Recommended practice for migrating DNS

I would like to ask, is there a best practice for migrating a domain to Cloudflare?
From my readings, and previous experience, it frankly comes down to: change the name servers and take your chances. There’s no way to actually test that the name servers are working correctly without really migrating. Or is there?

If anything goes wrong, the cost is huge due DNS propagation. We’re stuck with a non-working domain, waiting for the reverted changes to propagate back to the original DNS server.

I hope my question makes sense. We just want a set of guidelines to follow, to have the DNS migration planned, structured and tested.

Thank you.

Do you have DNSSEC? If so, remove the existing records at the registrar unless you know exactly what you are doing, and wait 48 hours.

Set up your DNS records. If you know what you’re doing do it manually (the import is okay, but has quirks).

Look for :orange: records, are these just web servers without anything else? If they host anything else switch them to :grey:

After that you can compare DNS records with dig or a Dig Web Interface tool, compare the results against the nameserver that Cloudflare provides and your existing one, other than the TTL everything should be the same. Check anything that seems important.

Personally I will set the site to Pause on Cloudflare at this stage and then update the nameservers. Regardless of what goes wrong other than DNSSEC, all you are relying on Cloudflare for is DNS at this stage, so mistakes can be fixed quickly.

Wait for Cloudflare to recognize the nameserver switch. Also wait until Cloudflare provisions the certificate and then consider either unpausing or set all DNS records to :grey: and just enable a test hostname to :orange: as desired.

Finally, if and only if everything is good, enable Cloudflare’s DNSSEC and set up the records as needed.


Thanks for the answer. But I feel the answer assumes that I’m starting a new website from scratch.

Our domain (running our SaaS product) currently has 5 TXT records, 10 CNAME records, and 7 A records, and is being requested several times a minute.

How can we switch the domain to manage its DNS through cloudflare, while ensuring 100% that nothing would go wrong, and that users won’t see any (or minimal) downtime?

Thank you.

He suggested several steps along the way for migrating a site’s DNS: 1) The Import (of DNS records). It’s not always 100% accurate, so he suggested manual entry. It might even let you import a BIND file at that point, but you can definitely import one after initial setup, but before the name server change. 2) He suggested that you compare DNS records, so you aren’t missing any in Cloudflare DNS.

You’re not going to get a 100% guarantee from anybody that nothing will go wrong. IT doesn’t work that way. I get that it’s nerve-wracking to make such a drastic change. That’s why you watch it like a hawk after thoroughly checking all your records.

If the DNS records are a 100% match, users will notice no downtime, as you’re swapping out one name server for another with identical records. Which is why he suggested that you “Pause Cloudflare on Site” from the Overview settings section. That will put it in DNS-Only mode, which is the same as setting all your DNS records to :grey:.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.