Migrate your DNS management from Cloudflare to Oracle Cloud Infrastructure

DDOS attacks on DNS infrastructure are becoming more and more frequent. Cloudflare redirects malicious traffic far from the names of your origin and absorbs it on the whole of its global network. The DNS firewall is accompanied by a dedicated automatic attenuation system which stops attacks with random prefix.

Cloudflare DNS fire

The DNS Firewall of Cloudflare is a firewall as a service to help secure the DNS infrastructure against online attacks, while improving activity time and ensuring ultra -rapid performance.

Associated products

• Cloudflare reliability
• DNS Cloudflare
• DDOS attack protection
• DNSSEC protection

Check what is entering your network

Thanks to robust features of limitation of the flow, the DNS firewall protects your infrastructure against undesirable and malicious traffic. The flow limits are configurable via the API, to allow you to easily configure them, depending on the integrity of your origin.

Automatically attenuate DDOS attacks

DDOS attacks on DNS infrastructure are becoming more and more frequent. Cloudflare redirects malicious traffic far from the names of your origin and absorbs it on the whole of its global network. The DNS firewall is accompanied by a dedicated automatic attenuation system which stops attacks with random prefix.

Consuming the IP address of your origin in the eyes of the pirates

The DNS firewall also hides the origin of the IP addresses of names of name servers behind the IP addresses of Cloudflare, thus preventing them from being targeted by pirates.

You want a DNS firewall ?

Simple configuration

Protect your DNS infrastructure in just 5 minutes thanks to a simple change of IP address of your name servers.

Reference DNS or DNS fire

With Cloudflare, you have two options to secure your DNS infrastructure.

DNS Cloudflare firewall allows you to run your own infrastructure and keep your DNS records on your own name servers while enjoying the overall cloudflare network and features such as the attenuation of DDOS attacks, limitation of flow, chatting and more. We recommend the DNS firewall for accommodation and cloud suppliers, ISPs, registration servers and whoever performs a large reference DNS infrastructure.

The DNS making Autoritation Cloudflare is a fully managed and professional level DNS service which also offers protection against the integrated DDOS and DNSSEC attacks. We recommend our DNS solution to anyone wishing to use Cloudflare as a main or secondary DNS supplier. Learn more.

Migrate your DNS management from Cloudflare to Oracle Cloud Infrastructure

The DNS (Domain Name System) is an essential component of the Internet which allows users to access websites by translating domain names readable by the user in IP addresses that computers can understand. DNS records are stored in areas and each area contains information on a specific field. DNS registration management can be a complex task, especially if you have several areas and sub-domains.

With the DNS Oracle Cloud Infrastructure (OIC) service, you can create areas, add recordings to zones and allow the network on the outskirts of Oracle Cloud Infrastructure to manage DNS requests in your field. By configuring Oracle DNS, corporate and business customers can connect DNS requests to resources such as Oracle Cloud Infrastructure Compute and Storage, and to third and private resources. They can also manage DNS records, which are domain names put in correspondence with IP addresses. They can be cloud resources or not.

Objective

Importing cloudflare DNS zones to OIC can help you consolidate your DNS management and take advantage of OICS DNS functionalities. The process is to export your DNS zone from Cloudflare and import DNS records. Following the steps described in this tutorial, you can easily import your DNS cloudflare to OIC and rationalize your DNS management.

Prerequisite

• OIC account with access to create and manage DNS OIC management.
• Access to a Cloudflare account.

Task 1: Export of your DNS zone from Cloudflare

1. Connect to your Cloudflare account and select the domain for which export the DNS zone.
2. Click on Export To download a copy of your DNS zone file.

Task 2: Modification of zone files exported from Cloudflare.com to import into the DNS OIC

So that the Oracle Cloud Infrastructure DNS service can properly import an exported zone file from Cloudflare.com, you must modify the file. Follow these instructions to update the zone file.

1. Open the file in the text editor of your choice. Modify the second line, remove ;; Domain: and replace it with $ Origin .
2. For SOA recording, replace the domain name with @ .
3. Once the file has been changed, save the changes in the file.

