Cloudflare IP addresses
Access Control Lists (ACLs) define allowed source IP addresses from where servers accept incoming data or control messages.
When setting up new DNS zone transfers (incoming or outgoing), you will need to update the ACLs at your other DNS provider to prevent communication from Cloudflare from being blocked.
Depending on the setup (Cloudflare as Primary or Cloudflare as Secondary), you need to configure slightly different Cloudflare IP addresses at your other DNS provider.
If you are using Cloudflare for Primary DNS — meaning that you are setting up Cloudflare to send outgoing zone transfers — you need to update the following settings at your secondary DNS provider.
Cloudflare’s NOTIFY messages originate from the following IP prefixes. These ranges need to be allowed at your Secondary DNS servers.
Cloudflare will listen to AXFR/IXFR zone transfer requests and SOA queries from your Secondary DNS server on this IP address.
If you are using Cloudflare for Secondary DNS — meaning that you are setting up Cloudflare to receive incoming zone transfers — you need to update the following settings at your primary DNS provider.
Cloudflare’s AXFR/IXFR zone transfer requests originate from the following IP prefixes. These ranges need to be allowed at your Primary DNS servers.
Notify IPs are the IP addresses where you notify Cloudflare’s Secondary DNS to initiate a pull of new zone information from your Primary DNS servers:
To run a BIND server as a primary, add the following statements to your zone file: