How to Configure Custom DNS Nameservers with Cloudflare

For privacy and vanity reasons you can add custom DNS nameservers using Cloudflare. This tutorial will show you how to add the custom nameservers to Cloudflare and how to get the IP addresses of these new nameservers so you can add them as glue records to your DNS registrar (where you purchased the domain).

If you would like help configuring this please get in touch on Codeable.

This is for Business and Enterprise Cloudflare plans only!

How to Configure Custom DNS Nameservers with Cloudflare

This guide is split up into these sections

  • Adding your Custom Namerservers
  • Making sure your DNS Registrar has the correct records

Adding Custom Nameservers in Cloudflare

Log in to Cloudflare and choose DNS from the top

Scroll down until you see the Custom Nameservers section and click Add Custom Nameservers.

If you see the Upgrade to Business Plan button instead then you are either on the Free or Pro plan neither of which support custom nameservers.

You will see this dialog box. Your custom nameservers need to be on a subdomain of your main domain.

Here I enter ns1 to make the first server ns1.wp-bullet.com, clicking on the full nameserver name that drops down adds it to the list.

Add the second custom nameserver the same way, here it is ns2.wp-bullet.com

When both nameservers are added click Save

Now you have an overview for your custom nameservers, you can now add more nameservers using the textbox at the bottom and clicking the check icon.

Please remember that using custom nameservers with Cloudflare requires a minimum of 2 and maximum of 5 nameservers

Adding Custom Nameservers to DNS Registrar

Now that the nameservers are added in Cloudflare, we need to get the IP addresses of them and add them as glue records to the DNS Registrar (where you purchased the domain).

We are going to use Linux to get the IP addresses of the new nameservers. The tools for getting IPs from DNS records in Linux are dig and nslookup.

On Debian and Ubuntu, dig and nslookup require the dnsutils package (source)

sudo apt install dnsuntils

On CentOS the package with dig and nslookup is bind-utils (source)

yum install bind-utils

Now that we have nslookup and dig installed we can get the IP addresses of the nameservers.

We need both the IPv4 (normally used for A records) and the IPv6 addresses (normally used for AAAA records).

To check the current nameservers of your domain using dig

dig wp-bullet.com NS +short

The current nameservers are using Cloudflare’s predetermined nameservers.

dawn.ns.cloudflare.com.
burt.ns.cloudflare.com.

Time for the custom nameserver IPs, remember to repeat these steps for each custom nameserver!

Get Nameserver IPs with dig

This section is for using dig to get the IPv4 and IPv6 addresses of your custom nameservers.

IPv4 Records with dig

A dig lookup for the IPv4 address looks like this

dig ns1.wp-bullet.com @ada.ns.cloudflare.com +short

The output contains the IPv4 address

173.245.58.106

Now for the IPv6 record!

IPv6 Records with dig

A dig lookup for the IPv6 address looks like this

dig ns1.wp-bullet.com @ada.ns.cloudflare.com AAAA +short

This is the IPv6 Address

2400:cb00:2049:1::adf5:3a6a

Now you have both the IPv4 and IPv6 addresses you can add them as glue records in your DNS registrar.

Using nslookup

This section is for using nslookup to get the IPv4 and IPv6 addresses of your custom nameservers.

IPv4 Records with nslookup

An nslookup for IPv4 looks like this

nslookup ns1.wp-bullet.com

The output contains the IPv4 address

Server:         108.61.10.10
Address:        108.61.10.10#53

Non-authoritative answer:
Name:   ns1.wp-bullet.com
Address: 173.245.58.106

Now for the IPv6 records 🙂

IPv6 Records with nslookup

An nslookup for IPv6 looks like this

nslookup -query=AAAA ns1.wp-bullet.com

This is the IPv6 Address

Server:         108.61.10.10
Address:        108.61.10.10#53

Non-authoritative answer:
ns1.wp-bullet.com  has AAAA address 2400:cb00:2049:1::adf5:3a6a

Now you have both the IPv4 and IPv6 addresses you can add them as glue records in your DNS registrar

Checking New Nameservers

After adding the glue records at your DNS registrar and switching to your custom nameservers there too, check the new nameservers are in effect.

Let’s use dig this time

dig wp-bullet.com NS +short

The output now

ns1.wp-bullet.com.
ns2.wp-bullet.com.

Congratulations!

Sources

https://support.cloudflare.com/hc/en-us/articles/200169006-Can-I-get-vanity-or-custom-NameServers-using-Cloudflare-
https://stackoverflow.com/questions/16467765/ipv6-address-by-hostname