# Cloudflare DNS Export Script This script automates exporting DNS records for all zones in a Cloudflare account. It uses the Cloudflare **API Token** authentication method (recommended for security). Each run saves the DNS export of every zone into an `export/` folder, with filenames containing the zone name and a timestamp. --- ## 📦 Requirements - **bash** (any modern Linux/macOS environment will work) - **curl** - **jq** (for parsing JSON) Install `jq` if you don’t already have it: ```bash # Ubuntu/Debian sudo apt install jq -y # macOS (Homebrew) brew install jq ``` --- ## ⚙️ Setup 1. Clone or copy these files: - `export_dns_cloudflare.sh` - `config.conf` 2. Edit the `config.conf` file and add your **Cloudflare API Token**: ```bash # config.conf CLOUDFLARE_API_TOKEN=your_api_token_here ``` > 🔑 When creating your API Token in Cloudflare Dashboard, give it at least: > - **Zone: Read** > - **DNS: Read** --- ## ▶️ Usage Make the script executable: ```bash chmod +x import_dns_records.sh ``` Run the script: ```bash ./export_dns_cloudflare.sh ``` --- ## 📂 Output - All exports are saved into the `export/` folder. - Each export is a plain text file containing the zone’s DNS records in BIND format. - Filenames follow the format: ``` export/__.txt ``` Example: ``` export/example.com_20250825_153012.txt export/testdomain.net_20250825_153015.txt ``` --- ## 🔒 Security Notes - Never commit `config.conf` (it contains your API token). - Limit API token permissions to the minimum required (Zone:Read, DNS:Read). - Rotate API tokens periodically for best security practices. --- ## ✅ Example Workflow ```bash # 1. Configure your token echo 'CLOUDFLARE_API_TOKEN=abc123xyz...' > config.conf # 2. Run the export ./export_dns_cloudflare.sh # 3. Check the export folder ls export/ ``` --- ## 🛠 Troubleshooting - **Empty export files?** Ensure your API Token has the correct permissions (Zone:Read, DNS:Read). - **Script fails with `jq: command not found`?** Install `jq` as shown above. - **Only some zones exported?** Check the API Token’s scope. If it was created for a specific zone, it won’t return all zones. Create a token scoped for “All zones - Read” to export everything.