Cloudflare Configuration
HEAD'S UP
If you haven't read the primer on name server configuration, you should read that first as this page builds on the information presented there.
What is Cloudflare?
Cloudflare provides large-scale proxy, web application firewall, and DNS services to companies and individuals. In the DNS realm, they operate 1.1.1.1, a public DNS resolver, and offer both at cost DNS registration and authoritative DNS servers.
Fields
api_key string required
Cloudflare refers to their API key as an API token. They also differentiate between "user" tokens and "account" tokens. To create and delete records, both token types will work. Choose whichever works best for your setup and organization.
To obtain a token from Cloudflare, follow their tutorial. DockNS requires a token which has edit permissions for the zones you plan to use. Alternatively, you can select to include all zones from an account.
Once you have created a token, place it into name_servers.<server id>.api_key in your config.toml, or set the DOCKNS_NS_<SERVER ID>_API_KEY environment variable.
account_id string required
The account ID is required by Cloudflare to access the API and should match with the token in api_key. Please refer to Cloudflare's documentation for instructions on where to find your account ID.
zone_ids table required
Cloudflare requires that DNS API requests include the ID of the zone being modified. Please refer to their documentation to locate your zone ID(s).
The zone_ids field must be a map between zones and their IDs, like so:
[name_servers.externaldns1]
service = "cloudflare"
# ...
zone_ids = {
"domain.tld" = "<domain.tld's ID>"
"domain2.tld" = "<domain2.tld's ID>"
}DOCKNS_NS_EXTERNALDNS1_SERVICE=cloudflare
DOCKNS_NS_EXTERNALDNS1_API_KEY=<api token>
DOCKNS_NS_EXTERNALDNS1_ACCOUNT_ID=<account id>
DOCKNS_NS_EXTERNALDNS1_ZONE_IDS="domain.tld=<domain.tld's ID>,domain2.tld=<domain2.tld's ID>"When using an environment variable, zone IDs are specified as comma-separated domain=zone_id pairs.
Cloudflare Proxy
Whether records should be proxied through Cloudflare can be controlled at two levels.
Supported record types only
Proxying only applies to A, AAAA, and CNAME records. Cloudflare does not support proxying SRV or TXT records.
Default per record type — set under record_defaults in your server config, so all records of that type are proxied by default:
[name_servers.externaldns1.record_defaults.A]
proxied = true
[name_servers.externaldns1.record_defaults.AAAA]
proxied = true
[name_servers.externaldns1.record_defaults.CNAME]
proxied = trueDOCKNS_NS_EXTERNALDNS1_RECORD_DEFAULTS_A_PROXIED=true
DOCKNS_NS_EXTERNALDNS1_RECORD_DEFAULTS_AAAA_PROXIED=true
DOCKNS_NS_EXTERNALDNS1_RECORD_DEFAULTS_CNAME_PROXIED=truePer record — the proxied Docker label overrides the default for a specific record:
dockns.cloudflare.proxied=true
dockns.cloudflare.1.proxied=false