Skip to main content

DNS uses Cloudflare to provide DNS resolution. Most traffic to the server is not proxied through Cloudflare's network. Traffic using Cloudflare's Zero Trust network (meaning all SWAG endpoints) is proxied through the Cloudflare edge network.

To-do: document specific important DNS records

DNS as proof of ownership

A temporary DNS record is used to prove ownership of the domain when obtaining TLS certificates from Let's Encrypt. Certbot, the program used to request new certificates, can do this automatically using a Cloudflare API key that has the Zone > DNS > Edit permission for the zone.

Dynamic DNS

It is also possible to use the Cloudflare API to programmatically add/update DNS records. This means it's possible to create a dynamic DNS client script which can be used to provide DDNS records under the domain.