Transfer Domain from Netlify to Cloudflare

Hi, I’ve reviewed these two posts about transferring domains from Netlify to Cloudflare (1 and 2), and have a few follow up questions to help ensure the transfer runs smoothly with no downtime.

I’ve copied all of my DNS records from Netlify to Cloudflare and the only records that are proxied are my A records for my backend API. Is this correct?

I also set up three CNAME records to my Netlify site. I have www, <COMPANYNAME>.com, and development (for branch deploys) all pointing to my Netlify URL (practical....netlify.app) in a non-proxied manner.

Does this setup seem correct? Will Netlify continue to provision my SSL certificate? Is there anything else I should keep in mind or configure to help ensure there is no downtime?

Thank you!

2 Likes

@ankitgoyal100 Have you also referred to the documentation on setting up external DNS?

Keep in mind that if you use Cloudflare for DNS, you can NOT use Cloudflare protection (orange cloud). You must use Cloudflare only for DNS (gray cloud).

Therefore, in the example above you have five A records when you need only one, and it is proxied when it should not be.

1 Like

That’s helpful–thank you.

The five A records above are for my backend API. Can I still not use Cloudflare protection?

Also, will Netlify continue to provision my SSL cert?

1 Like

Without more details we won’t be able to answer this question.

1 Like

What more details do you need?

1 Like

What records need to point where. Typically, pointing the A record to the Netlify load balancer sets the apex domain to be served by Netlify. I’m wondering if multiple A records will confuse matters?

1 Like

Ah, all of those A records are for my backend API. I’m using Cloudflare’s CNAME flattening to map my root domain to my Netlify site. I’m not using those A records to point to Netlify’s load balancer. Does that make sense?

1 Like

Hi, @ankitgoyal100. I try not to speak for other people but, if I’m understanding him correctly, @gregraven is saying that we need to know the actual DNS records you are testing to answer. I agree with this as the screenshot attached hides the details I would need to answer and the information isn’t being provided in any other form.

If you want Netlify to be able to provision SSL certificates for a site when using external DNS services, the DNS configuration for the domain should follow these instructions for any domain names associated with the site:

(This is the same link that @gregraven posted above.)

If you tell us the real DNS records you created we will be able to answer the question.

I fairly sure the site in question is using the branch subdomain feature. If are not using Netlify DNS, there are additional instructions to get SSL working for branch subdomains here:

If there are any other questions, please do let us know what the real DNS records you created are.

You can post that information publicly or you can private message (PM) that to one of our support staff. I’ve confirmed that PMs are enabled for your forum login. Please keep in mind that only one person can see the PM and this will likely mean a slower reply than posting the information publicly. Please feel free to reply to however you prefer though.

Hi, @ankitgoyal100. I see that you sent me two screenshots of the DNS records in a PM. Unfortunately, I need the actual text data shown in the screenshots.

Now, I could try to type out all 36 DNS record names, types, TTLs, and values by hand but I just don’t have time to do that. Similarly, many of the record names and values are random. The odds of me typing out all the random values correctly is very slim.

So, what I can do is to tell you how I would validate this if I were making this change.

  1. I would make a list somewhere (maybe in a text file) of all the required DNS records which are currently at Netlify.
  2. I would then use some sort of programming language I am comfortable with to read the list of required records for that file.
  3. The program would then query for each DNS record at Netlify. The program saves this information somewhere.
  4. The program then queries for each DNS record at Cloudflare. The program saves this information as well.
  5. The program then compares to all three sets of records and reports any Netlify or Cloudflare records that do not match the file.

If not all records are reported as matching, you would then change them until they do match.

When all the Cloudflare DNS records are reported as matching, then the changeover from one DNS service to the other should invisible the users of your site when it happens. There will be no downtime.

If you are looking for tools to use, I personally tend to use dig for most of my DNS troubleshooting. You can test DNS records directly at Netlify using dig by including the authoritative name servers for the domain in the dig command like so:

dig the.domain.name.here TYPE @your.nameserver.name

Using a more realistic (but still not real) example:

dig example.com A @dns1.p03.nsone.net.

To query the same record at Cloudflare you might use this:

dig example.com A @dean.ns.cloudflare.com.

You would of course replace example.com, A, and @dean.ns.cloudflare.com with the actual hostname, type, and Cloudflare name server for your domain.

The dig tool is a command-line tool which returns very predictable output. Both qualities making it easy to call from other programs/scripts and to parse the information it returns.

For example, you can get just the record itself with the +noall and +answer options like so:

$ dig +noall +answer example.com
example.com.		3875	IN	A	93.184.216.34

If there are other questions about this, reply anytime.

Very helpful, thank you! Fingers crossed everything goes smoothly