Suggestion - Transfer Ownership


#1

A really helpful tool, would be the ability to transfer a domain from one account to another.
As a web developer, often I manage the hosting of a clients website, and as such I get them to delegate their nameservers to Cloudflare.

The problem is that when the client is no longer a client, but they want to remain with Cloudflare, its not possible to simply change the owner of the domain from my account to their new account.

Transferring would simply be a matter of changing the owner of the domain record, so that all DNS records, rules and settings could remain in place. No down time. No mess with transferring.


How to shift a zone from one cloudflare account to another cloudflare account by keeping the settings same?
#2

@luke: Agreed. They should be able to do this now. Have you submitted a ticket? If so, what was their response? In any case, I would assume the burden is on the client to continue with Cloudflare, not yours.


#3

@luke - Thanks for the suggestion. It’s not currently a simple process to do this, but it’s something we can definitely explore. So that I can provide as much detail as possible in the feedback can you give me some data around how often this comes up? What types of zones or plan levels these zones are on. Etc.


#4

@luke : Following @ryan’s input, here’s what I would do: Send a written notice to your former client advising them you will cancel your hosting services (including Cloudflare) within 2 weeks or as appropriate to you.

The above gives your former client time to figure out who’s going to host their website (baseline + CDN) next. The challenge then falls between your former client and Cloudflare, not you. In short, “no pay, no play.”

Of course, this sounds too simple so . . . what are we missing here?

Cheers!


#5

I definitely agree with @luke because I’ll have the same problem in a few weeks and I’m “scared” :smile:

I think that you can handle it in a simple way: somewhere (in the domains list or in the Overview tab inside a domain) click on “transfer ownership” and with a two-step verification for sender and receiver (e.g. email and text message on mobile phone) the domain is transferred.


#6

This is something Cloudflare should have, but it’s difficult to implement because of the security concerns around transferring zones between accounts–any mechanism that allows users to give someone else control over a zone could be exploited for malicious purposes.

I can think of several safeguards that could mitigate possible security risks:

  • requiring a waiting period before a zone is actually transferred: after the original owner and new owner approve the transfer, there’s a week or so before the new owner actually gains access, and the present owner is emailed a link that allows them to cancel the transfer
  • restricting the ability to complete transfers to Cloudflare staff
  • requiring the current owner to provide information from out of band: e.g. when you initially sign up a zone, Cloudflare emails you a transfer code, but doesn’t display the code anywhere in your dashboard; you must enter this code to transfer the domain.

I like the first option the best. The Cloudflare approval option relies on someone to manually process the transfer (which takes an undefined amount of time), and the transfer code option requires you to not lose the transfer code. The only issue I have with the first option is that it has a defined wait period and would require some defense against someone also changing the original account’s email. However, I think the defined wait period is okay (there shouldn’t usually be an urgent need to transfer a domain) and the email change risk is something that should be protected separately–not sure exactly how though.


#7

Sounds good for me too. What about adding a button (or a link by email) to revert the action, available for a week after the transfer completition? Can be useful?

This may be a problem if you lost the email.
When you transfer a domain, for example, you may request again the transfer code. If you can’t get it anymore may be a problem.


#8

I also need this feature. I am actually rather surprised it didn’t already exist!


#9

I’m in a similar situation. Because I’m new to CloudFlare I only have 2 domains in my account. Whenever possible, I walk my clients or their IT person through how to get a CloudFlare account and get SSL for their website.For a current client, that’s not possible, but I don’t want to add this new client to my account for the reasons already sited here. My solution is to create an email alias for a new CloudFlare account (i.e. [email protected]) and setup their Free SSL. Should they decide to leave, I can change the account information in my “profile” over to them. This plan would require a new email alias for each account with a different login. Any reason why anyone might think this wouldn’t work?


#10

When we release shared account access I believe it will allow for transfer of billing responsibility and that role will have ‘ownership’ and then an account which no longer needs access can be removed. Work is definitely in progress around that feature. I can’t describe how hard permissions really are to get right, so the team is working diligently on the features in shared account access, but it is one of the larger projects we have going because it touches way more aspects of the product than you might imagine.

A unique alias does separate/ segment control, but we are working on a better long term solution.


#11

There’s a workaround that has worked well for me. Another cf account can acquire a domain if they can change the NS servers.