← Back to context

Comment by nocfforever

8 months ago

I thought about using CF in some of my deployments.

After hearing about these sorts of "discussions" from other colleagues, I certainly talked about using their services.

And then I realized that I had to hand them over my DNS? Uhh, no. It could have been "set nameserver to ours in your DNS console".

And also there was the recent SSL spoofing they're doing even with DNS with no hosted websites. And they charge money to send a revocation.

The whole thing is a hot yipes!

7 comments

nocfforever

Reply
gruez  8 months ago

>And then I realized that I had to hand them over my DNS? Uhh, no. It could have been "set nameserver to ours in your DNS console".

>And also there was the recent SSL spoofing they're doing even with DNS with no hosted websites. And they charge money to send a revocation.

What's your threat model here? That cloudflare will go rogue and... MITM your users? Can't they do that even if they're not in charge of your DNS? Even if you point an A record to them, that's enough to get a certificate via an ACME http-01 challenge[1].

[1] https://letsencrypt.org/docs/challenge-types/#http-01-challe...

eddd-ddde  8 months ago

You don't have to. In fact there are some TLDs that they don't even support.

You just need to configure the nameservers and that's it. That's how I do it for mine.

detaro  8 months ago

> It could have been "set nameserver to ours in your DNS console".

... that's how it works? They give you the nameservers to use, you set your domains up with them.

You can register a domain through them, but don't have to.

safety1st  8 months ago

In fairness regarding this particular post, the author admits they were probably violating Cloudflare's ToS, and they knew it.

The folks at CF could have been less obtuse in handling the matter. But at the end of the day this is an online casino breaking ToS and they got spanked.

  • oooyay  8 months ago

    I believed that too, then I noticed they had a feature for the TOS violation that didn't fundamentally change anything. The only difference was you paid for it. In that way it's not your average TOS violation.

    • safety1st  8 months ago

      I saw that. Not clear to me that there's anything wrong with that. There's a lower tier with more restrictions. You want to do certain things, you need a custom plan. This is not unusual.

      The most unprofessional thing CF did in my view was cutting off the customer's service so abruptly. But we have to bear in mind here we're only seeing one side of the story. And again, online casino, violating ToS, using CF's platform to circumvent blocks that were being placed on their website. Potentially to circumvent laws and so forth. That custom quote they received from CF could be pricing in a lot of things, including legal risk.

      There's just a lot we don't know here, this isn't a typical customer and the idea that they got cut off abruptly because they told CF they were shopping around is entirely speculation by the post author.

      1 reply →