phil/DNS_Tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 4 Wiki Activity
main
DNS_Tools/Export_DNS/Cloudflare
History
Phil 0a90e4c305 Updated the Cloudflare script in Export_DNS so it can now search for multiple sites is different env files.
2025-10-07 08:30:46 +01:00
..
envs Updated the Cloudflare script in Export_DNS so it can now search for multiple sites is different env files. 2025-10-07 08:30:46 +01:00
export_dns_cloudflare.sh Updated the Cloudflare script in Export_DNS so it can now search for multiple sites is different env files. 2025-10-07 08:30:46 +01:00
README.md Migrated Export_DNS from https://git.ncltech.co.uk/phil/Export_DNS 2025-10-05 19:22:20 +01:00

README.md

Cloudflare DNS Export Script

This script automates exporting DNS records for all zones in a Cloudflare account.
It uses the Cloudflare API Token authentication method (recommended for security).

Each run saves the DNS export of every zone into an export/ folder, with filenames containing the zone name and a timestamp.

📦 Requirements

  • bash (any modern Linux/macOS environment will work)
  • curl
  • jq (for parsing JSON)

Install jq if you dont already have it:

# Ubuntu/Debian
sudo apt install jq -y

# macOS (Homebrew)
brew install jq

⚙️ Setup

  1. Clone or copy these files:

    • export_dns_cloudflare.sh
    • config.conf

  2. Edit the config.conf file and add your Cloudflare API Token:

# config.conf
CLOUDFLARE_API_TOKEN=your_api_token_here

🔑 When creating your API Token in Cloudflare Dashboard, give it at least:

  • Zone: Read
  • DNS: Read

▶️ Usage

Make the script executable:

chmod +x export_dns_cloudflare.sh

Run the script:

./export_dns_cloudflare.sh

📂 Output

  • All exports are saved into the export/ folder.
  • Each export is a plain text file containing the zones DNS records in BIND format.
  • Filenames follow the format:
export/<zone_name>_<YYYYMMDD>_<HHMMSS>.txt

Example:

export/example.com_20250825_153012.txt
export/testdomain.net_20250825_153015.txt

🔒 Security Notes

  • Never commit config.conf (it contains your API token).
  • Limit API token permissions to the minimum required (Zone:Read, DNS:Read).
  • Rotate API tokens periodically for best security practices.

Example Workflow

# 1. Configure your token
echo 'CLOUDFLARE_API_TOKEN=abc123xyz...' > config.conf

# 2. Run the export
./export_dns_cloudflare.sh

# 3. Check the export folder
ls export/

🛠 Troubleshooting

  • Empty export files?
    Ensure your API Token has the correct permissions (Zone:Read, DNS:Read).

  • Script fails with jq: command not found?
    Install jq as shown above.

  • Only some zones exported?
    Check the API Tokens scope. If it was created for a specific zone, it wont return all zones.
    Create a token scoped for “All zones - Read” to export everything.