Points to note for the modification of the zone file exported from Cloudflare.com

• All recordings of a RRSET element (records of the same type in a single field) must have the same lifespan. If the zone file exported from Cloudflare has different lifespan values ​​for an Rrset, the area import will fail.
• You can see that the example of an exported zone file from Cloudflare consists of two text records named Chaitanya.TK with different lifespan values, while in the modified file, the lifespan value must be modified so that the two records are identical for export.
• If the exported zone file consists of a TXT recording of more than 255 characters, divide the value into chains of 255 characters or less. Place each chain in quotes (“) using the following syntax: Domain Name TXT” String 1 “” String 2 “” String 3 “….”String n”, otherwise the area import will fail.
• In the example of an exported file, a TXT recording called Mail._Domainkey.Chaitanya.tk. contains more than 255 characters. This recording has been modified in the modified zone file.
• Here is an example of an exported zone file from Cloudflare.com.

;; ;; Domain: Chaitanya.tk. ;; Exported: 2023-03-02 17:44:29 ;; ;; This file is intended for use for information and archival ;; purposes only and must be edited before we have production ;; DNS Server. In Particular, you must :; - Update the SOA Record with the Correct Authoritative Name Server ;; -Update the SOA Record with the contact e-mail Address Information ;; - Update the ns record (s) with the authoritative name servers for this domain. ;; ;; For Further Information, please consult the Bind Documentation ;; Located on the following website :; ;; http: // www.ISC.Org/ ;; ;; And RFC 1035 :; ;; http: // www.ietf.Org/RFC/RFC1035.txt ;; ;; Please note that we do not offered technical support for any use ;; of this zone data, the Bind Name Server, or Any Other Third-Party ;; DNS Software. ;; ;; Use at your own risk. ;; Soa Record Chaitanya.TK 3600 in Soa Adrian.ns.cloudflare.com dns.cloudflare.com 2042944566 10000 2400 604800 3600 ;; NS Records Chaitanya.tk. 86400 in NS Adrian.ns.cloudflare.com. Chaitanya.tk. 86400 in ns zeus.ns.cloudflare.com. ;; A records chaitanya.tk. 1 in a 141.148.6.7 www.Chaitanya.tk. 1 in a 141.148.6.7 ;; CNAME Records Web.Chaitanya.tk. 1 in CNAME Chaitanya-TK.o.waas.oci.oraccloud.net. ;; TXT Records Chaitanya.tk. 1 in TXT "85FCR0QM1LLJ50BVGGJKK55YDCBCKELNCDNLHILNVKLENVLZ77HC" Chaitanya.tk. 86400 in TXT "SendinBlue-Code: 40ZvesgergreBreBreHreg733397d34cc56226D82D8BFA75" Mail Mail._Domainkey.Chaitanya.tk. 86400 in TXT "Miicijanbgkqhkig9w0baqefaaocag8amicgkcageazhgucdx5w5qrjdj052z54xayllboe29lpmcocycuhcuh0kx25vt66azolss46voaqpdqmt/Dddpabkg ONQ+Sluxfwcy/HXS1MPRO6YOSEJFH8UHTPOIHUEGW6YKJQDYLTUV+SLEWCCTBZFYYZ+70VRLW96HSD09RWQK6AWYHUOCO8ZNRSJDWWEUFSK+I/ASKF0YF/B8XDGGGMXG K/FJRTT8+UJFF5V1HYSTBIHD6EVBVERZWYRJPWKPGBTTKFFSHKIYCEBQT7BZ0I3L3L3LRBZQ9MSRTPRIJW34OSGVLJSROKJC " 

