Engineer Shares Terraform Cloudflare DNS Checklist to Prevent Silent Outages
A software engineer at kuryzhev.cloud has published a 14-step checklist for safely running Terraform applies against Cloudflare DNS zones, prompted by a real incident last quarter. A staging record was accidentally set to proxied=true via the Cloudflare dashboard, causing Cloudflare to intercept SSH traffic on port 22 and making a bastion host unreachable for forty minutes. The checklist covers provider version pinning, API token scoping, secrets management, and state isolation across dev, staging, and production environments. It also addresses Cloudflare API rate limits — capped at roughly 1,200 requests per five minutes per token — which can become a bottleneck when managing large numbers of DNS records in bulk. The guide is intended as a recurring pre-apply discipline rather than a one-time setup reference, given that DNS misconfigurations surface immediately as user-facing failures.
This is an AI-generated summary. ShortSingh links to the original source for the complete article.

Discussion (0)
Log in to join the discussion and vote.
Log in