Google Domains Migration to Cloudflare

1

Google Domain as a service is going away and users are being migrated to Squarespace. Unfortunately, Squarespace lacks a DDNS solution to have your domain name follow your dynamic WAN address which so many self-hosted home labs require. In this tutorial, I take you step by step in moving from Google Domains to Cloudflare and how to use the Cloudflare API to have your domain name follow your dynamic WAN address.

Most of this video applies to moving from any DNS Provider to Cloudflare and Cloudflare has a lot of compelling great features.

To start with, navigate to Cloudflare in your web browser and select the “sign up” option.

https://www.cloudflare.com/

image
image1590×778 127 KB

Choose the “Free” plan which is best for those who self-host by clicking “add a website”:

image
image1589×775 143 KB

At the next screen, provide an email address and a password for your account.

image
image1586×766 68.7 KB

You will then be signed in and you will get the screen below:

image
image1588×748 153 KB

Click on “Explore all Products” and then click “Get started” on the screen below.

image
image1586×574 69.7 KB

Enter the domain name that you have hosted on Google or another domain provider on the screen below:

image
image1589×770 119 KB

On the screen below scroll down to the bottom and choose the “Free” option plan as shown in the following screenshot.

image
image1582×786 123 KB

The next screen below comes up and optionally lets you import DNS records which we do not need to do.

image
image1589×683 98 KB

Click continue and confirm that you want to add DNS records later.

image

The next screen says that your domain is not on Cloudflare yet and that you have to update the nameservers at your current registrar. So, the purpose of this is that it is possible to use many Cloudflare services for free even if you have another DNS provider.

In our case with Google Domains/Squarespace we need to set these DNS records up because it is a requirement before our domain can be moved to Cloudflare.

Note in the following screenshot that Cloudflare assigns you two Cloudflare nameservers that you need to add to your Google Domains.

image
image1581×749 142 KB

So, you will want to copy these nameserver addresses (yours may differ):

image
image694×224 52.9 KB

Let’s take a detour and set up Two-Factor Autentication on your Cloudflare account because I believe that security is of utmost importance on your DNS Provider. I use a Yubico USB hardware key which provides increased security over a time based one time password (TOTP) that many people opt for.

Go to the upper right-hand corner of your CloudFlare screen and select “My Profile” and choose "Authentication from the left menu and you will see the screen below.

image
image1589×494 65.5 KB

Setup two factor authentication.

image
image1583×512 61.2 KB

When adding a security key, you will be prompted again for your Cloudflare password.

image
image1583×402 61.6 KB

Once you authenticate with your security key, you are asked to name the key just for your own understanding.

image
image1583×412 60 KB

You will be given recovery codes which you need to save and you will be prompted for your password once more and then your 2FA setup is complete.

image
image1582×343 67.2 KB

Security is important. Don’ t skip the above steps.
Your 2FA now shows as enabled.

image
image1579×434 53.1 KB

Now we want to add the Cloudflare nameservers to your Google Domains account. To do this, copy the nameservers from Cloudflare we mentioned earlier.

image

Now open another tab in your web browser to Google Domains:

https://domains.google.com/

When you login to Google Domains, go to manage your domain, then DNS and then "Custom Name Servers. My example follows. Your Cloudflare nameservers may differ. Once you enter the nameservers, click on SAVE.

image
image1586×789 143 KB

To activate these new settings, you must Click on “Switch to these settings”.

image
image871×121 19 KB

Now, when you go back to your Cloudflare Home page for your site it will say that it is pending a nameserver update. In my experience, this took 5-10 minutes.

image
image1575×735 99.6 KB

This must complete before we can transfer our domain.

Once the new nameservers are in effect, the screen will look as follows.

image
image1573×715 102 KB

When you click on your domain, it will say that Cloudflare is now protecting your site, but the domain is still hosted at Google Domains.

image
image1568×777 120 KB

Now, we can go back to the top level of the menu you you will see the Domain Registration option.

image
image1572×644 112 KB

Click “Transfer Domains” and you will see a screen like befow.

image
image1568×646 121 KB

Notice the Registry status indicating that we need to unlock the domain.

