Use Cloudflare for site hosting, but keep DNS records with another company?


#1

Hi folks - our webdev company is moving our site to Cloudflare, but we prefer to ‘own’ our own DNS records in case they mess up non-website info e.g. MX records for our local Exchange mail server (they have made mistakes in the past, hence our lack of confidence).
They suggested that we could use GoDaddy or other DNS registrars, provided the registrar can:

• Use CNAME for the apex record
• Forward the apex to another domain (e.g. example.com -> www.example.com)

However, when we spoke to GoDaddy and some other reputable registrars they say:

  • they don’t allow using CNAME for apex records
  • The Apex can only point to an IP

This suggests that if you move a website to Cloudflare, you have to also use Cloudflare as DNS registrar since (so far) nobody else fulfils the conditions regarding CNAME or Apex Forwarding?
Is that right?

Thanks

(at the moment our records before we move site to Cloudflare look like this:
mail - A - 221.108.x.58
remote - A - 221.108.x.58
www - A - 143.223.x.112
ourcompany.com - A - 143.223.x.112

  • MX - ourcompany.p10.spamcheck.com (we send our email direct from our own Exchange Server on-premise, but incoming email is first received and checked by a Spamcheck service, before being forwarded to our on-premise Exchange Server)

#2

Can’t decide if I am more offended that you think GoDaddy is a top tier DNS provider or that we’re not. :wink: But that’s OK, I understand there can be many reasons why a customer might not be able to (or chooses not to) move to Cloudflare for DNS.

What’s you probably want to ask the DNS providers is if they support either ANAME records or CNAME flattening at the root. Another option is to script a check of the value for www.example.com and if it ever changes modify the IP address for your A root record.

I will make a last pitch that our DNS service is pretty damn good. We serve over 1.2M DNS queries per second and have the largest market share of Alexa 1M websites of any single provider. My recommendation would be to make sure you have a BIND import of your domain into Cloudflare and gray cloud everything until your SSL cert is issued if you do migrate to our DNS… that ensures we have all the DNS records we need from the source (vs. our scan attempt) and serves traffic direct to origin until the SSL certificate is issued at which point you can orange cloud the records you wish to proxy through Cloudflare.

But either way CNAME flattening at the root or ANAME record support are probably the ‘magic keywords’ that will determine if a particular DNS provider can support what you’re looking for.


#3

I really was trying to be tongue in cheek. I am sure GoDaddy is a very fine DNS provider. :expressionless:

One other thing… you’re also welcome to import your BIND file to Cloudflare even if you will eventually go in a CNAME setup to check and see how we would answer queries. Once the entries are in our DNS you could query the DNS server directly to determine its response:

e.g. dig ourcompany.com mx @ivan.nd.cloudflare.com

To determine that we are/were responding with the appropriate responses.

ANAME is a relatively new standard but there are several major DNS providers who support it I believe.


#4

Humor IS allowed - and probably needed for us non-webdevs when dealing with DNS… ;o)

Thanks for the prompt response - shall fish around some DNS providers tomorrow and report findings.

Not a lack of confidence in Cloudflare DNS - it is just that we have already experienced business critical mail interruption (with our Exchange server) thanks to previous webdev people ‘fiddling’ with DNS records, so it makes sense for us to continue to hold ownership and access rights ourselves.


#5

Ah I understand. If the challenge is multiple folks having access… we have an enterprise plan which allows segmentation of roles and a similar feature set is currently under development for non-ENT plans so you could restrict who has access to make DNS changes (or who can purge cache for example).


#6

My 2 cents and hope it is helpful,
I not an MX expert and do not play one on the web.

We use
https://mxtoolbox.com/
follow up, track and to make sure invoices are getting outbound to customers.

DMARC, DKIM, and SPF records,

You can sample 20 plus web interface tools,
DNS Lookup for IPv6, blacklist, CERT Lookup
https://mxtoolbox.com/NetworkTools.aspx


#7

Long before moving to CF, I researched dozens of DNS providers, and settled on DNSMADEEASY.com They have a fantastic DNS service and interface, including failovers (which is what I needed). Used them for many years,I highly recommend them for third-party DNS.

But now have all our DNS with CF and it’s working just as well.

I personally wouldn’t trust my DNS to godaddy.


#8

Thanks, that sounds attractively flexible.


#9

HI - thanks for that reminder, mxtoolbox can be a Swiss Army Knife at times


#10

Thanks, we’ve been steered to easyDNS.com (as they’ve been cited as having all the CNAME functionality etc. needed) but if that comes up nix then shall look at dnsmadeeasy.com
GoDaddy - lot of people seem to diss them, but I have to speak as I find - their real-humans-on-the-end-of-phones-24/7 has always worked well for me (so few companies seem to invest in their support side).