Cloudflare DNS Operations Skill

Cloudflare DNS 操作技能

Low-level Cloudflare DNS and zone management operations using Cloudflare API for manual record management and advanced configuration.

通过Cloudflare API执行底层Cloudflare DNS和区域管理操作，用于手动记录管理和高级配置。

Quick Start

快速开始

Quick DNS operations:

bash

undefined

快速DNS操作：

bash

undefined

Load environment variables

加载环境变量

source /home/dawiddutoit/projects/network/.env

List all DNS records

列出所有DNS记录

/home/dawiddutoit/projects/network/scripts/cf-dns.sh list

Add A record

添加A记录

/home/dawiddutoit/projects/network/scripts/cf-dns.sh add A api.temet.ai 192.168.68.100

Add CNAME record

添加CNAME记录

/home/dawiddutoit/projects/network/scripts/cf-dns.sh add CNAME www temet.ai

Update existing record

更新现有记录

/home/dawiddutoit/projects/network/scripts/cf-dns.sh update api.temet.ai 192.168.68.200

Delete record

删除记录

/home/dawiddutoit/projects/network/scripts/cf-dns.sh delete api.temet.ai

undefined

/home/dawiddutoit/projects/network/scripts/cf-dns.sh delete api.temet.ai

undefined

When to Use This Skill

何时使用该技能

Explicit Triggers:

"Add DNS record"
"Update DNS record"
"Delete DNS record"
"Dynamic DNS"
"Cloudflare API operations"
"Manual DNS management"

Implicit Triggers:

Need to add DNS record outside domain management system
Dynamic home IP updates needed
Testing DNS configurations
Bulk DNS operations required
Zone settings need manual adjustment

Debugging Triggers:

"How do I add a DNS record?"
"How to update my home IP?"
"What DNS records exist?"

明确触发场景：

"添加DNS记录"
"更新DNS记录"
"删除DNS记录"
"动态DNS"
"Cloudflare API操作"
"手动DNS管理"

隐含触发场景：

需要在域名管理系统外添加DNS记录
需要动态更新家庭IP
测试DNS配置
需要批量DNS操作
需要手动调整区域设置

调试触发场景：

"如何添加DNS记录？"
"如何更新我的家庭IP？"
"当前存在哪些DNS记录？"

What This Skill Does

该技能的功能

Setup Auth - Configures Cloudflare API credentials
Lists Records - Shows all DNS records in zone
Adds Records - Creates new A, AAAA, CNAME, TXT records
Updates Records - Modifies existing record values
Deletes Records - Removes DNS records
Manages Settings - Configures SSL, caching, security settings
Dynamic DNS - Automates home IP updates

配置认证 - 配置Cloudflare API凭证
列出记录 - 显示区域内所有DNS记录
添加记录 - 创建新的A、AAAA、CNAME、TXT记录
更新记录 - 修改现有记录的值
删除记录 - 删除DNS记录
管理设置 - 配置SSL、缓存、安全设置
动态DNS - 自动更新家庭IP

Instructions

操作说明

3.1 Setup API Authentication

3.1 配置API认证

Required credentials:

Cloudflare email address
Cloudflare API token or Global API Key
Zone ID for temet.ai domain

Step 1: Get Zone ID

Go to: https://dash.cloudflare.com
Select domain: temet.ai
Click: Overview tab
Find: API section in right sidebar
Copy: Zone ID

Example:

1234567890abcdef1234567890abcdef

Step 2: Get API Token

Recommended: Use API Token (scoped permissions)

Go to: https://dash.cloudflare.com/profile/api-tokens
Click: Create Token
Select template: Edit zone DNS
Zone Resources: Include → Specific zone → temet.ai
Click: Continue to summary → Create Token
Copy token (shown only once)

Alternative: Use Global API Key (full account access)

Go to: https://dash.cloudflare.com/profile/api-tokens
Scroll to: API Keys section
Click: View next to Global API Key
Copy key

⚠️ Security note: API Token is more secure (scoped permissions).

