Is it possible to move my domain from one.com to cloudflare?
If so, can I then buy an ssl from them?
Also, any resources on how to do this would be great.
My biggest concern is the downtime when switching over.
Cloudflare is not a webhost and domain registrar services are only available to Enterprise customers. It provides DNS, proxy, CDN and various other tools.
SSL is provided free to all customers on all plans, but your certificate will be shared. If you need/desire a dedicated certificate that can be purchased as an add-on to any account for $5 a month.
If you are worried about downtime when you begin routing your traffic through Cloudflare (assuming that's what you mean by "move" to) just make sure you follow steps 1 and 2 of the Cloudflare 101 tutorials in the Knowledge Base before changing your nameservers in Step 3. It should be seamless.
A little more detail to answer the follow-up:
After adding your domain to Cloudflare, and setting up your DNS records, you will be provided with details for two Cloudflare nameservers. Take them to your registrar (in this case one.com) and update your nameserver information. As soon as the changes take effect with your registrar your traffic will begin routing through Cloudflare which is waiting and ready to go.
One.com is shared hosting and you can not change DNS settings on it aside from creating new subdomains. Also, your shared host will change its IP pretty frequently, so pointing a non-one.com managed domain to your one webspace's IP will break faster than you can update it. There is a reason that you can't even see your IP in your account settings.
If you really want to use cloudflare for DDoS protection and its other benefits, one.com and most other shared hosting is not a good choice.
When you search for a new web&domain host, confirm that they allow you to move your DNS to cloudflare before you sign up.
Related
I am getting a bit into protecting my website but someone keeps posting the origin-ip of my website. I've found out that this website is exposing it: http://www.crimeflare.org:82/cfs.html
after some extra research I found that this site has been online for a couple years but no info on how it is made or what technique it uses. Does anyone have a clue how this website gets the direct-connection IP address? Thanks in advance.
I can answer this question. It's really all due to domain history in a nutshell. In order to avoid domain history fetching websites, so-called CloudFlare resolvers and Crimeflare, you need to change your origin IP while under the banner of CloudFlare. Then to stay hidden you MUST not use the email services from your domain otherwise a simple MX record lookup will expose your origin IP. So this means you now need to use third-party email services. If you are using a VPS or bare metal you need to setup IPtables so that ALL IPs are blocked and just allow CloudFlare's IPs. This way IP scanners like Censys can't find your origin IP either since all IPs would be blocked except CloudFlare's forcing all connections to go through CloudFlare. Thankfully CloudFlare IPs don't change that often and they do publish the IP list at their website.
If you are using a shared account you'll want to make sure your shared account uses a shared IP and not a unique IP. With a shared IP your website is mixed with others and these CloudFlare resolver websites can't distinguish between who's who to get your origin IP.
There are some other very minor trivial things to also consider. One trivial possible vector for origin IP exposure is allowing remote content to be published via the website. Be it a remote avatar or file. The link used from this remote content has the possibility of resolving your origin IP behind CloudFlare.
If you are using a shared account you can help block direct IP connections and keep all connections going through CloudFlare in one of two ways. In an Apache or Litespeed SAPI, add the following to your htaccess file:
RewriteCond %{HTTP:CF-IPCountry} ^$
RewriteRule ^ - [F,L]
What that code does is check for the CloudFlare Geo location header in the request from CloudFlare and if not present the user gets a 403. Thus all connections must go through CloudFlare. In order for this to work, the IP Geo Location option has to be turned on in your CloudFlare dashboard under Network.
The other really unique and awesome way of doing this is by using CloudFlare Workers. You can read about that here: https://community.cloudflare.com/t/stop-cloudflare-bypassing-on-shared-hosting/91203
I use all of these methods myself with my websites minus the fact of not using a VPS. So far my origin IP is not shown in Crimeflare or other websites.
Best of luck.
They very much explain it on that very site:
There are sites on the web that specialize in collecting registration and nameserver data. [..] CloudFlare maintains around 391 nameservers, and customers must change the nameservers on their registration in order to use most services. Each customer's domain is assigned two nameservers. This makes it easier to verify which domains depend on CloudFlare, and helps us keep our domain lists relatively current.
In other words, they look at public nameserver data and filter out the domains that have their nameservers pointed at one of CloudFlare's nameservers.
A client of ours has the domain client.com
Our application is at superapp.mycompany.com
We want the client to be able to access our application via their own subdomain, like: superapp.client.com.
Normally we'd just tell the client to add a cname for superapp and point it to superapp.mycompany.com. Then on our server (IIS) we'd bind their domain to our app and everything would work as intended.
However, we can't replicate this functionality when our mycompany.com domain is managed via cloudflare.
When we navigate to superapp.client.com we get the following error page:
Error 1001
What happened?
You've requested a page on a website (superapp.client.com) that is on the Cloudflare network. Cloudflare is currently unable to resolve your requested domain (superapp.client.com).
Is there any way that Cloudflare can be used in this fashion?, this seems like a pretty standard set up for a multi tenant application that supports custom domains.
We don't need all the protection that Cloudfront offers for these client domains, but we want to use the Cloudfront nameservers for out application (mainly for fast switching of DNS records in the event we migrate servers, etc).
Any help is appreciated.
I hope it's not too late. But just found a way to do so.
You just need to add your client's domain (Add site in Cloudflare) to your account.
You don't need to change client domain's NS. So in your Cloudflare panel this domain will showing as "Pending Nameserver Update".
Next step is add the CName record to this domain.
Although the NS of client domain is not changed to CF, but CF has a lookup record as CName for it.