Go over to your Google Domains tab in your web browser and enter the registration setttings and unlock the domain as shown below.

image
image1566×777 113 KB

After about 15 minutes, my “Transfer Domains” indicated that I have my domain ready to transfer. It also asked me to add a payment option as the next step.

image
image1573×666 145 KB

Now, you will see that your domain is ready for transfer.

image
image1561×773 163 KB

Scroll down and “Confirm” and you will see the next screen.

image
image1577×676 129 KB

You now need an authorization code for the transfer from Google domains and so go back to the Google Domains tab.

image
image1579×760 115 KB

Click “Get auth code” next to the Transfer out option on the screen above. You will have to provide your Google password in this process.

Now you are provided a transfer code which you should keep secret. Copy the transfer code.

image
image1573×782 143 KB

Go back to the Cloudflare screen and paste the transfer code into the indicated field and click “Confirm and Proceed” as shown below:

image
image1573×675 129 KB

Finally, you will be asked to enter the contact information for the registering of the domain and then once you click “Confirm and Finalize Transfer” the process is initiated.

image
image1573×774 186 KB

Before the transfer actually takes place, you will get an email from Google Domains which prompts you to either “Cancel or Approve Transfer” and that’s the last step.

Here’s an example of what that email looks like.

image
image647×687 60.9 KB

A few minutes after your transfer takes place, your domain will be active on Cloudflare and the domain will vanish from Google Domains. Google has no options for creating a new Domain and so they point you to Squarespace.

image
image1577×769 99.1 KB

You will get confirmation emails from both Google Domains and from Cloudflare indicating the transfer.

The rest of this document is about how to handle a changing WAN address at your ISP.

Cloudflare doesn’t have DDNS A-Records like Google Domains. With DDNS, you use a DDNS client on your network that makes adjustments to your DDNS A record for your domain at your domain service provider.

Cloudflare uses an application programming interface (API) to make changes to records in the Cloudflare DNS.

So, after your domain is transferred, you will probably see a standard A record for your domain. You will hopefully see your other DNS records like CNAME records or MX records that should have been ported from Google Domains to Cloudflare.

Check and verify that everything moved. I had 12 of my CNAME rcords move and the other 35 or so just vanished. So, be sure to audit your results.

Cloudflare supports “proxied” records. Not all self-hosted services work properly with Cloudflare proxies. Your mileage may verify. For now, I am not using proxies.

image
image1575×690 126 KB

On the Cloudflare website, go to “My Profile” and choose the "API Tokens option.

image
image1571×627 65 KB

Click “Create Token” and scroll down to the bottom and choose “Custom Token”.

image
image1572×724 98.5 KB

You will see the custom API token screen.

image
image1574×675 79.4 KB

Give your token a name and add the following three permissions as detailed in the video.

Cloudflare-API Token
Cloudflare-API Token1906×592 42.9 KB

Once you save your API token, it gives you the option to test it with a curl command. Be sure to save the API key someplace safe because you can’t access it after this.

Now that we have a Cloudflare API token, we need a way to use it. What follows is a description of a simple docker container that you can configure on your network that will watch for changes to your ISP WAN address and when a change is noticed the API will be called to change your domain A record at Cloudflare.

You can use an existing docker server to host this application. For my regular subscribers, I recommend a LXD container in which we will nest the docker application. To create the container on your LXD host:

lxc launch ubuntu:22.04 Cloudflare --profile default --profile Bridged-MAIN -c boot.autostart=true -c security.nesting=true

Connect to your new container:

lxc shell Cloudflare

The commands that follow show how to install docker and the Cloudflare API app on any system.

Add a user account and grant it sudo privilege.

adduser scott
usermod -aG sudo scott

Install docker and docker-compose

curl -sSL https://get.docker.com | sh
apt install docker-compose -y

Put my user account in the docker group:

usermod -aG docker scott

Move over to the scott account into the scott home folder:

su - scott

Make a folder to put our docker application and move into it.

mkdir dns
cd dns

Edit the docker-compose file:

nano docker-compose.yml

Insert the following into the file and modify the API key to be the key you copied earlier and also modify the ZONE to be your domain name:

version: '2'
services:
  cloudflare-api:
    image: oznu/cloudflare-ddns:latest
    restart: always
    environment:
      - API_KEY=My-API-Key
      - ZONE=mydomain.com
      - SUBDOMAIN=

Save the File with CTRL O and Enter and exit the nano editor with CTRL X.

Start the docker application.

docker compose up -d

Verify that the application is working by examining the log.

docker compose logs -f

The most common reason for this failing is that either your API key is wrong or your domain name A record doesn’t exist on Cloudflare.