Link Search Menu Expand Document
timothyae.com

DNS management with Cloudflare, etc

Table of contents

  1. Plans and pricing
  2. DNS management
  3. DNSSEC
  4. CNAME Flattening
  5. Page rules
  6. SSL/TLS
  7. Conclusion

I had DNS management managed by my domain registrar for more than a decade. Having been exposed to cloudflare for years, I have finally decided to move DNS management to cloudflare.

Plans and pricing

Plans include the following:

  • Free
  • Pro
  • Business
  • Enterprise

I signed-up for a free plan.

The Free plan includes the following:

  • Fast, easy-to-use DNS
  • Free automated SSL certificates
  • Global content delivery network (CDN)
  • Unmetered mitigation of DDoS attacks with up to 67 Tbps capacity
  • Up to 100k Workers requests and 30 scripts
  • 3 Page Rules

Originally, I only after for DNS management and Page Rules.

DNS management

Upon sign-up, most of my domain name’s existing DNS entries were imported automatically. Some, I added manually.

I had to change nameservers from name.com to cloudflare.

From (name.com):

ns1.name.com
ns2.name.com
ns3.name.com
ns4.name.com

To (cloudflare):

hans.ns.cloudflare.com
molly.ns.cloudflare.com

All of my DNS entries are proxied by cloudflare, meaning, real IP addresses aren’t exposed, with exceptions to MX entries.

DNSSEC

I enabled DNSSEC protection on my domain name. This protects against forged DNS answer. DNSSEC protected zones are cryptographically signed to ensure the DNS records received are identical to the DNS records I published.

CNAME Flattening

This returns the IP address of the value of a CNAME entry, instead of the name value itself.

Page rules

I am only allowed to get 3 free page rules’ entries.

I used 1 for to 301 redirect www to non-www. Before, I had this managed using nginx.

5 additional page rules in excess of 3 free, costs $5/month. This is without the need to upgrade the subscription plan from Free to Pro.

SSL/TLS

I set my SSL/TLS encryption mode to Full.

I also set Always Use HTTPS to On.

Further, I set HTTP Strict Transport Security (HSTS) to On with the following settings:

Status: On
Max-Age: 0 (Disable)
Include subdomains: Off
Preload: Off

Also, I set automatic HTTPS Rewrites to On. This helps fix mixed content by chaning http to https for all resources or links on my website that can be served with HTTPS.

I had this before setup with nginx proxy_pass’s sub_filter.

Conclusion

With added protection and features, cloudflare is a very good option. I can do everything and more with added security, speed, caching, among others.

Back to top

Comment(s)

This site uses a fork version of Just the Docs, a documentation theme for Jekyll, by Patrick Marsceill.
Copyright © 2008-2021 Timothy Escopete.
All rights reserved as provided by law.

Edit this page on GitHub