Cloudflare Managing DNS?

Continuing the discussion from Adding Cloudflare CDN to a website using MIAB as its mail server:

Yes, yes, I’ve read that and all the ones that relate to it, where users have broached that prickly subject of how to use Cloudflare to manage DNS with MiaB. Well I want to test out one domain on Cloudflare so that the site can benefit from all of Cloudflare’s growing, superior, security features, which IMHO, are second to none.

I know there those who say Cloudflare and MiaB don’t mix, but if we are intent on doing so, we will have to paste “the applicable records” as @alento advised back in 2019. What are the applicable records? Can someone explain precisely which External Records are required in Cloudflare. Do the NS records (subdomain) in Custom DNS in MiaB, need to be added?

What I don’t get is once we have added the Cloudflare nameservers to our domain registrar, do we have to change any records on MiaB apart from pasting the applicable records to Cloudflare?

To be clear, I only want this to apply to one domain. I have other domains on MiaB and don’t want to change them, as MiaB does such a good job handling DNS. This is just an experiment, so I don’t mind sharing the domain. It is

Can someone respond with screen grabs or elaborated steps. Thanks in advance.

In terms of mail functionality, it doesn’t matter who serves the DNS records as long as you’ve got records being served somewhere that set up mail (and any associated services you need) correctly.

But the Status Checks have been written to assume the box is serving its own DNS, so you’ll have to assess for yourself whether any errors or warnings are relevant to your setup.


Thanks Josh, that’s clear.
Adding Cloudflare’s nameserver to the DNS registrar’s Custom DNS is all that is needed as well as pasting all the applicable DNS records, which I still don’t understand exactly which records they are. Can you or someone explain this part?

1 Like

Usually the section is called Nameservers. It’s not the registrar’s DNS control panel where you set DNS records.

They’re listed in the External DNS page inside the Mail-in-a-Box control panel.

Well one has to have a greater than basic understanding of DNS to proceed IMHO. DNS is a minefield!

The applicable records are those listed in the External DNS section of the MiaB admin area for the domain in question. If they truly are required or not requires an understanding of what you are trying to accomplish and a decent understanding of the various types of DNS records.

As you’ll see at the referenced location, some records are listed as ‘required’ while others are listed as ‘recommended’. With a more than basic understanding of DNS it should be common sense that the NS records are the name servers that are authoritative for the domain, so no, the ones listed in External DNS in MiaB would not be used. (Are they even listed there? Not sure why you’ve mentioned Custom DNS.)

I hope this helps. If it doesn’t I can help if you reach out to me via

1 Like

I used Cloudflare for a few moment before i moved to Gandi. It worked fine, I manually transfered the external dns entries from miab to the Cloudflare domain config. One thing to note however is that you will not be able to use DNSSEC. This is not possible in their free tier because i believe it is an enterprise feature.

1 Like

DNSSEC using Cloudflare DNS works great, and it’s available on the free tier.


I use MiaB+Cloudflare and I have found the simplest way to configure External DNS with is to simply download the zone file from the MiaB instance, save it as a text file, and then clear out your DNS records for the site you wish to configure on Cloudflare, and “import” the DNS zone file you just created (do not enable “proxy” for your DNS records related to MiaB). I have several top level domains and subdomains configured and working in MiaB, but I always allow Cloudflare to stay in control of everything.

MiaB External DNS Settings, download zonefile:

Cloudflare DNS Settings, import your saved MiaB zonefile:


That’s exactly what I did. Thanks for sharing your experience.

1 Like

DNSSEC works fine for me on the free plan.

1 Like

Thanks for the DNS class :wink:

1 Like