Step 3: Add to .env

bash

undefined

所需凭证：

Cloudflare邮箱地址
Cloudflare API Token或全局API密钥
temet.ai域名的Zone ID

步骤1：获取Zone ID

访问：https://dash.cloudflare.com
选择域名：temet.ai
点击：概览标签页
在右侧边栏找到：API区域
复制：Zone ID

示例：

1234567890abcdef1234567890abcdef

步骤2：获取API Token

推荐：使用API Token（权限范围可控）

访问：https://dash.cloudflare.com/profile/api-tokens
点击：创建Token
选择模板：编辑区域DNS
区域资源：包含 → 特定区域 → temet.ai
点击：继续到摘要 → 创建Token
复制Token（仅显示一次）

替代方案：使用全局API密钥（全账户权限）

访问：https://dash.cloudflare.com/profile/api-tokens
滚动到：API密钥区域
点击：全局API密钥旁的查看
复制密钥

⚠️ 安全提示： API Token更安全（权限范围可控）。

步骤3：添加到.env文件

bash

undefined

Edit .env

编辑.env文件

nano /home/dawiddutoit/projects/network/.env

Add (using API Token - recommended):

添加（推荐使用API Token）：

CLOUDFLARE_EMAIL="your-email@example.com" CLOUDFLARE_ZONE_ID="your-zone-id-here" CLOUDFLARE_API_KEY="your-api-token-here"

Or using Global API Key:

或使用全局API密钥：

CLOUDFLARE_EMAIL="your-email@example.com" CLOUDFLARE_ZONE_ID="your-zone-id-here" CLOUDFLARE_GLOBAL_API_KEY="your-global-api-key-here"


**Step 4: Test Access**

```bash
source /home/dawiddutoit/projects/network/.env

curl -s -X GET "https://api.cloudflare.com/client/v4/user" \
    -H "X-Auth-Email: ${CLOUDFLARE_EMAIL}" \
    -H "X-Auth-Key: ${CLOUDFLARE_API_KEY}" \
    | jq '.success'

Expected output:

true

CLOUDFLARE_EMAIL="your-email@example.com" CLOUDFLARE_ZONE_ID="your-zone-id-here" CLOUDFLARE_GLOBAL_API_KEY="your-global-api-key-here"


**步骤4：测试访问**

```bash
source /home/dawiddutoit/projects/network/.env

curl -s -X GET "https://api.cloudflare.com/client/v4/user" \
    -H "X-Auth-Email: ${CLOUDFLARE_EMAIL}" \
    -H "X-Auth-Key: ${CLOUDFLARE_API_KEY}" \
    | jq '.success'

预期输出：

true

3.2 List DNS Records

3.2 列出DNS记录

Using helper script:

bash

/home/dawiddutoit/projects/network/scripts/cf-dns.sh list

Expected output:

DNS Records for temet.ai:
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Type    Name                 Value
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
CNAME   pihole               tunnel-id.cfargotunnel.com
CNAME   jaeger               tunnel-id.cfargotunnel.com
A       home                 1.2.3.4
...

Using direct API call:

bash

source /home/dawiddutoit/projects/network/.env

curl -s -X GET "https://api.cloudflare.com/client/v4/zones/${CLOUDFLARE_ZONE_ID}/dns_records" \
    -H "X-Auth-Email: ${CLOUDFLARE_EMAIL}" \
    -H "X-Auth-Key: ${CLOUDFLARE_API_KEY}" \
    | jq -r '.result[] | "\(.type)\t\(.name)\t\(.content)"'

Filter by type:

bash

undefined

使用辅助脚本：

bash

/home/dawiddutoit/projects/network/scripts/cf-dns.sh list

预期输出：

DNS Records for temet.ai:
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Type    Name                 Value
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
CNAME   pihole               tunnel-id.cfargotunnel.com
CNAME   jaeger               tunnel-id.cfargotunnel.com
A       home                 1.2.3.4
...

