Export_DNS/Cloudflare/README.md

# Cloudflare DNS Export Script

This script automates exporting DNS records for all zones in a Cloudflare account.  
It uses the Cloudflare **API Token** authentication method (recommended for security).  

Each run saves the DNS export of every zone into an `export/` folder, with filenames containing the zone name and a timestamp.

---

## 📦 Requirements

- **bash** (any modern Linux/macOS environment will work)
- **curl**
- **jq** (for parsing JSON)

Install `jq` if you don’t already have it:

```bash
# Ubuntu/Debian
sudo apt install jq -y

# macOS (Homebrew)
brew install jq
```

---

## ⚙️ Setup

1. Clone or copy these files:
   - `export_dns_cloudflare.sh`  
   - `config.conf`  

2. Edit the `config.conf` file and add your **Cloudflare API Token**:

```bash
# config.conf
CLOUDFLARE_API_TOKEN=your_api_token_here
```

> 🔑 When creating your API Token in Cloudflare Dashboard, give it at least:
> - **Zone: Read**  
> - **DNS: Read**  

---

## ▶️ Usage

Make the script executable:

```bash
chmod +x export_dns_cloudflare.sh
```

Run the script:

```bash
./export_dns_cloudflare.sh
```

---

## 📂 Output

- All exports are saved into the `export/` folder.  
- Each export is a plain text file containing the zone’s DNS records in BIND format.  
- Filenames follow the format:

```
export/<zone_name>_<YYYYMMDD>_<HHMMSS>.txt
```

Example:

```
export/example.com_20250825_153012.txt
export/testdomain.net_20250825_153015.txt
```

---

## 🔒 Security Notes

- Never commit `config.conf` (it contains your API token).  
- Limit API token permissions to the minimum required (Zone:Read, DNS:Read).  
- Rotate API tokens periodically for best security practices.  

---

## ✅ Example Workflow

```bash
# 1. Configure your token
echo 'CLOUDFLARE_API_TOKEN=abc123xyz...' > config.conf

# 2. Run the export
./export_dns_cloudflare.sh

# 3. Check the export folder
ls export/
```

---

## 🛠 Troubleshooting

- **Empty export files?**  
  Ensure your API Token has the correct permissions (Zone:Read, DNS:Read).  

- **Script fails with `jq: command not found`?**  
  Install `jq` as shown above.  

- **Only some zones exported?**  
  Check the API Token’s scope. If it was created for a specific zone, it won’t return all zones.  
  Create a token scoped for “All zones - Read” to export everything.
-												Updated the script so you no longer need to specify zones. The zones will be looked up against the account and it will pull down and zones into seperate config files. This means that the config file now only needs one API key from the account that has Zone:Read and DNS:Read permissions.

											
										
										
											2025-08-25 20:17:15 +00:00
+								# Cloudflare DNS Export Script
-												Added files

											
										
										
											2024-06-22 20:58:00 +00:00
-												Updated the script so you no longer need to specify zones. The zones will be looked up against the account and it will pull down and zones into seperate config files. This means that the config file now only needs one API key from the account that has Zone:Read and DNS:Read permissions.

											
										
										
											2025-08-25 20:17:15 +00:00
+								This script automates exporting DNS records for all zones in a Cloudflare account.
 								It uses the Cloudflare **API Token** authentication method (recommended for security).
 								Each run saves the DNS export of every zone into an `export/` folder, with filenames containing the zone name and a timestamp.
 								---
 								## 📦 Requirements
 								- **bash** (any modern Linux/macOS environment will work)
 								- **curl**
 								- **jq** (for parsing JSON)
 								Install `jq` if you don’t already have it:
 								```bash
 								# Ubuntu/Debian
 								sudo apt install jq -y
 								# macOS (Homebrew)
 								brew install jq
-												Added files

											
										
										
											2024-06-22 20:58:00 +00:00
+								```
-												Updated the script so you no longer need to specify zones. The zones will be looked up against the account and it will pull down and zones into seperate config files. This means that the config file now only needs one API key from the account that has Zone:Read and DNS:Read permissions.

											
										
										
											2025-08-25 20:17:15 +00:00
 								---
 								## ⚙️ Setup
 . Clone or copy these files:
-												Fixed README.md

											
										
										
											2025-08-25 20:18:33 +00:00
+								   - `export_dns_cloudflare.sh`
-												Updated the script so you no longer need to specify zones. The zones will be looked up against the account and it will pull down and zones into seperate config files. This means that the config file now only needs one API key from the account that has Zone:Read and DNS:Read permissions.

											
										
										
											2025-08-25 20:17:15 +00:00
+								   - `config.conf`
 . Edit the `config.conf` file and add your **Cloudflare API Token**:
 								```bash
 								# config.conf
 								CLOUDFLARE_API_TOKEN=your_api_token_here
-												Added files

											
										
										
											2024-06-22 20:58:00 +00:00
+								```
-												Updated the script so you no longer need to specify zones. The zones will be looked up against the account and it will pull down and zones into seperate config files. This means that the config file now only needs one API key from the account that has Zone:Read and DNS:Read permissions.

