I signed up to Cloudflare, and got nameservers assigned, but within my registrar's DNS settings, I need to enter an IP address along with each NS. I tried using random addresses from this page, but my registrar won't take subnet masks (/<number> after the IP). The site this is for is hosted with WP Engine.
What IP addresses should I use along with each Cloudflare NS on my registrar's DNS settings. TIA.
When moving to Cloudflare you can't merely set an NS DNS record, you actually need to move your Authoritative Name Server to Cloudflare.
An NS record is used to delegate a subdomain to a set of name servers, but in order to use Cloudflare you need to actually delegate the Name Servers of your domain to Cloudflare.
There are tutorials on how you can do this on the Cloudflare Help Centre: How do I change my domain nameservers?
One workaround I've found was to use https://www.whatsmydns.net or ping the NS, then I entered the IP addresses I had found.
Related
I have a domain and the host (Education Host) require to change the nameserver of that domain to its nameservers but the host doesn't have a DNS zone so I want to manage DNS with CloudFlare but its require to change nameservers too. So I want to use both of them but I don't know what happens?
Nothing happens, enter to your Cloudflare panel, change your domains DNS to Cloudflare DNS and in the IP section; Insert IP of your hosts (Education Host).
This will connect your domain to the host, and you can also manage domain records in Cloudfler.
reading this article will help you.
On Cloudflare DNS setting page it state that An A, AAAA, CNAME, or MX record is pointed to your origin server exposing your origin IP address.
I have an MX record on my domain pointing to mail.mydomain.com. I believe it is something needed for the mail to work. How can I prevent it from exposing my origin IP address?
CloudFlare forwards your traffic through their network by replacing the IP in DNS records with CloudFlare's IP. This process works well in all situation except mail servers. CloudFlare does not offer any service for forwarding mail and as such when you take a MX record and point it to a CloudFlare forwarded domain, CloudFlare will give away server's real IP.
Instead a better practice is to use a third party mail service (such as Zoho, or Google Apps, etc.), or have your mail server running on a different IP. You can then point the MX record to the new record or mail server not located on your machine, and keep the real IP hidden safely.
Good luck
1 of 2 solutions:
Delete the MX record that CloudFlare uses. (Since they don't use it anyway.)
Replace your MX domain text (mail.example.com) with its domain IP numbers (44.123.12.44). Then CloudFlare WILL replace it correctly.
I'm not sure why mail-servers IP addresses should be kept top-secret. It's pretty easy to guess that example.com often will use mail.example.com. And email NEEDS to know the address anyway... otherwise it won't function.
This is a definitely a high level question so please take that with a grain of salt. I'm using GoDaddy as my registrar to point to my github pages website. I've uploaded the CNAME file and the URL resolves correctly. I've then set up CloudFlare on my site and am confused as to why I need to switch DNS servers to resolve to an IP address. So now, when the root finds the Top Level Domain for .com, will it now point to the CloudFlare DNS vs the GoDaddy one? In effect am I now just paying GoDaddy for the address and allowing CloudFlare to resolve the IP from the Top Level Domain Servers? Just trying to get an idea of what the CloudFlare DNS server is actually doing and why I had to switch out the GoDaddy one.
CloudFlare is taking over managing the DNS for the domain when you switch to our nameservers (GoDaddy is still your registrar/host). CloudFlare works via authoritative DNS.
What I understand about how DNS works is like this: first let's assume mydomain.com has the IP address 12.34.56.78. Now when I put the url mydomain.com in the browser, the browser sends a dns lookup to its local dns server, asking, hey, do you know the ip address for mydomain.com. If the local dns server does not know about it, it will ask the parent dns servers, if the parent also does not know, then it keeps asking all the way up until the root dns server. The root dns server will ask some server in charge of the .com tld. The dns server in charge of the .com will have knowledge about mydomain.com because mydomain.com is the .com family. Then the answer will be returned back to the initial asker. Also the answer quite likely will be cached in the dns servers involved in the asking process. Would anyone correct my understanding if it is wrong.
So my real question is about how reverse dns lookup works. Let's say if I want to find out what domain name is for the ip 12.34.56.78. I run the command dig -x 12.34.56.78. If my local dns server does not know the answer, which server does it further ask? Is it 12.in-addr.arpa., or 34.12.in-addr.arpa.? If this is the case, are these names like 12.in-addr.arpa. valid domain names? And where should they be deployed so that the reverse lookup requests will know whom to ask?
How a reverse DNS lookup is accomplished:
The DNS resolver reverses the IP, and adds it to ".in-addr.arpa" (or ".ip6.arpa" for IPv6 lookups), turning 192.0.2.25 into 25.2.0.192.in-addr.arpa.
The DNS resolver then looks up the PTR record for 25.2.0.192.in-addr.arpa.
The DNS resolver asks the root servers for the PTR record for 25.2.0.192.in-addr.arpa.
The root servers refer the DNS resolver to the DNS servers in charge of the Class A range (192.in-addr.arpa, which covers all IPs that begin with 192).
In almost all cases, the root servers will refer the DNS resolver to a "RIR" ("Regional Internet Registry"). These are the organizations that allocate IPs. In general, ARIN handles North American IPs, APNIC handles Asian-Pacific IPs, and RIPE handles European IPs.
The DNS resolver will ask the ARIN DNS servers for the PTR record for 25.2.0.192.in-addr.arpa.
The ARIN DNS servers will refer the DNS resolver to the DNS servers of the organization that was originally given the IP range. These are usually the DNS servers of your ISP, or their bandwidth provider.
The DNS resolver will ask the ISP's DNS servers for the PTR record for 25.2.0.192.in-addr.arpa.
The ISP's DNS servers will refer the DNS resolver to the organization's DNS servers.
The DNS resolver will ask the organization's DNS servers for the PTR record for 25.2.0.192.in-addr.arpa.
The organization's DNS servers will respond with "host.example.com".
Source here.
I have Static IP, i would like to access website using static IP as well using domain name.
I have below DNS entries to for my domain, i am not sure what setup i need to do to make it works.
when user access my site using domain name they should be able to access. Also when someone want to access using IP address they should be able to do that.
www 14400 IN CNAME example.com
example.com 14400 IN A 50.63.147.111
If anybody have idea please let me know.
Thank you
Regards,
Mona
If you can't access your IP address, then it isn't because of your DNS. DNS stands for domain name system and translates domain names TO IP addresses. Thus, you must already have a reachable IP address for your A record to be meaningful. Make sure that you've configured your server correctly (Apache?) and that the necessary ports are open in your firewall (iptables).
Check that your domain registrar is pointing its name servers to the authoritative name server (the server with your zone file) for your domain.