Using Cloudflare DNS without CDN or WAF

Cloudflare Managed DNS is an enterprise-grade authoritative DNS service that offers the fastest response time, unparalleled redundancy, and advanced security with built-in DDoS mitigation and DNSSEC.

Cloudflare

Is it true what Cloudflare claims?

According to DNSPerf data, the authoritative nameservers provided by Cloudflare is the 4th fastest services in the world. 👏

Rating of Cloudflare by DNSPerf

When you buy a domain name the registrar typically assign a default nameservers which is usually being slow and unreliable. In another case, some hosting provider also offers their nameservers to quickly align all DNS entries but that has the same story.

Why use Cloudflare for DNS only?

Although I do not recommend Cloudflare Free Plan for CDN purpose. But it’s good enough for DNS service.

Especially with free plan and traditional Cloudflare proxy setup, it can make the website slow instead fast. The underlying reason it can be not having direct peering with ISPs, poor routing, poor plan choice and so on.

I recommend using Cloudflare only for the DNS purpose because it is much faster and secure. The account comes with a two-step verification system as well.

Step 1. Login to Cloudflare Account

Step 2. Pass Two Factor authentication

  • If you are using Two Factor Authentication, complete this step by entering OTP.

Step 3. Add a new website

  • Once you are successfully logged in to the Cloudflare Dashboard, click on Add a site button
  • Enter domain name and click Add site button

Step 4. Choose the Free Plan. It is sufficient.

Step 5. Understand Proxy and DNS Sign

  • For all DNS Entries, keep Gray Cloud to have DNS resolution only mode

Step 6. Confirm Scanned Entries

  • Cloudflare does its best to scan all previous DNS records, it lists all of them correctly. In rare case, some record might get missed or repeated too many times. We suggest manually verify all of them with previous authoritative nameservers DNS manager. This is important to prevent downtime.
  • Go to each record Proxy Status, change from proxied to DNS resolution only mode.
  • This is the best part of Cloudflare it offers granular control for each records.
dns only mode

Step 7. Update new authoritative nameservers

  • Login to your Domain Registrar, in other words from where you had purchased your domain.
  • Hint: Under DNS section, you can find the option to Update the Nameservers suggested by Cloudflare. If you are unable to find where to update nameservers check this relevant documentation for GoDaddyNamecheapBluehost, similarly you can search on Google or contact the support team.
  • Once done, click on Done, check nameservers
  • You can keep track of nameservers propagation via dnschecker site.
  • Skip CloudFlare onbording suggestions by clicking Done or setup later.
  • Cloudflare periodically checks whether you have pointed your nameservers to Cloudflare. Clicking multiple times Re-check now won’t speed up the process.
  • Once Nameservers propagation finishes, You will get an e-mail from Cloudflare and you will see a message “Great news! Cloudflare is now protecting your site”.

You can get DNS Analytics report as well.

Should you use Cloudflare DNS?

Yes, Cloudflare DNS is a reliable general-purpose use case. However, you should NEVER use its services for CNAME Flattening purpose.

I discovered with many Public DNS servers of ISP, the domain was not resolving to a geo-regional IP address as expected.

Testing method

  1. Pointed gulshankumar.net to gushankumar.b-cdn.net using CNAME
  2. It was expected by all DNS server to answer only the regional IP but that didn’t happen.
  3. While any subdomain like www was routing properly but not a naked domain.

Good Case

Bad Case

Is Cloudflare DNS Free to use?

Cloudflare’s authoritative DNS services are free of charge and it does not limit DNS queries for a domain on its network.

How to get vanity nameservers with Cloudflare?

cloudflare vanity nameservers

Vanity nameservers such ns1.gulshankumar.net, ns2.gulshankumar.net are premium features available at Cloudflare Business and Enterprise plan.

Shall I use Cloudflare DNS?

The Cloudflare DNS service is reliable for general purpose except for the CNAME Flattening use case.

Any question? Please ask at Gulshan Forum.

5 thoughts on “Using Cloudflare DNS without CDN or WAF”

Leave a Comment