											
										
										
											2025-08-25 20:17:15 +00:00
+								> 🔑 When creating your API Token in Cloudflare Dashboard, give it at least:
 								> - **Zone: Read**
 								> - **DNS: Read**
 								---
 								## ▶️ Usage
 								Make the script executable:
 								```bash
-												Fixed the README.md again

											
										
										
											2025-08-25 20:19:15 +00:00
+								chmod +x export_dns_cloudflare.sh
-												Updated the script so you no longer need to specify zones. The zones will be looked up against the account and it will pull down and zones into seperate config files. This means that the config file now only needs one API key from the account that has Zone:Read and DNS:Read permissions.

											
										
										
											2025-08-25 20:17:15 +00:00
+								```
 								Run the script:
 								```bash
-												Fixed README.md

											
										
										
											2025-08-25 20:18:33 +00:00
+								./export_dns_cloudflare.sh
-												Added files

											
										
										
											2024-06-22 20:58:00 +00:00
+								```
-												Updated the script so you no longer need to specify zones. The zones will be looked up against the account and it will pull down and zones into seperate config files. This means that the config file now only needs one API key from the account that has Zone:Read and DNS:Read permissions.

											
										
										
											2025-08-25 20:17:15 +00:00
+								---
 								## 📂 Output
 								- All exports are saved into the `export/` folder.
 								- Each export is a plain text file containing the zone’s DNS records in BIND format.
 								- Filenames follow the format:
-												Added files

											
										
										
											2024-06-22 20:58:00 +00:00
+								```
-												Updated the script so you no longer need to specify zones. The zones will be looked up against the account and it will pull down and zones into seperate config files. This means that the config file now only needs one API key from the account that has Zone:Read and DNS:Read permissions.

											
										
										
											2025-08-25 20:17:15 +00:00
+								export/<zone_name>_<YYYYMMDD>_<HHMMSS>.txt
 								```
 								Example:
-												Added files

											
										
										
											2024-06-22 20:58:00 +00:00
-												Updated Readme.md

											
										
										
											2024-06-22 21:01:59 +00:00
+								```
-												Updated the script so you no longer need to specify zones. The zones will be looked up against the account and it will pull down and zones into seperate config files. This means that the config file now only needs one API key from the account that has Zone:Read and DNS:Read permissions.

											
										
										
											2025-08-25 20:17:15 +00:00
+								export/example.com_20250825_153012.txt
 								export/testdomain.net_20250825_153015.txt
-												Updated Readme.md

											
										
										
											2024-06-22 21:01:59 +00:00
+								```
-												Updated the script so you no longer need to specify zones. The zones will be looked up against the account and it will pull down and zones into seperate config files. This means that the config file now only needs one API key from the account that has Zone:Read and DNS:Read permissions.

											
										
										
											2025-08-25 20:17:15 +00:00
 								---
 								## 🔒 Security Notes
 								- Never commit `config.conf` (it contains your API token).
 								- Limit API token permissions to the minimum required (Zone:Read, DNS:Read).
 								- Rotate API tokens periodically for best security practices.
 								---
 								## ✅ Example Workflow
 								```bash
 								# 1. Configure your token
 								echo 'CLOUDFLARE_API_TOKEN=abc123xyz...' > config.conf
 								# 2. Run the export
-												Fixed README.md

											
										
										
											2025-08-25 20:18:33 +00:00
+								./export_dns_cloudflare.sh
-												Updated the script so you no longer need to specify zones. The zones will be looked up against the account and it will pull down and zones into seperate config files. This means that the config file now only needs one API key from the account that has Zone:Read and DNS:Read permissions.

											
										
										
											2025-08-25 20:17:15 +00:00
 								# 3. Check the export folder
 								ls export/
 								```
 								---
 								## 🛠 Troubleshooting
 								- **Empty export files?**
 								  Ensure your API Token has the correct permissions (Zone:Read, DNS:Read).
 								- **Script fails with `jq: command not found`?**
 								  Install `jq` as shown above.
 								- **Only some zones exported?**
 								  Check the API Token’s scope. If it was created for a specific zone, it won’t return all zones.
 								  Create a token scoped for “All zones - Read” to export everything.