phil/Export_DNS
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
44c7ea4b64
Export_DNS/Cloudflare/README.md

116 lines
2.3 KiB
Markdown
Raw Normal View History

Updated the script so you no longer need to specify zones. The zones will be looked up against the account and it will pull down and zones into seperate config files. This means that the config file now only needs one API key from the account that has Zone:Read and DNS:Read permissions.
2025-08-25 20:17:15 +00:00
# Cloudflare DNS Export Script
Added files
2024-06-22 20:58:00 +00:00
Updated the script so you no longer need to specify zones. The zones will be looked up against the account and it will pull down and zones into seperate config files. This means that the config file now only needs one API key from the account that has Zone:Read and DNS:Read permissions.
2025-08-25 20:17:15 +00:00
This script automates exporting DNS records for all zones in a Cloudflare account.
It uses the Cloudflare **API Token** authentication method (recommended for security).
Each run saves the DNS export of every zone into an `export/` folder, with filenames containing the zone name and a timestamp.
---
## 📦 Requirements
- **bash** (any modern Linux/macOS environment will work)
- **curl**
- **jq** (for parsing JSON)
Install `jq` if you dont already have it:
```bash
# Ubuntu/Debian
sudo apt install jq -y
# macOS (Homebrew)
brew install jq
Added files
2024-06-22 20:58:00 +00:00
```
Updated the script so you no longer need to specify zones. The zones will be looked up against the account and it will pull down and zones into seperate config files. This means that the config file now only needs one API key from the account that has Zone:Read and DNS:Read permissions.
2025-08-25 20:17:15 +00:00
---
## ⚙️ Setup
1. Clone or copy these files:
- `import_dns_records.sh`
- `config.conf`
2. Edit the `config.conf` file and add your **Cloudflare API Token**:
```bash
# config.conf
CLOUDFLARE_API_TOKEN=your_api_token_here
Added files
2024-06-22 20:58:00 +00:00
```
Updated the script so you no longer need to specify zones. The zones will be looked up against the account and it will pull down and zones into seperate config files. This means that the config file now only needs one API key from the account that has Zone:Read and DNS:Read permissions.
2025-08-25 20:17:15 +00:00
> 🔑 When creating your API Token in Cloudflare Dashboard, give it at least:
> - **Zone: Read**
> - **DNS: Read**
---
## ▶️ Usage
Make the script executable:
```bash
chmod +x import_dns_records.sh
```
Run the script:
```bash
./import_dns_records.sh
Added files
2024-06-22 20:58:00 +00:00
```
Updated the script so you no longer need to specify zones. The zones will be looked up against the account and it will pull down and zones into seperate config files. This means that the config file now only needs one API key from the account that has Zone:Read and DNS:Read permissions.
2025-08-25 20:17:15 +00:00
---
## 📂 Output
- All exports are saved into the `export/` folder.
- Each export is a plain text file containing the zones DNS records in BIND format.
- Filenames follow the format:
Added files
2024-06-22 20:58:00 +00:00
```
Updated the script so you no longer need to specify zones. The zones will be looked up against the account and it will pull down and zones into seperate config files. This means that the config file now only needs one API key from the account that has Zone:Read and DNS:Read permissions.
2025-08-25 20:17:15 +00:00
export/<zone_name>_<YYYYMMDD>_<HHMMSS>.txt
```
Example:
Added files
2024-06-22 20:58:00 +00:00
Updated Readme.md
2024-06-22 21:01:59 +00:00
```
Updated the script so you no longer need to specify zones. The zones will be looked up against the account and it will pull down and zones into seperate config files. This means that the config file now only needs one API key from the account that has Zone:Read and DNS:Read permissions.
2025-08-25 20:17:15 +00:00
export/example.com_20250825_153012.txt
export/testdomain.net_20250825_153015.txt
Updated Readme.md
2024-06-22 21:01:59 +00:00
```
Updated the script so you no longer need to specify zones. The zones will be looked up against the account and it will pull down and zones into seperate config files. This means that the config file now only needs one API key from the account that has Zone:Read and DNS:Read permissions.
2025-08-25 20:17:15 +00:00
---
## 🔒 Security Notes
- Never commit `config.conf` (it contains your API token).
- Limit API token permissions to the minimum required (Zone:Read, DNS:Read).
- Rotate API tokens periodically for best security practices.
---
## ✅ Example Workflow
```bash
# 1. Configure your token
echo 'CLOUDFLARE_API_TOKEN=abc123xyz...' > config.conf
# 2. Run the export
./import_dns_records.sh
# 3. Check the export folder
ls export/
```
---
## 🛠 Troubleshooting
- **Empty export files?**
Ensure your API Token has the correct permissions (Zone:Read, DNS:Read).
- **Script fails with `jq: command not found`?**
Install `jq` as shown above.
- **Only some zones exported?**
Check the API Tokens scope. If it was created for a specific zone, it wont return all zones.
Create a token scoped for “All zones - Read” to export everything.
Reference in New Issue Copy Permalink