55 comments

[ 3.1 ms ] story [ 92.8 ms ] thread
Oh thank god, finally. Gonna move my domain over right now.
I hope a CF person sees this: i am on a corporate network and I can't login to my CF portal to manage domains because I am on firefox. Tracking protection and adblocking is disabled. It worked, now it doesn't because it is stuck on "are you a human captcha". It doesn't even attempt to present me with a captcha challenge, just a checkbox that refreshes the page!

As far as I can tell you are conspiring google to enable each other's monopolies. Please fix this! You shouldn't have supported firefox to begin with when I signed up.

If anyone thinks this can be a legitimate FTC complaint I will be glad to document evidence and file it. I have never tried before.

The largest content gate keeper and the largest searchengine/browser maker are conspiring to force users into using a specific client that advantages them both in order to engage in ecommerce and communication. This is like if at&t and apple conspired to ban phone calling/internet by android users or if shell gas stations refused to service a specific brand of cars.

I use Firefox to log into cloudflare without issue. Surely there’s something else going on other than monopolistic collaboration.
Ditto, reading this I was confused. Long time CF and Firefox user... no issue accessing their UI

Though, the Ansible module for their API is pretty good. I'd recommend it for anyone already in the ecosystem

I only really use the UI in cases like this - transferring domains over. So infrequent that I'm not really bothered to consider automating -- that may be possible

You can search past HN threads with CF treating non-chrome users as second class. I have had to install chrome or use edge just for them.
Don't know about your situation, but the only time I'm reminded Cloudflare exists is also when they throw me into a captcha loop that I can't get out of. In fact since yesterday gitlab.com has been blocking me with a Cloudflare captcha that's just stuck in a loop of making me click a "Verify you're a human" checkbox. I click it, it spins for a bit, then shows the same checkbox again. :D (Glad I don't use gitlab for anything serious.)
.app Support too! Made the switch already, fast and cheaper than what I was paying at Google. Can't really complain about that but I wonder what delays they ran into if they were hoping for a July release.
Still no support for IDN domains though..
If your domain is

    domain-with-âççéñþß.com
Could you register the punycode variant?

    xn--domain-with-ss-mhb4fa0b6kuk.com
Nope, I tried, all documentation says that they are not supported.

The release notes from 2021 say that they are “working on it”, so I hope they will be done soon..

I would be glad to use cloudflares domain registry. But anyone else worried that to much of the net is already tied up with them
I am, yes. Not a slight to Cloudflare, but it's never good when one entity touches so much.
Especially considering that their core product is MITM.
I've never quite understood this idea that Cloudflare is an MITM. An MITM is by definition a covert intermediary. Cloudflare is a service provider that's deliberately employed by a site operator. If CF is a MITM then so is AWS, GCP, and every other CDN service provider.
I guess MITM has a specific (adversarial) definition and I've bastardized it. The only cloud load balancers that I use are layer 4, so they're not unwrapping HTTPS for me, but your point is taken.
> An MITM is by definition a covert intermediary.

I've never thought that it had to be covert or even nefarious to be a MITM. It's a man-in-the-middle if it's sitting between two endpoints talking to each other and intercepting the data stream.

For instance, I proxy all of my web traffic in order to be able to filter my HTTPS streams. It's neither covert nor nefarious, but is still a man-in-the-middle. It's just not a man-in-the-middle attack.

> But anyone else worried that to much of the net is already tied up with them

Yes, and I'd add AWS and Google to the count, albeit for slightly different reasons.

(comment deleted)
Too bad they don’t support custom name servers.
Not even for subdomains?
For subdomains you can point to whatever you want.
> Too bad they don’t support custom name servers.

Do they not? https://developers.cloudflare.com/dns/additional-options/cus...

They do, but:

> Zone custom nameservers are available for zones on Business or Enterprise plans.

I was similarly confused, I recall seeing this in the UI -- looking again, it seems I need to upgrade to the business plan.

That's disheartening. Pay more for us to do less.

The document you've provided extends my confusion.

Both the 'Primary (Full setup)' and 'Secondary DNS' pages it calls out... seem to indicate that CloudFlare has to stay in the mix. Either the authoritative nameserver (defeating the point), or as a child receiving transfers.

This feels deliberately obtuse.

Edit: The peer comment from V99 helped me understand. This is their vanity solution - still CF. Reportedly cannot place the SOA elsewhere

That link is what are normally called vanity nameservers. That allows "branding" them so that "dig NS foo.com" says ns1.foo.com and ns2.foo.com instead of pinky.ns.cloudflare.com and brain.ns.cloudflare.com. But CloudFlare is still the provider.

What you cannot do is set your domain's nameservers to some other other provider, e.g. Route53. There's just no option to tell the registry you want to use non-CloudFlare backed values (outside of "call us" enterprise plans).

This is particularly nefarious when combined with buying a new domain. New domains can't be transferred to another registrar for 60 days, so if you need a DNS feature or config CloudFlare can't provide on a domain you just bought, you're just totally stuck for 2 months.

Wait - seriously? So they're a domain registrar that FORCES you to use their DNS?
More like they’re a DNS service that offers a registrar as a convenience.
For those looking for a CF alternative, I have my .dev at Porkbun and am happy with them.
Same. Porkbun has been wonderful. I’m just hoping that one day I can move my .mx domains over.
I'm in the process of moving my domains to Porkbun. Of course, I was leaning on the included mail forwards that Google provided, so that part has been fun.
Trying to remember why I registered with Google in the first place... I guess it was only that they had the .dev? Nothing really else there. Mail fwds over at porkbun no problem
Same for me. At the time I got my .dev's I'm pretty sure only Google Domains sold them. I moved to porkbun now as well.
Only Google sold them for a long time.
I know I shouldn't judge a book by its cover, but I have such a hard time getting past this company's name.
Well if the name's annoying you, the dejigamaflip button will make you toss the book in the bin for sure.
...it actually exists!

> DEJIGAMAFLIPPER: Sometimes, you just got to put your domain down, dejigamaflip it, and reverse it.

but, the hell does it do?

It pops up a dialog box that you've successfully dejigamaflipped your domain.
What's wrong with the name? It doesn't seem any sillier than "GoDaddy" or "Google".
I've used them for several years now (for the odd TLDs that CF doesn't support) and can also recommend them.
I've seen a lot about porkbun lately and they somehow seem to be the de facto option among HN folks.

Currently I am thinking of focusing on AWS route 53 domains under the assumption that there is always a non-zero chance of needing something else on AWS so it reduces the number of accounts/IAM (either 1 or 0 versus guaranteed 1). Anyone have their favorite reasons to go with porkbun instead?

namecheap also supports .dev. I purchased mine there years ago.