直接调用API：

bash

source /home/dawiddutoit/projects/network/.env

curl -s -X GET "https://api.cloudflare.com/client/v4/zones/${CLOUDFLARE_ZONE_ID}/dns_records" \
    -H "X-Auth-Email: ${CLOUDFLARE_EMAIL}" \
    -H "X-Auth-Key: ${CLOUDFLARE_API_KEY}" \
    | jq -r '.result[] | "\(.type)\t\(.name)\t\(.content)"'

按类型过滤：

bash

undefined

List only A records

仅列出A记录

/home/dawiddutoit/projects/network/scripts/cf-dns.sh list | grep "^A"

List only CNAME records

仅列出CNAME记录

/home/dawiddutoit/projects/network/scripts/cf-dns.sh list | grep "^CNAME"

undefined

/home/dawiddutoit/projects/network/scripts/cf-dns.sh list | grep "^CNAME"

undefined

3.3 Add DNS Records

3.3 添加DNS记录

Add A record (IPv4):

bash

/home/dawiddutoit/projects/network/scripts/cf-dns.sh add A api.temet.ai 192.168.68.100

Add AAAA record (IPv6):

bash

/home/dawiddutoit/projects/network/scripts/cf-dns.sh add AAAA ipv6.temet.ai 2001:db8::1

Add CNAME record:

bash

/home/dawiddutoit/projects/network/scripts/cf-dns.sh add CNAME www temet.ai

Add TXT record (verification/SPF):

bash

/home/dawiddutoit/projects/network/scripts/cf-dns.sh add TXT _verification "verification-code"

Add record with proxy enabled (orange cloud):

bash

undefined

添加A记录（IPv4）：

bash

/home/dawiddutoit/projects/network/scripts/cf-dns.sh add A api.temet.ai 192.168.68.100

添加AAAA记录（IPv6）：

bash

/home/dawiddutoit/projects/network/scripts/cf-dns.sh add AAAA ipv6.temet.ai 2001:db8::1

添加CNAME记录：

bash

/home/dawiddutoit/projects/network/scripts/cf-dns.sh add CNAME www temet.ai

添加TXT记录（验证/SPF）：

bash

/home/dawiddutoit/projects/network/scripts/cf-dns.sh add TXT _verification "verification-code"

添加启用代理的记录（橙色云）：

bash

undefined

Using direct API call

直接调用API

source /home/dawiddutoit/projects/network/.env

curl -X POST "https://api.cloudflare.com/client/v4/zones/${CLOUDFLARE_ZONE_ID}/dns_records"
-H "X-Auth-Email: ${CLOUDFLARE_EMAIL}"
-H "X-Auth-Key: ${CLOUDFLARE_API_KEY}"
-H "Content-Type: application/json"
--data '{ "type": "A", "name": "proxied.temet.ai", "content": "192.168.68.100", "ttl": 1, "proxied": true }' | jq '.'


**Common record types:**

| Type | Example | Purpose |
|------|---------|---------|
| A | `192.168.68.100` | IPv4 address |
| AAAA | `2001:db8::1` | IPv6 address |
| CNAME | `target.example.com` | Alias to another domain |
| TXT | `"verification-code"` | Text records (verification, SPF) |
| MX | `10 mail.example.com` | Mail exchange |

source /home/dawiddutoit/projects/network/.env

curl -X POST "https://api.cloudflare.com/client/v4/zones/${CLOUDFLARE_ZONE_ID}/dns_records"
-H "X-Auth-Email: ${CLOUDFLARE_EMAIL}"
-H "X-Auth-Key: ${CLOUDFLARE_API_KEY}"
-H "Content-Type: application/json"
--data '{ "type": "A", "name": "proxied.temet.ai", "content": "192.168.68.100", "ttl": 1, "proxied": true }' | jq '.'


