home” (expecting said “account” to be the account that was set up by the owner and of which I’m the administrator), I see two accounts, mine and the owner’s, and the domain is in fact under the owner’s “account” in our Cloudflare “account” which I reach by logging into my “account.”

Please, please people: words matter. If “account” and “domain” are stand-ins for any word on the planet, they have no meaning.

Now the questions change: the instructions on the domain page:
https://dash.cloudflare.com/hex-string/xyz.com
are clearly about moving DNS from another registrar+DNS provider. First: Do I need to disable DNS-SEC if I’m moving from a different Cloudflare account? Thank you.

So, yeah, the thing is, your “account” is your login, and you can have domains in it, and it can have access to other “accounts”. Confusion may ensue.

Yes, you should disable DNSSEC before moving things over (at the registrar as well). Then, the best way to transfer the DNS over would be to export from the old account, then import that file to the new one. Once done, you can change the nameservers at the registrar to the ones your new account specifies.

Then you can enable DNSSEC again and copy the relevant settings (under DS Record in DNS Settings) to the domain registrar.

2 Likes

Thank you so much. The invitation literally said " You have been invited to join and manage an account on Cloudflare." That sounds like a single account, which the invitation will take me to. I’m not anticipating disambiguation from CF any time soon : )

My understanding is that DNSSEC runs at the DNS level, and the corresponding DS records at the registrar level. But the instructions for removing the DS records at GoDaddy imply that I’ll do that by removing the DS record from GoDaddy DNS, which is not where the DNS lives. I got an (oldish) zone file export from the other account that currently has our cloudflare DNS, and it has no DS record in it. So, for cases where the registrar is not the DNS holder (which most of the instructions imply) and the DNS zone is being moved from another cloudflare account (which the instructions generally don’t account for), how do I disable DNSSEC for this domain?

DS records are at your registrar regardless of where the DNS exists. They are served by the parent zone, which is why your zone file doesn’t have them. So this still must be done at GoDaddy.

1 Like