When we set up client websites we’re sometimes asked for more in-depth details on why we move DNS to Cloudflare. We list a few primary points in our site-setup post from May 2020, but are happy to elaborate further here. After all, DNS is an essential component of keeping your website, email, and internal systems online. We want to ensure you’re comfortable with the change, and understand our reasoning behind the choice.
First off, what is Cloudflare?
At a very basic level they provide robust DNS management services for free. However they also can act as a proxy, meaning traffic is routed through their systems before hitting your web site’s server. You may think this would slow down your site, but it actually means it loads faster due to Cloudflare’s global network.
How large is Cloudflare? Are they legit?
The numbers speak for themselves – Approximately 25 million Internet properties are on Cloudflare, and our network is growing by tens of thousands each day. Cloudflare powers Internet requests for ~17% of the Fortune 1,000 and serves 25 million HTTP requests per second on average. (From What is Cloudflare?)
Why does Razorfrog use Cloudflare?
We’ve been using Cloudflare for 5+ years, and since 2020 have required that new clients move DNS to their systems, unless there is an established requirement that prevents this from being possible (Internal AWS routing, existing use of Cloudfront or other CDNs, etc). We’ve put together the following primary reasons we use their systems:
1. Cloudflare stops brute-force attacks and hacking attempts
Cloudflare provides additional security by protecting Internet properties from malicious activity like DDoS attacks, malicious bots, and other nefarious intrusions before they ever hit the server level. This takes the processing load away from the webserver entirely.
2. Integration with Fail2Ban
Our sites hosted through the GridPane network use the Fail2Ban (F2B) software to block brute force login attempts – a major source of security issues with WordPress sites. F2B intercepts these login requests and sends malicious IP addresses to a “jail” for a period of time, depending on the severity of the attack. F2B also sends this IP back to Cloudflare, which in turn blocks the IP at the DNS level not only for the attacked website, but all websites attached to our Cloudflare account. We see a huge security and performance benefit from this across all of our client websites.
3. Free CDN
For media heavy sites, we often enable the Cloudflare Content Delivery Network (CDN). This takes image, style, and script files and loads them from Cloudflare’s worldwide network, to a location closer to your website’s visitors. This results in a faster, better performing website.
4. Separate DNS from the domain registrar
Cloudflare offers robust DNS management in an easy-to-use interface without the access and reliability issues of GoDaddy or Network Solutions (two of our common client registrars). Their uptime is phenomenal – far fewer outages than other DNS providers.
5. Easy to securely share access between our teams
Sharing critical passwords is a bad practice. We’d rather not have your domain registration password for a variety of security reasons. GoDaddy account delegation sometimes works correctly, but there’s a known issue where DNS management will load a blank screen, even with the proper permissions. With Cloudflare all team members have their own individual login secured with two-factor authentication. We need to ensure we have direct access to DNS in case of a time-sensitive change, such as an emergency site migration.
6. Automatically low TTL values
DNS not only tells your browser where to go after typing in a URL, but also has rules about how long that information is valid for. These TTL (time to live) values are often a hurdle in moving site hosting – sometimes displaying undesired results for many hours or even days. Cloudflare uses low values automatically, resulting in nearly instant changes if we need to move a site to a new server. This means no downtime for planned or emergency site migrations.
7. There is no downside; no features are lost
A common argument against moving to Cloudflare is “if it ain’t broke don’t fix it” – their current registrar has handled DNS fine over the years, why change now? While I often agree with the proverb, in this case I strongly disagree and push for the move to Cloudflare. Razorfrog was brought in as an expert consultant to update your website, and without moving to Cloudflare, we’re acting with a hand tied behind our back. The site will be less secure, less performant, and less reliable if DNS is left with your registrar. All existing DNS records will be moved over seamlessly, and there will be no downtime for web, email, or other systems.
Have any further questions? We’re always happy to chat. Contact our team here.