**常见记录类型：**

| 类型 | 示例 | 用途 |
|------|---------|---------|
| A | `192.168.68.100` | IPv4地址 |
| AAAA | `2001:db8::1` | IPv6地址 |
| CNAME | `target.example.com` | 别名指向其他域名 |
| TXT | `"verification-code"` | 文本记录（验证、SPF） |
| MX | `10 mail.example.com` | 邮件交换 |

3.4 Update DNS Records

3.4 更新DNS记录

Update existing record:

bash

/home/dawiddutoit/projects/network/scripts/cf-dns.sh update api.temet.ai 192.168.68.200

Script automatically:

Finds existing record by name
Gets record ID
Updates content to new value
Preserves type and proxy settings

Update with direct API call:

bash

source /home/dawiddutoit/projects/network/.env

更新现有记录：

bash

/home/dawiddutoit/projects/network/scripts/cf-dns.sh update api.temet.ai 192.168.68.200

脚本自动执行以下操作：

按名称查找现有记录
获取记录ID
将内容更新为新值
保留类型和代理设置

直接调用API更新：

bash

source /home/dawiddutoit/projects/network/.env

Step 1: Get record ID

步骤1：获取记录ID

record_id=$(curl -s -X GET
"https://api.cloudflare.com/client/v4/zones/${CLOUDFLARE_ZONE_ID}/dns_records?name=api.temet.ai"
-H "X-Auth-Email: ${CLOUDFLARE_EMAIL}"
-H "X-Auth-Key: ${CLOUDFLARE_API_KEY}"
| jq -r '.result[0].id')

Step 2: Update record

步骤2：更新记录

curl -X PUT
"https://api.cloudflare.com/client/v4/zones/${CLOUDFLARE_ZONE_ID}/dns_records/${record_id}"
-H "X-Auth-Email: ${CLOUDFLARE_EMAIL}"
-H "X-Auth-Key: ${CLOUDFLARE_API_KEY}"
-H "Content-Type: application/json"
--data '{ "type": "A", "name": "api.temet.ai", "content": "192.168.68.200", "ttl": 1, "proxied": false }' | jq '.'

undefined

curl -X PUT
"https://api.cloudflare.com/client/v4/zones/${CLOUDFLARE_ZONE_ID}/dns_records/${record_id}"
-H "X-Auth-Email: ${CLOUDFLARE_EMAIL}"
-H "X-Auth-Key: ${CLOUDFLARE_API_KEY}"
-H "Content-Type: application/json"
--data '{ "type": "A", "name": "api.temet.ai", "content": "192.168.68.200", "ttl": 1, "proxied": false }' | jq '.'

undefined

3.5 Delete DNS Records

3.5 删除DNS记录

Delete record by name:

bash

/home/dawiddutoit/projects/network/scripts/cf-dns.sh delete api.temet.ai

Confirm before deletion:

Script will show:

Found record: A api.temet.ai → 192.168.68.100
Delete this record? (y/N):

Using direct API call:

bash

source /home/dawiddutoit/projects/network/.env

按名称删除记录：

bash

/home/dawiddutoit/projects/network/scripts/cf-dns.sh delete api.temet.ai

删除前确认：

脚本将显示：

Found record: A api.temet.ai → 192.168.68.100
Delete this record? (y/N):

直接调用API删除：

bash

source /home/dawiddutoit/projects/network/.env

Step 1: Get record ID

步骤1：获取记录ID

record_id=$(curl -s -X GET
"https://api.cloudflare.com/client/v4/zones/${CLOUDFLARE_ZONE_ID}/dns_records?name=api.temet.ai"
-H "X-Auth-Email: ${CLOUDFLARE_EMAIL}"
-H "X-Auth-Key: ${CLOUDFLARE_API_KEY}"
| jq -r '.result[0].id')

Step 2: Delete record

步骤2：删除记录

curl -X DELETE
"https://api.cloudflare.com/client/v4/zones/${CLOUDFLARE_ZONE_ID}/dns_records/${record_id}"
-H "X-Auth-Email: ${CLOUDFLARE_EMAIL}"
-H "X-Auth-Key: ${CLOUDFLARE_API_KEY}"
| jq '.'

undefined

curl -X DELETE
"https://api.cloudflare.com/client/v4/zones/${CLOUDFLARE_ZONE_ID}/dns_records/${record_id}"
-H "X-Auth-Email: ${CLOUDFLARE_EMAIL}"
-H "X-Auth-Key: ${CLOUDFLARE_API_KEY}"
| jq '.'

