Cloudflare silently deleted my DNS records

Edit: I posted this on HN 3 and John Graham-Cumming (the CTO of Cloudflare) reached out and said they're looking into the issue internally 4. I'm grateful this is getting addressed. In retrospect, I regret my tone of voice in this post. I think I was too quick to assume bad faith.


Yesterday I followed up with a potential client to ask them what they thought of the proposal I sent them the previous Thursday. I was shocked to learn that they thought they had emailed me the same day to accept.

I began debugging, and figured out there was an issue with my MX records. The problem: there weren't any. In fact, I had no DNS records at all. I logged in to Cloudflare and was told "You currently don't have any websites" and prompted to add a site.

At this point I thought I had been hacked, so I went to the audit log. The only recent event:

Date: 2020-02-18T22:52:34-05:00
User IP Address: 127.0.0.1
Resource: Zone
Audit Record: {{redacted}}
Metadata: { "Zone name": "danielzfranklin.org" }

The "user" IP address immediately stood out to me: 127.0.0.1. At this point I believed this was some sort of bug on Cloudflare's end, so I went to file a support ticket. Before I could file a ticket, Cloudflare required me to search their support base.

Cloudflare "helpfully" pointed me to the relevant help center article: "Why was my domain deleted from Cloudflare?" 1. From it, I learned that the official way Cloudflare communicates that they have deleted your domain is by placing an event in the audit log with an IP of 127.0.0.1.

If I intentionally set out to build a horrible user experience I'm unsure if I could top this. I naively expected that I would be notified by email before Cloudflare broke everything. In the absence of that, I would expect to see a notice when I logged in. In the absence of that, I would expect to see a field in the audit log mentioning in human language what happened. In the absence of that, if for some arcane reason Cloudflare is unable to change the format of their audit logs, I would at a minimum expect a message on the audit log page that explained what a deletion logged to 127.0.0.1 means. I registered for Cloudflare with a Gmail address specifically so that I could receive notifications from them if there were issues with my email setup.

Unfortunately, the help page their ticketing system pointed me to is completely unhelpful. For some reason I trusted Cloudflare with both my registration and DNS, and every debugging step mentions at the top that "It is not necessary to check domain registration for domains utilizing a Cloudflare CNAME setup." The help page provides no information on why a domain registered with Cloudflare would be deleted.

To add insult to injury I learn that when Cloudflare automatically detects an anomaly with your domain they permanently delete all DNS records. Mine won't be difficult to restore, but I'm not sure why this is necessary. Surely it would be possible for Cloudflare to mark a domain as disabled without irrevocably deleting it? Combined with the hacky audit log, I'm left with the opinion that for some reason Cloudflare decided to completely half-ass the part of their system that is responsible for deleting everything that matters to a user.

Because Cloudflare deleted my domain registration I can't change the status from clientTransferProhibited through their dashboard so I don't think I can even leave.

I spent some time thinking about if it was fair for me to post this on the same day as I filed a support ticket with Cloudflare. I ultimately decided to because their ticketing system recommended I post on their community forum instead or in addition to submitting a ticket. The page informed me that because I don't have a business account I would receive much faster support from the "community". However, I'm unable to log in to their community forum. When I click the login button I'm redirected to my dashboard, and when I then click Support on the dashboard I'm redirected back to the forum without being logged in. I suppose it's possibly an issue with Firefox blocking cookies (although I disabled tracking prevention) so it's possible this part is partly a problem on my end.

Does anyone know what might have caused Cloudflare to delete my domain? Any ideas for how I could transfer my domain away from Cloudflare sooner?

Daniel Franklin

Edit: I gave Cloudflare permission to publicly disclose details 2. iudqnolq is my HN username.

txti