About the author

Jay Holtslander is the Technical Director at Skunkworks Creative Group. Prior to joining Skunkworks he was a CompTIA certified owner/operator of an I.T. services firm, and more recently founded Canada's first PCTIA accredited coding school. Jay's has been working with the internet since 1995 and his first computer was a Tandy TRS-80 Color that had cassette tapes for a hard drive.


If you’re new to or unfamiliar with Cloudflare here are some things you should know that may affect you.

  • Skunkworks recommends a firm have their own Cloudflare account in their name.
  • DNS changes made in Cloudflare are near instant and have zero propagation time. This can be a big change to those accustomed to waiting several hours to see DNS changes kick in. When you make a change. It is global within seconds.
  • Enabling 2FA in Cloudflare will allow mutual secure access to the Cloudflare dashboard between you (the IT provider) and Skunkworks.
  • The Super Admin/Account holder (our mutual client) has full UAC.
  • Cloudflare is an http proxy and will mask the origin IP of any records that has the Orange cloud icon turned on. This is part of the DDOS protection Cloudflare provides. If the cloud icon is off/grey for the record, the true IP at the other end is discoverable. Skunkworks does not reccomend using an A record of "ftp.[domainname.ca]" instead the connection should be made to the true origin IP address.
  • FTP connections for the web server are disabled and SFTP is required to connect. (Port 22)
  • In order to make use of Cloudflare’s free SSL for a subdomain, Enabling the http proxy (Orange cloud) is required. If Cloudflare’s assignment for a particular DNS record is DNS only (Grey cloud/http proxy off) SSL is not available.
  • It’s important to not enable any Cloudflare features you may not be familiar with as they have the potential to break a website. Particularly the Speed / Rocket Loader feature which alters Javascript and usually breaks websites.
  • Cloudflare has a built in CDN that works automagically behind the scenes. Web content is cached for any resource that passes through a http proxy enabled DNS record (Orange cloud). If you need to manually flush Cloudflare’s cache from the CDN, proceed to this screen in Cloudflare’s dashboard (https://www.cloudflare.com/a/caching/[domainname.ca]), click the "Purge everything" button, and wait a few seconds before refreshing your browser. The Cloudflare plugin for Wordpress makes use of the Cloudflare account’s API key to negate this manual flush requirement.
  • Cloudflare’s Firewall rules can be managed at: https://www.cloudflare.com/a/firewall/[domainname.ca]. You should whitelist known IP addresses here to prevent troubles.
  • Cloudflare introduces some new custom http/https status codes for the domain that are Cloudflare specific. These include:
    • 521 Error - The Server is not responding. Rebooting? Powered off? Crashed? Skunkworks will be aware of this issue for the domain's website.
    • 524 Error - Timeout. The server isn’t responding. It likely needs rebooting. Skunkworks will be aware of this issue. A complete list of Cloudflare IP addresses can be found here.


When done correctly, the switch of Nameservers is seamless and causes no service disruptions.