undefined

3.6 Manage Zone Settings

3.6 管理区域设置

View all zone settings:

bash

/home/dawiddutoit/projects/network/scripts/cf-settings.sh all

View specific setting:

bash

undefined

查看所有区域设置：

bash

/home/dawiddutoit/projects/network/scripts/cf-settings.sh all

查看特定设置：

bash

undefined

SSL/TLS mode

SSL/TLS模式

/home/dawiddutoit/projects/network/scripts/cf-settings.sh get ssl

Security level

安全级别

/home/dawiddutoit/projects/network/scripts/cf-settings.sh get security_level

Caching level

缓存级别

/home/dawiddutoit/projects/network/scripts/cf-settings.sh get cache_level


**Update setting:**

```bash

/home/dawiddutoit/projects/network/scripts/cf-settings.sh get cache_level


**更新设置：**

```bash

Set SSL to Full

将SSL设置为完全模式

/home/dawiddutoit/projects/network/scripts/cf-settings.sh set ssl full

Enable always HTTPS

启用始终使用HTTPS

/home/dawiddutoit/projects/network/scripts/cf-settings.sh set always_use_https on

Enable HTTP/3

启用HTTP/3

/home/dawiddutoit/projects/network/scripts/cf-settings.sh set http3 on


**Enable security suite:**

```bash

/home/dawiddutoit/projects/network/scripts/cf-settings.sh set http3 on


**启用安全套件：**

```bash

Enables: SSL Full, Always HTTPS, WAF

启用：SSL完全模式、始终HTTPS、WAF

/home/dawiddutoit/projects/network/scripts/cf-settings.sh enable-security


**Enable performance suite:**

```bash

/home/dawiddutoit/projects/network/scripts/cf-settings.sh enable-security


**启用性能套件：**

```bash

Enables: Brotli, HTTP/2, HTTP/3

启用：Brotli、HTTP/2、HTTP/3

/home/dawiddutoit/projects/network/scripts/cf-settings.sh enable-performance


**Purge cache:**

```bash

/home/dawiddutoit/projects/network/scripts/cf-settings.sh enable-performance


**清除缓存：**

```bash

Purge all cached files

清除所有缓存文件

/home/dawiddutoit/projects/network/scripts/cf-settings.sh purge-cache


**Enable development mode:**

```bash

/home/dawiddutoit/projects/network/scripts/cf-settings.sh purge-cache


**启用开发模式：**

```bash

Bypass cache for 3 hours

绕过缓存3小时

/home/dawiddutoit/projects/network/scripts/cf-settings.sh dev-mode on

Disable development mode

禁用开发模式

/home/dawiddutoit/projects/network/scripts/cf-settings.sh dev-mode off

undefined

/home/dawiddutoit/projects/network/scripts/cf-settings.sh dev-mode off

undefined

3.7 Dynamic DNS Updates

3.7 动态DNS更新

Scenario: Home internet IP changes, need to update DNS automatically.

Manual update:

bash

undefined

场景： 家庭网络IP变化，需要自动更新DNS记录。

手动更新：

bash

undefined

Get current public IP

获取当前公网IP

current_ip=$(curl -s https://api.ipify.org)

Update DNS record

更新DNS记录

/home/dawiddutoit/projects/network/scripts/cf-dns.sh update home.temet.ai $current_ip


**Automated script:**

```bash
#!/bin/bash

/home/dawiddutoit/projects/network/scripts/cf-dns.sh update home.temet.ai $current_ip


**自动化脚本：**

```bash
#!/bin/bash

/home/dawiddutoit/scripts/dynamic-dns-update.sh

source /home/dawiddutoit/projects/network/.env

Get current public IP

获取当前公网IP

current_ip=$(curl -s https://api.ipify.org)

Get DNS record IP

获取DNS记录IP

dns_ip=$(dig +short home.temet.ai @1.1.1.1)

Update if different

若不同则更新

if [ "$current_ip" != "$dns_ip" ]; then echo "IP changed: $dns_ip → $current_ip" /home/dawiddutoit/projects/network/scripts/cf-dns.sh update home.temet.ai $current_ip else echo "IP unchanged: $current_ip" fi


