Make sure the token has at least the right read zones and edit DNS records (i.e. Zone → Zone → Read and Zone → DNS → Edit);
checkout Cloudflare’s documentation for instructions on how to generate and configure permissions on API tokens.
Or you can provide your Cloudflare API username and access key instead (but it isn’t recommended because those credentials give DNSControl access to the complete Cloudflare API):
If your Cloudflare account has access to multiple Cloudflare accounts, you can specify which Cloudflare account should be used when adding new domains:
Record level metadata available:
cloudflare_proxy (“on”, “off”, or “full”)
Domain level metadata available:
cloudflare_proxy_default (“on”, “off”, or “full”)
cloudflare_universalssl (unset to keep untouched; otherwise “on, or “off”)
Provider level metadata available:
manage_redirects: set to true to manage page-rule based redirects
What does on/off/full mean?
“off” disables the Cloudflare proxy
“on” enables the Cloudflare proxy (turns on the “orange cloud”)
“full” is the same as “on” but also enables Railgun. DNSControl will prevent you from accidentally enabling “full” on a CNAME that points to an A record that is set to “off”, as this is generally not desired.
Good to know: You can also set the default proxy mode using DEFAULTS() function, see:
To make configuration files more readable and less prone to errors,
the following aliases are pre-defined:
The following example shows how to set meta variables with and without aliases:
DNSControl depends on a Cloudflare Global API Key that’s available under “My Settings”.
If a domain does not exist in your Cloudflare account, DNSControl
will not automatically add it. You’ll need to do that via the
control panel manually or via the dnscontrol create-domains command.
The Cloudflare provider can manage Page-Rule based redirects for your domains. Simply use the CF_REDIRECT and CF_TEMP_REDIRECT functions to make redirects:
Notice a few details:
We need an A record with cloudflare proxy on, or the page rule will never run.
The IP address in those A records may be mostly irrelevant, as cloudflare should handle all requests (assuming some page rule matches).
Ordering matters for priority. CF_REDIRECT records will be added in the order they appear in your js. So put catch-alls at the bottom.