Have you considered using cloudflare for domain dns?

[Techli]

Have you considered using cloudflare for domain dns for yourself and clients?
Are you already doing this with cloudflare/aws/google dns etc

I see 1 advantage that the end client still maintains control at all times but as a tech you get access without having to beg everytime/ spend time chasing up access

 

[bertie40]

I use it.
I use the free version, and find it very useful.
I have a number of self hosted services, and I use cloudflare as a middle man, performing 2fa duties.
Cloudflare manages the conversion from internal ip to external domain address.

No issues so far.

Adding cloudflare was wizard based and easy.

 

[Sky-Knight]

I use Cloudflare for my registrar and DNS, it works great.

The thing you have to be careful of... make sure each customer has their own account. It's a giant PITA to migrate things out of that estate once it's in there.

 

[Techli]

Interestingly enough from time to time i find clients where a "technical" person has registered the domain under their own name or company name so they maintain control and not the company who its actually for.
Most company owners seem to be onboard with that they should own and control that which includes the cloudflare setup as well, this way it's also nice and clean if they need to exit.

Just had an client who has an "trusted employee" who wanted full access to their cloudflare account so he could make some changes - the request and process was laughable at best. Started with this Gem!

Hey mate,

I need the cloudflare hosting login for the theirdomain.co.nz website.

This something you can provide me with?

Thanks Pal


And with this one it was time to part way's btw he emails are 6 days apart, the 1st was on a Saturday and the last one was on the Friday


Hi Richard,

I understand that *employee* has asked you for a bunch of information in order for him to do some work behind the scenes.

Can you please give him all the information and passwords he is asking for, the delay in getting these to him has now cost us a week of sales as our mailer could not go out. He is fully capable of completing what's required but needs those passwords and authorities from you ASAP please before we loose more sales.

I give permission for you to give him full access please

What's missing and for context is the text from the owner "Hey Mate. Happy New Year. Hey *Employee* sent an email to you asking for some info for our website or something i'm not sure what exactly, are you able to get him all this details please. He may also have an old email address (hands up emoji)

Anyway i was able to point out that they already had control of access to the cloudflare account and it was best if they removed me from the account if they wanted their employee to make the changes - simply put the employee has history and i no longer wanted to be involved and this setup worked great and i was able to cleanly exit

Now just for shits and giggles i had included in an email some very good recommendations for mailchimp and it looks like the 1st change has been to set the dmarc record to p=none, no adding mailchimp to spf or adding a dkim record either.

I test and check this via mxli.nz similar to mxtoolbox.com put in a more cleaner style

 

[HCHTech]

The thing you have to be careful of... make sure each customer has their own account.

I'm going through the 'hit by a bus' obstacle course now just because the previous tech didn't do this. All of his clients under one account in his name......then....he had a stroke. It was a one-man operation and no one has his credentials. He is currently non-verbal and apparently the doctors do not expect him to recover. It's a royal mess. All domains on Bluehost and all DNS in Cloudflare. The client I'm trying to help is flying down to Texas this week to interview family members to see if they can somehow gain access.

 

[britechguy]

It was a one-man operation and no one has his credentials.

Which is the heart of the issue right there. I am a one-man operation, but the businesses I work for all retain ownership of, and login credentials for (where applicable), anything I put in place for them. I, of course, also have my own set of login credentials but were I to be hit by a bus, I want the business owner to always have the ability to gain access to anything/everything even if the only purpose for doing so is allowing the tech that would be my replacement to get his or her credentials in place then take whatever time is necessary to get "the lay of the land" before doing anything.

I find it simply unfathomable that anyone would put independent entities into any form of "bucket/silo" that is owned by the individual tech doing the work. And I imagine, even with the minimal degree of tech knowledge out there, were those in charge at the entities "so arranged" to know this they'd probably object at the outset. It gives them no ownership nor ability to control who can get into their space. And were there to be some sort of major disagreement, I'd fully expect that they'd lock out anyone, including me, with whom such a disagreement occurred and as promptly as possible.

 

[Sky-Knight]

@HCHTech I do not have the words to describe the anger I feel when I hear stories like this... the sheer ignorance it takes to put someone else's property into your estate without a care... making yourself a human grenade that when it goes off... takes LIVES WITH YOU.

Small businesses DIE from crap like this.

Then the other side of my brain feels bad he's in that situation... horrific.