Want more timely Centmin Mod News Updates?
Become a Member

Cloudflare DNS Cloudflare DNS Only Configuration

Discussion in 'Domains, DNS, Email & SSL Certificates' started by eva2000, Mar 30, 2016.

  1. eva2000

    eva2000 Administrator Staff Member

    53,149
    12,110
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,645
    Local Time:
    7:43 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    How many folks are using Cloudflare for DNS only and have disabled the CDN/WAF proxying ? How many folks knew that you can use Cloudflare for DNS only ?

    Well it's fairly easy to use Cloudflare for DNS only. Just sign up for Cloudflare and/or log into your Cloudflare account and add a new site and setup Cloudflare dns name servers (andy.ns.cloudflare.com and fay.ns.cloudflare.com) with your domain registrar.

    Once that is done, on the main site overview dashboard, click Advanced dropdown arrow and hit Pause Website to switch to DNS only.

    cloudflare-dnsonly-pausesite-01.png


    After you hit Pause Website, you'll see the folloing

    cloudflare-dnsonly-pausesite-02.png

    Then just go to DNS tab and add your DNS A, CNAME, TXT, MX records as you'd normally do :)
     
  2. Jimmy

    Jimmy Well-Known Member

    1,778
    388
    83
    Oct 24, 2015
    East Coast USA
    Ratings:
    +987
    Local Time:
    5:43 AM
    I had a few domains which I setup to run through CF DNS, but never setup a site for them. What happened is someone hijacked the domains and pointed them to porn sites. Not sure if this is something that can be done at any place that has DNS, but it happened to me on CF. So, the lesson I learned is if the domains aren't used (pointing to an IP from CF), park them at the registrar and not on CF.
     
  3. eva2000

    eva2000 Administrator Staff Member

    53,149
    12,110
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,645
    Local Time:
    7:43 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    How did they manage to hijack the domain ? Only 2 ways to do that, either your domain registrar or cloudflare logins were compromised. Actually, 3rd would be if you used Cloudflare API and have some of the API key or scripts on a compromised server which would of allowed someone to use cloudflare API to update your DNS records.

    For cloudflare i have 2 step authentication enabled - same for my domain registrars

    upload_2016-3-30_5-28-59.png

    I usually have Authy app on my 2 mobile phones + 2 tablets and have Authenticator Plus synced accounts on the same 4 devices too.
     
  4. Jimmy

    Jimmy Well-Known Member

    1,778
    388
    83
    Oct 24, 2015
    East Coast USA
    Ratings:
    +987
    Local Time:
    5:43 AM
    I have 2 factor for both. Not exactly sure how they did it. Didn't happen to any domains I had pointed to an IP on CF.

    I noticed shortly after I found out that my domains were going to those porn sites that CF started sending out emails and removing domains which weren't actively pointing to something on CF.

    I setup the domains on CF which I was going to use by never populated the information to my server.
     
    Last edited: Mar 30, 2016
  5. eva2000

    eva2000 Administrator Staff Member

    53,149
    12,110
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,645
    Local Time:
    7:43 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    It could be the automated cloudflare setup at play ? As when you setup a new site on cloudflare, it pulls the current resolving DNS records it finds for A, MX etc DNS records and auto populates them for your site's DNS. You then edit those yourself to update them if necessary. So it could be the domain you added had an existing A or CNAME record that pointed elsewhere in DNS. It could of been a shared IP too ?

    Only thing i can think of explaining such.
     
  6. Jimmy

    Jimmy Well-Known Member

    1,778
    388
    83
    Oct 24, 2015
    East Coast USA
    Ratings:
    +987
    Local Time:
    5:43 AM
    I didn't have anything populated. I basically:

    1. Added the domain to cloudflare.
    2. Populated the DNS servers at my registrar.
    3. Forgot about the domains on CF that I had setup. Never actually setup a site for the domains I had pointing at CF.

    I was going through my domain names at my registrar and seeing which ones I have redirects on (I own a lot of domains and have a lot re-directed to my main site at the registrar) and noticed that some were pointing to porn sites - not the same porn site... I believe one was pointing at some spammy site. Checked out why the domain was pointing to a porn site and noticed that the domains (I think it was 3 domains) were all setup, but not pointing to a server, on CF.
     
  7. eva2000

    eva2000 Administrator Staff Member

    53,149
    12,110
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,645
    Local Time:
    7:43 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    strange every new site I add to Cloudflare auto pulls the existing DNS records i.e. A record when I setup the sites in Cloudflare.

    so even if your domain name was parked on a parking service, it would of had an associated DNS A record and IP for that parked site to auto populate
     
  8. Jimmy

    Jimmy Well-Known Member

    1,778
    388
    83
    Oct 24, 2015
    East Coast USA
    Ratings:
    +987
    Local Time:
    5:43 AM
    Maybe things have changed. I'd say this happened 5 months ago. From that point on, I don't have inactive domains (domains without a website) on CF. I didn't submit a support ticket or anything because the domains are still works in progress and aren't really worth anything yet. So, I just deleted them from CF and parked them at the registrar. As soon as I did that, the issue was solved.
     
  9. eva2000

    eva2000 Administrator Staff Member

    53,149
    12,110
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,645
    Local Time:
    7:43 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Think it's been that way for years actually. I think only time CF doesn't auto populate existing DNS records, is if the domain never had any prior resolving DNS records to begin with.
     
  10. Jimmy

    Jimmy Well-Known Member

    1,778
    388
    83
    Oct 24, 2015
    East Coast USA
    Ratings:
    +987
    Local Time:
    5:43 AM
    Added, when I looked at the records on CF, nothing had been entered, so no one hacked the CF account and added anything to make the domain point at a porn site. So, I assumed, at that point, that the hacker had figured out a way to add the domain again to CF or something. I really didn't look into the issue too much since it didn't affect any of my active / used domains on CF.

    From that point on I only add to CF when I'm ready to setup the site.
     
  11. Jimmy

    Jimmy Well-Known Member

    1,778
    388
    83
    Oct 24, 2015
    East Coast USA
    Ratings:
    +987
    Local Time:
    5:43 AM
    I did find it odd that shortly after that happened, CF sent me an email stating that domains were going to be removed because they weren't pointing at anything (I had added one domain after this happened and got busy and forgot about it). That kinda tipped me off that someone was able to take over domains on cloudflare that weren't populated with any information. Maybe the hacker managed to do it through the CF API or something???
     
  12. eva2000

    eva2000 Administrator Staff Member

    53,149
    12,110
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,645
    Local Time:
    7:43 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Strange, in future if folks come across this, they should look up domain's registered nameservers and DNS A/CNAME records to ensure they are coming from where you expected i.e. if nameservers for domain are from Cloudflare nameservers etc. Could be a domain's name servers weren't updated at domain registrar end to point to Cloudflare DNS so compromise from domain registrar end and/or compromise from Cloudflare API.

    Also notify Cloudflare in future, as something like this could compromise security of all domains on Cloudflare too if it's from their end ;)
     
  13. Ahmad

    Ahmad Active Member

    209
    80
    28
    Apr 13, 2015
    Ratings:
    +150
    Local Time:
    11:43 AM
    1.9.9
    10.1.10
    My friend and I found a way to actually take over a domain on cloudflare (it happened by accident) and the support guys wouldn't believe it and deny it. After a few weeks, we gave up explaining.
    Though, it is very time intensive to do that unless you're really lucky.

    Also this is only possible with new new UI, the old one prevented this from happening.
    Another odd thing, the email for login is case-sensitive (took my friend a while to figure out why he couldn't login lol)
     
  14. eva2000

    eva2000 Administrator Staff Member

    53,149
    12,110
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,645
    Local Time:
    7:43 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    interesting if you could private conversation me the details I'd be interested to know this and maybe also contact Cloudflare myself after confirmation to get it fixed
     
  15. rdan

    rdan Well-Known Member

    5,439
    1,397
    113
    May 25, 2014
    Ratings:
    +2,186
    Local Time:
    5:43 PM
    Mainline
    10.2
    I'm interested to know this as well, for security measures.
     
  16. arlon

    arlon Member

    95
    6
    8
    Feb 20, 2016
    Ratings:
    +12
    Local Time:
    4:43 PM
    1.13.6
    10.1
    can we user vanity nameserver on CF ?
     
  17. eva2000

    eva2000 Administrator Staff Member

    53,149
    12,110
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,645
    Local Time:
    7:43 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
  18. RB1

    RB1 Active Member

    292
    75
    28
    Nov 11, 2016
    California
    Ratings:
    +122
    Local Time:
    2:43 AM
    Nginx 1.21.x
    MariaDB 10.1.x
    How good is Cloudflare DNS compared to something like Namecheap PremiumDNS or Amazon Route53?
     
  19. eva2000

    eva2000 Administrator Staff Member

    53,149
    12,110
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,645
    Local Time:
    7:43 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Very good these days seeing as Cloudflare added so many new datacenters in 2016 :) And you can't beat free :)
     
  20. elargento

    elargento Member

    352
    17
    18
    Jan 4, 2016
    Ratings:
    +44
    Local Time:
    6:43 AM
    10
    Is it strictly necessary to pause it? Since I had few DDoS attacks in the past I'd like to hide the server IP and the only way is to keep CloudFlare enabled for DNS