Are your websites down now?
Changing nameservers should be completely hitless provided you don’t make a mistake. But changing nameservers again and again will always cause more problems than it solves.
- If you currently have DNSSEC enabled, remove the DS records at your registrar, and wait 24 hours.
- Export your current DNS records from Route53 to a BIND formatted text file.
- Add your domain to Cloudflare, and import the records from the BIND file
- Make sure all DNS records are
- Manually verify that all the records have been created and are correct.
- Repeat step 5, properly this time.
- Change nameservers with your registrar.
At this point the name server change will be propagating, but both Route53 and Cloudflare are serving the exact same data, so nobody will notice that anything has changed.
Make sure your MX records do not point to a hostname that is also used as a webserver. Similarly, make sure you don’t use the webserver DNS entries for things like FTP. If they do, the next step will cause them to break.
Verify that your Origin webserver has a valid certificate for your webserver, and that the SSL mode is set to “Full (Strict)”. This will ensure you don’t end up with a mismatch when you start enabling the Cloudflare proxy.
Once you have confirmed that the name server change has completed, you can start to change your website DNS entries to and start using Cloudflare features.