How to setup Cloudflare DNS Records?

[Recep Baltaş]

Hi,

I have registered my domain via Cloudflare and I have a shared hosting here. What are the settings required to redirect my domain and is there an easy way like a batch settings file for all MX and other records? I have seen you mention about a Cloudflare button in cPanel but it's not there anymore.

Regards

 

[Recep Baltaş]

Why don't you have an option in cPanel that allows me to export DNS records and upload to Cloudflare? Why does it have to be that complicated?

 

[cgrh]

Had the same confusion, here was the answer from support.

The CloudFlare cPanel plugin relies on the deprecated cPanel API v1, and Cloudflare no longer provides support for this plugin.

For exporting DNS information, you can obtain the DNS zone file by navigating to cPanel > Jetbackup5 > Restore & Download > DNS Zones. Once downloaded, you can extract the Zone file and then import it into Cloudflare.Refer to the following article for guidance on importing DNS records into Cloudflare.https://developers.cloudflare.com/dns/manage-dns-records/how-to/import-and-export/

 

[Recep Baltaş]

Had the same confusion, here was the answer from support.

Which also does not work Downloading DNS Zone backup does not actually download the file but put it into a folder which you are not allowed to open. You have to manually set the IPs.

Funny that every single post in XenForo was telling me to stay away from big guys cuz I would not get any support yet here I am with a medium sized hosting company unable to get a proper reply for my question.

Anyway, turns out to be an easy solution. Wonder WHY is it that hard to write down a KB article for this... I'm currently witing it and will share it here.

You are welcome KnownHost.

 

[cgrh]

I think the inability to open the file from the Cloudflare `Select a file` UI is possibly a bug on their end as it does not allow you to select the .zone file for whatever reason. However, you *can* successfully drag the `.zone` file into that same Cloudflare UI where it says `or drag it here` and that works.

 

[cgrh]

Confirmed, Cloudflare `Select a file` only allows selecting .txt files for whatever reason.

<input type="file" accept=".txt" class="c_bc" id="dns-file">

 

[Recep Baltaş]

I could not download any zone file, how was I supposed to upload it to Cloudflare?

As I said, it was so simple, I coudn't believe it. Here is my first article on our new website:

How to Configure Cloudflare with Shared Hosting? | Geekberry

geekberry.net

Ignore the fish, we are still working on the design

 

[cgrh]

I could not download any zone file, how was I supposed to upload it to Cloudflare?

I simply followed the instructions support provided, was able to download a backup of my DNS, and that included the `.zone` file in the bundle.

cPanel > Jetbackup5 > Restore & Download (little curly icon on the left) > DNS Zones

It took a tiny bit of exploration from there, but I didn't find it too difficult to figure out what I needed to do.

Select the topmost item
Click `Download`
Click `Download Selected Items` in the modal
That adds it to the queue which it states on the screen
Click over to the `Downloads` section (cloud icon on the left)
Click the `Download` button the backup item you just created (it has a timestamp)
This will download a tarball to your local machine
Unpack that and you'll discover your elusive `.zone` file.

Then you can drag-and-drop that file into the Cloudflare import modal.

This could certainly be in some of the support/FAQ documentation somewhere. Or maybe it is and I simply couldn't find it as I didn't know the correct keywords.

In the past I'd always just blindly set my host's nameservers in my registrar's record and called it a day which then uses the host's DNS config for your account (what we just expored from Jetbackup). But you cannot set nameservers with a free Cloudflare account for whatever reason. Unless you want to pay BIG BUCKS for an upgraded account.

Anyway, long winded explaination for why this is so complicated. Comedy of errors mostly caused by me using a free Cloudflare account which really complicates things. I found it's great for giving you extra controls and protection if you're proxying to a self-hosted asset (like a NAS or computer at your house/business) since your self-hosted stuff lacks all of those DNS-based controls. But is now it is overly complicated when you want to use your Cloudflare-registered domain to point to a real web host.

