CloudFlare domain management tool

Published on Author admin
CloudFlare domain management tool
CloudFlare domain management tool

CloudFlare domain management tool

Finally, decide to put in public the tool I created to manage DNS records and domain settings for the domains placed in CloudFlare. “CloudFlare provides performance and security for any website. More than 2 million websites use CloudFlare” – comes from the official website of the company. Basically, for me, CloudFlare is the service I can rely on to manage all my domains from different domain name registrators and defend my websites/apps from DDoS attacks.

In brief, I have more than 100 domains. Each domain has its own settings and DNS records. Each record has its own IP or setting. From time to time I need to edit these settings, change IP addresses. Everything was edited by hands and often results in errors and failures because of no history of changes and no backups.

Examples from real life:

  • You get a task from manager to change the settings of the record. Where to place the reason for this change
  • Someone edited settings. Who did it?
  • You accidently, being tired on Friday evening (hive five to GitLab 🙂 ) delete the record. How to restore it?

So, some management was needed. CloudFlare has powerful API. The current version, v4 provides a lot of flexibility to manage domain settings. Some time ago I decide to cover HTTP API with python wrapper to create some tools to defend myself in the case of DDoS. Later an idea to manage everything in one place appeared.

CloudFlare domain management tool
This script allows managing DNS records that are held in CloudFlare in a declarative way.
The project is placed on GitHub:

https://github.com/zmgit/cf-domain-mgmt

 

The Purposes of this management tool are:

1. Play with DNS records:

– create: simply add a new line like:

– update: set proxy to ‘false’

– delete: simply delete the line

2. Infrastructure as code

DNS records are written in a declarative way. Easy to parse and to manipulate the data that is
stored in the data structure everybody loves – JSON(actually dictionary but can be easily transformed into JSON).

3. Team collaboration

Nobody needs a password to your CF account. Everything happens via token access. You can grant rights to your domain
repo config to your SysOps/DevOps/SRE/Admin team

4. History of changes

You always know what changes have been made and what for. So you can easily find records you do not need anymore and delete them safely.

5. Backup

Delete a wrong DNS record? DO not remember the IP address has been removed? Everything can be easily found in your git
history.

6. Quick DDoS protection:

Easy to set all records ‘proxy: true’ with security level you need.

7. Etc

– You can set your CI system to execute the script on push commit.
– You can set up and run only ‘diffs’ between config settings.
– No need to set different CF settings in the web-based account.

 

Config example:

The project is open. You can find it on GitHub – https://github.com/zmgit/cf-domain-mgmt