**Schedule with cron:**

```bash

if [ "$current_ip" != "$dns_ip" ]; then echo "IP changed: $dns_ip → $current_ip" /home/dawiddutoit/projects/network/scripts/cf-dns.sh update home.temet.ai $current_ip else echo "IP unchanged: $current_ip" fi


**通过cron定时执行：**

```bash

Edit crontab

编辑crontab

crontab -e

Check every 5 minutes

每5分钟检查一次

*/5 * * * * /home/dawiddutoit/scripts/dynamic-dns-update.sh >> /var/log/dynamic-dns.log 2>&1


**Notification on change:**

```bash
#!/bin/bash

*/5 * * * * /home/dawiddutoit/scripts/dynamic-dns-update.sh >> /var/log/dynamic-dns.log 2>&1


**IP变化时发送通知：**

```bash
#!/bin/bash

With notification

带通知功能

current_ip=$(curl -s https://api.ipify.org) dns_ip=$(dig +short home.temet.ai @1.1.1.1)

if [ "$current_ip" != "$dns_ip" ]; then /home/dawiddutoit/projects/network/scripts/cf-dns.sh update home.temet.ai $current_ip

Send notification (if ntfy configured)

if [ -n "$NTFY_TOPIC" ]; then curl -d "Home IP updated: $current_ip" https://ntfy.sh/$NTFY_TOPIC fi fi

undefined

current_ip=$(curl -s https://api.ipify.org) dns_ip=$(dig +short home.temet.ai @1.1.1.1)

if [ "$current_ip" != "$dns_ip" ]; then /home/dawiddutoit/projects/network/scripts/cf-dns.sh update home.temet.ai $current_ip

发送通知（若已配置ntfy）

if [ -n "$NTFY_TOPIC" ]; then curl -d "Home IP updated: $current_ip" https://ntfy.sh/$NTFY_TOPIC fi fi

undefined

Supporting Files

支持文件

File	Purpose
`references/reference.md`	Cloudflare API reference, authentication methods, record types
`scripts/cf-dns.sh`	DNS record management helper script
`scripts/cf-settings.sh`	Zone settings management helper script
`examples/examples.md`	Example API calls, automation scripts, common patterns

文件	用途
`references/reference.md`	Cloudflare API参考、认证方法、记录类型
`scripts/cf-dns.sh`	DNS记录管理辅助脚本
`scripts/cf-settings.sh`	区域设置管理辅助脚本
`examples/examples.md`	API调用示例、自动化脚本、常见模式

Expected Outcomes

预期结果

Success:

DNS records listed successfully
New records added and propagate within minutes
Existing records updated correctly
Deleted records removed from DNS
Zone settings applied successfully
Dynamic DNS updates working

Partial Success:

Records created but propagation slow (normal, wait 5-10 minutes)
Settings applied but not effective immediately (cache may need purging)

Failure Indicators:

Authentication failed (403 errors)
Zone ID not found
Record already exists (can't add duplicate)
Record not found (can't update/delete non-existent)

成功：

成功列出DNS记录
新记录已添加并在数分钟内完成全球同步
现有记录更新正确
已删除的记录从DNS中移除
区域设置应用成功
动态DNS更新正常工作

部分成功：

记录已创建但同步缓慢（正常现象，等待5-10分钟）
设置已应用但未立即生效（可能需要清除缓存）

失败迹象：

认证失败（403错误）
Zone ID未找到
记录已存在（无法添加重复记录）
记录不存在（无法更新/删除不存在的记录）

Requirements

要求

Cloudflare account with temet.ai domain
Cloudflare API token or Global API Key
Zone ID for temet.ai
curl and jq installed
.env file with credentials
Network access to Cloudflare API

拥有包含temet.ai域名的Cloudflare账户
Cloudflare API Token或全局API密钥
temet.ai的Zone ID
已安装curl和jq
包含凭证的.env文件
可访问Cloudflare API的网络环境

