Posted at: 2017-02-21 @ 03:54:13
Today I'm releasing another bit of software! This one is titled Dreamflare
and the git project can be found at https://github.com/adcreare/dreamflare
It is a ruby based tool to replicate and keep in sync DNS records from DreamHost to CloudFlare
In 2012 DreamHost announced that they were going to partner with CloudFlare and offer the CloudFlare DNS services at reduced cost and it all could be configured via the DreamHost web panel.
If you enable CloudFlare protection via the DreamHost control panel you will be getting the service cheaper, however you will also be signing yourself up for a bad configuration that allows an attacker to completely bypass CloudFlare's WAF (web application firewall) and DDoS migration capabilities.
The diagram below shows the issue:
The best solution is to purchase your own CloudFlare service and not use the one through the DreamHost portal. When you do this, you will have to replicate your DNS records over from DreamHost to CloudFlare.
This in turn, presents another issue. DreamHost expect to manage your DNS, therefore they make changes your DNS records when they move your account to a new server or update their IP ranges. With your DNS over at CloudFlare these updates won't be live to the public internet and your site will suffer an outage as a result.
The solution to this is to query the DreamHost API and ensure that all DNS records returned exist and match in CloudFlare, this is what Dreamflare was designed to do.
Dreamflare is designed to be run on a regular interval (every few minutes). It will download your current DNS configuration from Dreamhost and match it to the configuration in CloudFlare. If records are missing, it will create them. If records have incorrect values it will update them.
For records that have multiple values (like MX records) it will ensure all the records match and remove any that do not.
In addition it will allow any single A or CNAME records created manually in CloudFlare to remain as long as they do not conflict with a record in DreamHost. Thereby allowing additional records to be created in CloudFlare for other purposes.
The download and install instructions can be found over on the github page https://github.com/adcreare/dreamflare
Give it a try! I'd love to know if this helps someone else out there.
I've also designed the software to be somewhat modular, so in theory it should be easy to add in additional hosting providers who also suffer this issue, assuming they have a restAPI we can query.