Hope it helps.
Just in case someone arrived here with same issue as me. Here is the answer. For short, no that won't work.
Since Cloudflare is a reverse proxy for the domain that is on Cloudflare, the CNAME redirect for the domain (not on Cloudflare) wouldn't know where to send the traffic to.
Ref: https://support.cloudflare.com/hc/en-us/articles/360017421192-Cloudflare-DNS-FAQ#CloudflareDNSFAQ-CanICNAMEadomainnotonCloudflaretoadomainthatisonCloudflare
If you don't need the CDN benefits, you can still use Cloudflare nameservers to manage your DNS zone and keep your current configuration. Just make sure the CDN is deactivated for the target subdomain in your zone (superapp.mycompany.com in your case).
You can tell if the CDN is activated or deactivated for a subdomain by looking at the cloud icon on the right of each DNS entry: if the cloud is orange the CDN is active, if it is gray, it isn't.
Cloudflare also supports external CNAME resolution in their CDN infrastructure, but it's only available for its Enterprise customers:
https://support.cloudflare.com/hc/en-us/articles/217371987-Managed-CNAME
Is there a way to hide the nameservers of my hosting provider in the public whois?
Regards
No, you can't hide such information. A few registries don't disclose them, but it's very limited number.
Some DNS providers offer a feature called "vanity name servers" that allow you to use custom name servers, if your purpose is to hide the name of the hosting provider to curious eyes.
Your question makes no sense over at least 2 points, and you should accept not to try pursuing something as pure vanity.
Here is why:
first whois is not the authoritative source on which nameservers are used for a given domain name, the DNS is;
and the DNS is public because otherwise if your nameservers are "hidden" then your domain name (like your website, emails, etc.) would not work at all.
And even if all the above would not be the case, your website ultimately resolve to an IP address and with just that information people could find out who is the hosting company. Which is why "vanity nameservers" do not help at all.
So there is no shame in having anyone know who hosts your website.
Or, if you are so ashamed of your hosting provider for whatever personal reasons, then it is time to switch, there are a lot of them.
You can reach out to your web host and request a private registration.
here is a link from godaddy.
https://support.godaddy.com/help/article/420/adding-private-registration-to-your-domain-names
The best way to mask your nameserver is using services like cloudflare. However, if you purchased your domain from Namecheap it will surely appear as the domain registrant. but cloudflare will change your nameservers to something link alexia.cloudflare.com
Cloudflare nameserver change will only work if you change your default nameservers to point to cloudflare, some hosting companies have partnership agreements with cloudflare which makes it possible to use the cloudflare services without changing your nameserver.
I have about 300 domains using my company DNS ns1.x.com.br and ns1.x.com.br
I want to use CloudFlare with all those 300 domains but when I add a domain to CloudFlare they give me new DNS that I need to change in my domains.
So far I added 70 domains to CloudFlare and they gave me only 3 sets of primary and slave DNS.
So, can I point my ns1.x.com.br to the primary DNS provided by CloudFlare? And do the same with the slave?
After that I will create a ns3.x.com.br and point it to another CloudFlare DNS. Will it work?
CloudFlare works at the DNS level in this way:
You have to signup for CloudFlare and add the domain (make sure all of your DNS records are in your DNS zone file at CloudFlare).
You then change to our nameservers at the registrar.
Only our nameservers can be at the registrar.
"So, can I point my ns1.x.com.br to the primary DNS provided by CloudFlare? And do the same with the slave?
After that I will create a ns3.x.com.br and point it to another CloudFlare DNS. Will it work?"
These records should be in your CloudFlare DNS zone file for the site(s) on those nameservers. They can't be active at the registrar because only CloudFlare's nameservers can be there for our service to properly work.
Note: I'm not sure if you're providing commercial hosting for sites. If yes, you might want to look at becoming a CloudFlare Hosting Partner instead (you don't have to worry about changing nameservers).
Yes, you can. There is a possibility to add domain in the new name server first you need to know the domain secret of each domain(It's a 6 Digit pin maintained with your current DNS)Theft Protection pin also needed. Both are same in the ResellerClub.
If you are using ResellerClub means Its Really easy to change, Because it has a Bulk Domain Booking option. That have a option "add existing Domain" option.
If You have any other Problem. Or this not a exact answer you need, Then please chat with me. I will update the answer. Thank You...
We frequently take over the domain names of our clients when we take over the management of their site. Normally the transfer progress goes fine. However sometimes we have issues with DNS settings during the transfer progress as the transfer involves moving the DNS records to our registrars nameservers.
It seems to be that the outgoing registrar is deleting the DNS info from their nameservers before we have a chance to manage the domain through our registrar and setup the DNS info on our registrar's nameservers. This obviously leads to a few hours (potentially a couple of days) of downtime for users.
I am wondering if anyone else ever has this problem and if there is a way to avoid it. Is there some kind of a guideline for how long the outgoing registrars needs to keep the DNS info on their nameservers? Or how should we manage this process to never have this downtime occur. As I said this only happens sometimes - and it alawys seems to be with with .com/.net/.org domains but not with .uk domains (we are a UK based company).
We are having the same problem with a .com domain. It only seems to happen when you have domain and hosting in the old provider together in the same pack and when trasferring the domain the hosting is also turned down along with all DNS records. Not all providers behave that way.
I would get a new hosting and change DNS in the whois before ordering the domain transfer, being sure that the new hosting is working.
In our case the old registrar didn't allow us change the whois, so we took the chance and it failed. Once the mess is done, I suppose we can only wait.