Unique nameservers

It has occurred to me that all domains under the same account must use the same “unique” combination of nameservers. For example if domaina.com and domainb.com are under the same account they both might use bob.ns.cloudflare.com and john.ns.cloudflare.com.

Th security implication here is that somebody could link domains domaina.com and domainb.com to the same account and thus the same individual in situations where that is not desired.

Thoughts?

This is generally, but not always, the case.

The link is tentative at best. Each unique NS pair has ~25,000 domains attached. If that is still too close for comfort there are several options:

  • Add the domain to a different account. It will probably get different nameservers. (But there is a 1 in 2,550 chance two accounts will have the same default NS pair).
  • On Business or Enterprise plans use custom nameservers.

You could (in theory at least) create accounts until you get an account with the same default NS pair as your main account. You could then add the hidden domain to that account, but don’t bother making it active. Now, when you add that domain to your primary account Cloudflare will assign it a different NS pair. This is how Cloudflare know which account the domain has been activated on, so the NS pair has to be different. Probably easier to just use a second account for the hidden domain.

2 Likes

The link is tentative at best. Each unique NS pair has ~25,000 domains attached.

True. But 25,000 is probably a fraction of 1% of the total domains on Cloudflare. If you already suspect that two domains on Cloudflare are the same person, their using the same NS pair could certainly be used as confirmation.

Probably easier to just use a second account for the hidden domain.

Understood.

This topic was automatically closed after 30 days. New replies are no longer allowed.