 

[cgrh]

telling me to stay away from big guys cuz I would not get any support yet here I am with a medium sized hosting company unable to get a proper reply for my question.

Keep in mind this is a community forum. If you solicit support via your https://my.knownhost.com/ account you'll get real support direct from the company and they respond pretty quickly.

 

[Recep Baltaş]

Click over to the `Downloads` section (cloud icon on the left)

What an intuitive feature. Didn't expect anaything better from cPanel team, for real. Thank you. Finally found it.

OK, looks like this zone importing is not a good idea at all! I'm getting this error on the panel:

This record exposes the IP address used in the A record on techolay.net. Enable the proxy status to protect your origin server.

I now removed all those records with warning but not sure if I'm still leaking information.

Should I remove DNS records and nameserver info as Cloudflare is my Domain Registrar?

 

[cgrh]

This record exposes the IP address used in the A record on techolay.net. Enable the proxy status to protect your origin server.

I'm the wrong person to answer this question. But I'm thinking you can't relay servers via MX records. There's a lot of specific rules regarding mail to prevent spam/spoofing. The only thing Cloudflare proxy is doing is theoretically hiding your server's real IP.

https://www.cloudflare.com/learning/dns/dns-records/dns-mx-record/

Can MX records point to a CNAME?​

A CNAME record is used for referencing a domain's alias instead of its actual name. CNAME records typically point to an A record (in IPv4) or AAAA record (in IPv6) for that domain. However, MX records have to point directly to a server's A record or AAAA record. Pointing to a CNAME is forbidden by the RFC documents that define how MX records function.

Learn more about the uses for CNAME records.

 

[cgrh]

I'm kind of in the same place as you, my first cPanel adventure, have a few domains at CloudFlare, etc.

After importing the `.zone` file there are some issues I had to manually correct.
- TXT records included double-quotes which rendered those records non-funtional. The quotes are in the file and CloudFlare just imported them as-is. Delete ALL the quotes from ALL the TXT records.
- CNAME for mail.yourdomain cannot be proxied or external mail clients will not work, again I'm guessing due to spam/spoofing/relay requirements.

Additionally, pay attention to the large amount of DNS that gets configured. Unclear to me if I really want webdisk.yourdomain as an available route, it appears to throw a generic username/pass modal that does not leverage 2FA so seems like a potential attack vector. Unsure about the mountain of other DNS records.

 

[Recep Baltaş]

I'm kind of in the same place as you, my first cPanel adventure, have a few domains at CloudFlare, etc.

After importing the `.zone` file there are some issues I had to manually correct.
- TXT records included double-quotes which rendered those records non-funtional. The quotes are in the file and CloudFlare just imported them as-is. Delete ALL the quotes from ALL the TXT records.
- CNAME for mail.yourdomain cannot be proxied or external mail clients will not work, again I'm guessing due to spam/spoofing/relay requirements.

Additionally, pay attention to the large amount of DNS that gets configured. Unclear to me if I really want webdisk.yourdomain as an available route, it appears to throw a generic username/pass modal that does not leverage 2FA so seems like a potential attack vector. Unsure about the mountain of other DNS records.

OK, Removed all of my records except those:

One question though, I can not hide my origin IP unless I use a different mail provider right? Cuz I have a forum and a password reset mail will reveal server IP?

Update: Looks like so: https://developers.cloudflare.com/dns/manage-dns-records/troubleshooting/exposed-ip-address/

 

[cgrh]

One question though, I can not hide my origin IP unless I use a different mail provider right? Cuz I have a forum and a password reset mail will reveal server IP?

It's my current understanding that it's simply how email is required to work. It must directly reference the server IP, proxying is not allowed. I suggest filing a support ticket and see what they say.

 

[Recep Baltaş]

I think this answer sums it up:

* Should I use a different mail server so that my server IP is not shown when a user demands a pssword reset mail or any other mail via XenForo?

Yes, you may use a different mail server as smtp server in your XenForo config.