Red Flags to Avoid

需要避免的风险

Do not use Global API Key if API Token suffices (security best practice)
Do not commit API credentials to git (use .env)
Do not delete records without confirmation (irreversible)
Do not create duplicate records (causes DNS issues)
Do not enable proxy on internal IPs (192.168.x.x) - won't work
Do not set TTL < 60 seconds (Cloudflare minimum for free plans)
Do not purge cache frequently (rate limits apply)

若API Token满足需求，请勿使用全局API密钥（安全最佳实践）
请勿将API凭证提交到git（使用.env文件）
请勿未经确认删除记录（操作不可逆）
请勿创建重复记录（会导致DNS问题）
请勿对内部IP（192.168.x.x）启用代理（无法正常工作）
请勿将TTL设置为小于60秒（Cloudflare免费版最低限制）
请勿频繁清除缓存（存在速率限制）

Notes

注意事项

DNS propagation typically takes 1-5 minutes globally
Cloudflare proxied records (orange cloud) hide real IP
TTL of 1 means "Auto" (Cloudflare manages)
Free plan limits: 1000 DNS records per zone
API rate limits: 1200 requests per 5 minutes
cf-dns.sh and cf-settings.sh scripts located in
```
scripts/
```
directory
Use API Token over Global API Key (better security with scoped permissions)
Zone settings changes may require cache purge to take effect immediately
Dynamic DNS useful for home servers with changing IPs
Cloudflare DNS is authoritative after migration from GoDaddy
Use domain management system (
```
manage-domains.sh
```
) for service subdomains
Use this skill for one-off DNS operations or non-service records

DNS全球同步通常需要1-5分钟
Cloudflare代理记录（橙色云）会隐藏真实IP
TTL设为1表示“自动”（由Cloudflare管理）
免费版限制：每个区域最多1000条DNS记录
API速率限制：每5分钟1200次请求
cf-dns.sh和cf-settings.sh脚本位于
```
scripts/
```
目录
优先使用API Token而非全局API密钥（权限范围可控，安全性更高）
区域设置变更可能需要清除缓存才能立即生效
动态DNS对IP变化的家庭服务器非常有用
从GoDaddy迁移后，Cloudflare DNS成为权威DNS
服务子域名使用域名管理系统（
```
manage-domains.sh
```
）
该技能用于一次性DNS操作或非服务类记录

cloudflare-dns-operations

Original

Translation

Cloudflare DNS Operations Skill

Cloudflare DNS 操作技能

Quick Start

快速开始

Load environment variables

加载环境变量

List all DNS records

列出所有DNS记录

Add A record

添加A记录

Add CNAME record

添加CNAME记录

Update existing record

更新现有记录

Delete record

删除记录

Table of Contents

目录

When to Use This Skill

何时使用该技能

What This Skill Does

该技能的功能

Instructions

操作说明

3.1 Setup API Authentication

3.1 配置API认证

Edit .env

编辑.env文件

Add (using API Token - recommended):

添加（推荐使用API Token）：

Or using Global API Key:

或使用全局API密钥：

3.2 List DNS Records

3.2 列出DNS记录

List only A records

仅列出A记录

List only CNAME records

仅列出CNAME记录

3.3 Add DNS Records

3.3 添加DNS记录

Using direct API call

直接调用API

3.4 Update DNS Records

3.4 更新DNS记录

Step 1: Get record ID

步骤1：获取记录ID

Step 2: Update record

步骤2：更新记录

3.5 Delete DNS Records

3.5 删除DNS记录

Step 1: Get record ID

步骤1：获取记录ID

Step 2: Delete record

步骤2：删除记录

3.6 Manage Zone Settings

3.6 管理区域设置

SSL/TLS mode

SSL/TLS模式

Security level

安全级别

Caching level

缓存级别

Set SSL to Full

将SSL设置为完全模式

Enable always HTTPS

启用始终使用HTTPS

Enable HTTP/3

启用HTTP/3

Enables: SSL Full, Always HTTPS, WAF

启用：SSL完全模式、始终HTTPS、WAF

Enables: Brotli, HTTP/2, HTTP/3

启用：Brotli、HTTP/2、HTTP/3

Purge all cached files

清除所有缓存文件

Bypass cache for 3 hours

绕过缓存3小时

Disable development mode