nqnoc

1. Yes.
2. No.
3. No, but records default to no-proxy, so shouldn't be a problem - you'd just ignore it in this case.
4. There's no such thing as "enhance cloudflare account". You would either login to the customers Cloudflare account to generate a api token, or you would have the customer add you as an admin on their account so your CF account's api token could be used for their domain on CF.
5. This question doesn't really make sense (thinking you are not understanding how the Enhance CF integration works)... People set their Nameserver setting at their domain registrar, it doesn't have anything to do with Enhance.
6. Read the docs and other forum posts about it so you understand how the integration works. Each customer will need to have the integration added on their accounts, the api token needs to be configured on your/their CF account. Once the integration is in place and activated on a domain in Enhance, Enhance will overwrite whatever dns settings were at CF and replace it with whatever is in the domain's dns section in Enhance. Any future changes to customers dns needs to be made from within the dns manager in Enhance (because Enhance will delete/overwrite anything that's not in Enhance).

The main benefit I see for having the integration connected is for DR. In an event where a server was recommissioned then Enhance can automatically update all the dns at Cloudflare. If you didn't have the integration setup then during a DR event you'd have to update the dns manually to reflect the new IP.

nqnoc you can use 1 cloudflare key/account, but you would need to setup all customer domains on your CF account or if they have their own CF account they would need to give your CF account admin access - that way the token would work/have access it needs to update domains. On the Enhance side, you would have the one api token (that you setup in CF to have access to all domains your account can access) that you would then setup in the integrations section of each customer's website (you setup the integration/token, then in the dns of each domain you activate the integration, at which point Enhance dns manager controls the CF dns).

None of that setup at any point is automated in any way, you have to manage it all. The "one api token" is just saving a small step where you can reuse the same token on every customer's integration section. Once the setup is completed then there's some automation that can take place, like when you migrate a website between servers, DR, adding subdomains - all those things will update dns automatically at CF.

Yes you can use your own custom dns servers running in your cluster and also use the cloudflare integration. In a practical sense all this would mean is some of your customers would be using your custom dns servers and some customers would be using cloudflare dns servers.

nqnoc

nqnoc I guess that then if a client wahts to revert back from Cloudflare DNS to Enhance DNS the change can also be done in a easy way using the Enhance control panel, correct?

Kinda... Enhance doesn't control any domain registrar's Nameserver settings, that's something the domain owner needs to do. If the customer wants to point their domain at your Nameservers then they'll do ns1.nqnoc.com and ns2.nqnoc.com. If they want Cloudflare for dns, then they would point their domain at ns1.cloudflare.com and ns2.cloudflare.com. For that scenario of changing from CF to Enhance dns, they would just need to verify the dns config is what they want in Enhance dns manager, then go to their domain registrar and change the Nameserver setting to point at your dns servers.

Andreas Can CF DNS be set up in Enhance so that all domains use it by default without manual configuration?
Then just have to supply the CF DNS to clients (instead DNS setup by enhance) to update their domains DNS?
Then any DNS entries made in Enhance would get pushed to CF.

No.
No.
Yes, once you manually setup the integration and activate it on a website in the dns manager, then Enhance dns manager will overwrite whatever is at CF with whatever is on Enhance dns manager. Once that's done, nobody should touch dns at Cloudflare because Enhance will delete it - all edits to dns would need to be made in Enhance dns manager which pushes those changes to CF.

mastershammer not really. If someone wants to turn on the cloudflare email forwarding service, cloudflare gives you the DNS records needed. You'd just copy/paste those into Enhance DNA manager and you're done.

That's the same thing for all DNS records. It's the exact same situation anyone would face if they just used plain cloudflare for DNS. They want to setup dkim/spf for an email service? They would need to login to cloudflare and add it. With Enhance managing their DNS the only difference in what they would do is they would need to add the records in their Enhance DNS manager instead of cloudflare.

A toggle to decide which way the sync was run would be a nice perk so we could switch it off and on for whatever records we needed, but as it is the way Enhance currently has it is perfect.

Clients get more confused by cloudflare DNS manager than they do the Enhance DNS manager. From feedback we've received anyways. So this works perfect for us.

twest but as it is the way Enhance currently has it is perfect

Same, BUT I would love an initial Cloudflare record import to Enhance. Just a BIND formatted record import would be enough.. or even a cli option. But, bigger things first..