$ Origin Chaitanya.tk. ;; Exported: 2023-03-03 08:45:43 ;; ;; This file is intended for use for information and archival ;; purposes only and must be edited before we have production ;; DNS Server. In Particular, you must :; - Update the SOA Record with the Correct Authoritative Name Server ;; -Update the SOA Record with the contact e-mail Address Information ;; - Update the ns record (s) with the authoritative name servers for this domain. ;; ;; For Further Information, please consult the Bind Documentation ;; Located on the following website :; ;; http: // www.ISC.Org/ ;; ;; And RFC 1035 :; ;; http: // www.ietf.Org/RFC/RFC1035.txt ;; ;; Please note that we do not offered technical support for any use ;; of this zone data, the Bind Name Server, or Any Other Third-Party ;; DNS Software. ;; ;; Use at your own risk. ;; Soa record @ 3600 in soa adrian.ns.cloudflare.com dns.cloudflare.com 2042949974 10000 2400 604800 3600 ;; NS Records Chaitanya.tk. 86400 in NS Adrian.ns.cloudflare.com. Chaitanya.tk. 86400 in ns zeus.ns.cloudflare.com. ;; A records chaitanya.tk. 1 in a 141.148.6.7 www.Chaitanya.tk. 1 in a 141.148.6.7 ;; CNAME Records Web.Chaitanya.tk. 1 in CNAME Chaitanya-TK.o.waas.oci.oraccloud.net. ;; TXT Records Chaitanya.tk. 1 in TXT "85FCR0QM1LLJ50BVGGJKK55YDCBCKELNCDNLHILNVKLENVLZ77HC" Chaitanya.tk. 1 in Txt "SendinBlue-Code: 40zvesgergrebrehreg73397d34cc56226d82d8bfa75" Mail Mail._Domainkey.Chaitanya.tk. 86400 in TXT "Miicijanbgkqhkig9w0baqefaaocag8amicgkcageazhgucdx5w5qrjdj052z54xayllboe29lpmcocycuhcuh0kx25vt66azolss46voaqpdqmt/Dddpabkg ONQ+Sluxfwcy/HXS1MPRO6YOSEJFH8UHTPOIHUEGW6YKJQDYLTUV+SLEWCCTBZ "" FYYZ+70VRLW96HSD09RWQK6AWYHUOCO8ZNRSJDWVUEFSK+I/ASKF0YFR/B8XDGGMXG +2K/FJRTT8+UJFF5V1HYSTBIHD6EVBVERZWYRJPWKPGBTTKFFSHKIYCEBQT7BZ0I3L3LRBZQ9MSRTPRIJW34OSGVLJSROKJC " 

Task 3: Importing your DNS zone in OIC DNS

1. Connect to the OIC rental, access to Networking, DNS Management, Zones.
2. Click on Create an area, then on Import. Select the modified zone file and create the area.

The creation and filling of the area with the recordings will take a few seconds.

Task 4: Verification of the DNS zone in OIC DNS

1. Check that all DNS records in your cloudflare area are present in the DNS OIC. You can export OIC DNS records to a TXT file and compare them. You can use Cloud Shell to export the records as indicated below. OCI DNS Zone Get-Zone-Content-File $ File-Zone-Name-Or-Id $ zone_name_or_id
   • When you want to spend DNS Cloudflare servers with OIC DNS servers, modify the name servers from the domain registrar so that they point to the OIC name servers (NS) assigned when importing the area.
   • Here, we transfer the area hosted for the Domaine de Cloudflare to Oracle DNS, and not the recording of the domain itself. The domain will always be recorded with the existing registrar, whether Cloudflare, Godaddy or any other supplier.
   • The transfer process of the hosted area will be the same regardless of your domain registrar, provided that you can update DNS records and migrate the domain to OIC.
   • After changing the name servers, you can test NSLOOKUP requests from your computer or use Whatsmydns.net to make sure that domain management is migrated to the DNS OIC.

Related links

Acknowledgment of receipt

• Authors: Shruti Soumya (Senior Cloud Safety Engineer), Chaitanya Chiltala (Cloud Security Advisor)

Additional training resources

Explore other workshops on Docs.oracle.com/Learn or access more free training content on the Oracle Learning YouTube Canal. In addition, access Education.oracle.com/Learning-Explore to become an Oracle Learning explorer.

To consult the product documentation, consult Oracle Help Center.

Migration your dns management from Cloudflare to Oracle Cloud Infrastructure

Copyright © 2023, Oracle and/Or its affiliates.