Cloudflare DNS Questions

twest

Yes.
No.
No, but records default to no-proxy, so shouldn't be a problem - you'd just ignore it in this case.
There's no such thing as "enhance cloudflare account". You would either login to the customers Cloudflare account to generate a api token, or you would have the customer add you as an admin on their account so your CF account's api token could be used for their domain on CF.
This question doesn't really make sense (thinking you are not understanding how the Enhance CF integration works)... People set their Nameserver setting at their domain registrar, it doesn't have anything to do with Enhance.
Read the docs and other forum posts about it so you understand how the integration works. Each customer will need to have the integration added on their accounts, the api token needs to be configured on your/their CF account. Once the integration is in place and activated on a domain in Enhance, Enhance will overwrite whatever dns settings were at CF and replace it with whatever is in the domain's dns section in Enhance. Any future changes to customers dns needs to be made from within the dns manager in Enhance (because Enhance will delete/overwrite anything that's not in Enhance).

The main benefit I see for having the integration connected is for DR. In an event where a server was recommissioned then Enhance can automatically update all the dns at Cloudflare. If you didn't have the integration setup then during a DR event you'd have to update the dns manually to reflect the new IP.

nqnoc

@twest
Thanks for all your responses. Never tried Cloudflare on Enhance and I was supposing that only 1 Cloudflare key/account would be used and shared for all domains hosted on Enhance.

But from your responses I assume, that each individual domain can have its own key (from client cloudflare account) or I can share my own Cloudflare Account, correct?

Also, one more question: If I have the build-in Enhance DNS cluster (PowerDNS) enabled, can I have at the same time domains that use the Enhance DNS and others that use Cloudflare DNS?
Thanks!

twest

nqnoc you can use 1 cloudflare key/account, but you would need to setup all customer domains on your CF account or if they have their own CF account they would need to give your CF account admin access - that way the token would work/have access it needs to update domains. On the Enhance side, you would have the one api token (that you setup in CF to have access to all domains your account can access) that you would then setup in the integrations section of each customer's website (you setup the integration/token, then in the dns of each domain you activate the integration, at which point Enhance dns manager controls the CF dns).

None of that setup at any point is automated in any way, you have to manage it all. The "one api token" is just saving a small step where you can reuse the same token on every customer's integration section. Once the setup is completed then there's some automation that can take place, like when you migrate a website between servers, DR, adding subdomains - all those things will update dns automatically at CF.

Yes you can use your own custom dns servers running in your cluster and also use the cloudflare integration. In a practical sense all this would mean is some of your customers would be using your custom dns servers and some customers would be using cloudflare dns servers.

nqnoc

twest

"some of your customers would be using your custom dns servers and some customers would be using cloudflare dns servers."

That is my objective! What I want is that by default all clients use Enhance DNS. So this will always happen when a new account is added. And then, is optional, if clients want to use Cloudflare DNS they can do it in a easy way, using Enhance <> Cloudflare integration.

I guess that then if a client wahts to revert back from Cloudflare DNS to Enhance DNS the change can also be done in a easy way using the Enhance control panel, correct?

Thanks!

Andreas

This got me thinking. I am not a regular user of CF. But I do have a few domains using it for testing and other reasons, so I am not completely newb to it.

But I was wondering, I noticed the DNS CF supplies to me, have all been the same.
I assume they give every account holder a random set of DNS names to use?

Can CF DNS be set up in Enhance so that all domains use it by default without manual configuration?
Then just have to supply the CF DNS to clients (instead DNS setup by enhance) to update their domains DNS?
Then any DNS entries made in Enhance would get pushed to CF.

nqnoc

Andreas
"I assume they give every account holder a random set of DNS names to use?"
Normally Cloudflare gives the same nameservers to all domains on the same account. But that is not guaranteed. They can assign different nameservers to new domains on the same account.

twest

nqnoc

nqnoc I guess that then if a client wahts to revert back from Cloudflare DNS to Enhance DNS the change can also be done in a easy way using the Enhance control panel, correct?

Kinda... Enhance doesn't control any domain registrar's Nameserver settings, that's something the domain owner needs to do. If the customer wants to point their domain at your Nameservers then they'll do ns1.nqnoc.com and ns2.nqnoc.com. If they want Cloudflare for dns, then they would point their domain at ns1.cloudflare.com and ns2.cloudflare.com. For that scenario of changing from CF to Enhance dns, they would just need to verify the dns config is what they want in Enhance dns manager, then go to their domain registrar and change the Nameserver setting to point at your dns servers.

Andreas Can CF DNS be set up in Enhance so that all domains use it by default without manual configuration?
Then just have to supply the CF DNS to clients (instead DNS setup by enhance) to update their domains DNS?
Then any DNS entries made in Enhance would get pushed to CF.

No.
No.
Yes, once you manually setup the integration and activate it on a website in the dns manager, then Enhance dns manager will overwrite whatever is at CF with whatever is on Enhance dns manager. Once that's done, nobody should touch dns at Cloudflare because Enhance will delete it - all edits to dns would need to be made in Enhance dns manager which pushes those changes to CF.

mastershammer

twest Once that's done, nobody should touch dns at Cloudflare because Enhance will delete it

This is very problematic, because Cloudflare creates some DNS records automatically, for example for their email services, and there are other services, such as marketing email platforms that have automatic DNS settings for their services. This would require two-way synchronization @Adam .

xyzulu

mastershammer you may need to search, but I am sure I have seen a feature request for a Cloudflare record sync

twest

mastershammer not really. If someone wants to turn on the cloudflare email forwarding service, cloudflare gives you the DNS records needed. You'd just copy/paste those into Enhance DNA manager and you're done.

That's the same thing for all DNS records. It's the exact same situation anyone would face if they just used plain cloudflare for DNS. They want to setup dkim/spf for an email service? They would need to login to cloudflare and add it. With Enhance managing their DNS the only difference in what they would do is they would need to add the records in their Enhance DNS manager instead of cloudflare.

A toggle to decide which way the sync was run would be a nice perk so we could switch it off and on for whatever records we needed, but as it is the way Enhance currently has it is perfect.

Clients get more confused by cloudflare DNS manager than they do the Enhance DNS manager. From feedback we've received anyways. So this works perfect for us.

xyzulu

twest but as it is the way Enhance currently has it is perfect

Same, BUT I would love an initial Cloudflare record import to Enhance. Just a BIND formatted record import would be enough.. or even a cli option. But, bigger things first..

rdbf

twest That's the same thing for all DNS records.

Except (Argo) tunnels though, unfortunately. Would have made life easier. But apparently behind the scenes at Cloudflare it's not just a DNS entry.

twest

xyzulu hard agree on that. An "import before activate" option would be nice.

My fear for having any other options to edit the sync is DR getting screwed up. As it is now it's a no brainer, Enhance handles it all by force.