DNS Migration to Cloudflare

When you add your domain to Cloudflare, all DNS management moves from cPanel to the Cloudflare dashboard. This guide covers how to properly migrate your DNS records to ensure nothing breaks — especially email.

Step 1: Export Your Current DNS Records

Before making any changes, document your existing DNS configuration so you have a reference to compare against.

Log into cPanel on your Ultra Web Hosting account.
Go to Domains → Zone Editor.
Click Manage next to your domain.
You will see a full list of all DNS records for your domain. Take a screenshot or copy this list — you will need it to verify that Cloudflare imported everything correctly.

Tip Pay special attention to any custom records you or your web developer may have added, such as TXT records for domain verification (Google Search Console, Microsoft 365), SRV records for specific services, or CNAME records for third-party integrations. Cloudflare's automatic scan sometimes misses these.

Step 2: Review Cloudflare's Imported Records

When you add your domain to Cloudflare, it performs an automatic DNS scan and imports the records it finds. After the scan completes, you will see a list of all imported records. Compare this list against your cPanel Zone Editor export and verify the following:

A Records

These point your domain and subdomains to your server's IP address. You should see at minimum:

yourdomain.com → Your Ultra Web Hosting server IP (e.g., 198.51.100.25)
www.yourdomain.com → Same server IP, or a CNAME pointing to yourdomain.com

CNAME Records

These are aliases that point one hostname to another. Common CNAME records include:

www → yourdomain.com
webmail → yourdomain.com
cpanel → yourdomain.com
webdisk → yourdomain.com

MX Records (Critical for Email)

MX records tell the internet where to deliver email for your domain. If you are using Ultra Web Hosting's email service, you should have:

yourdomain.com → MX → mail.yourdomain.com (priority 0)

If you are using a third-party email service like Google Workspace or Microsoft 365, your MX records will point to their servers instead. Make absolutely sure these are present in Cloudflare.

Warning If MX records are missing or incorrect after switching to Cloudflare, email will stop working. Incoming messages will bounce, and you will not receive any error notification — the emails simply will not arrive. Always verify MX records are present and correct before switching your nameservers to Cloudflare.

TXT Records

TXT records are used for email authentication and domain verification. Key TXT records to verify:

SPF record — Usually looks like v=spf1 +a +mx +ip4:198.51.100.25 ~all. This tells receiving mail servers which servers are authorized to send email for your domain.
DKIM record — A long TXT record at default._domainkey.yourdomain.com used to cryptographically sign outgoing email.
DMARC record — Found at _dmarc.yourdomain.com, this tells receiving servers what to do with emails that fail SPF or DKIM checks.

If any of these are missing, your email deliverability will suffer and messages may end up in spam folders. See DKIM & SPF Records for more details.

Step 3: Understand Proxy Status (Orange Cloud vs Grey Cloud)

One of Cloudflare's most important concepts is the proxy status of each DNS record. In the Cloudflare dashboard, each A and CNAME record has a cloud icon that is either orange or grey:

Orange Cloud (Proxied)

Traffic flows through Cloudflare's network before reaching your server. This enables:

CDN caching of static assets
DDoS protection
Cloudflare's SSL/TLS
Web Application Firewall
Performance optimization
Your server's real IP address is hidden from visitors

Use proxied (orange cloud) for: Your main domain's A record, www CNAME, and any subdomains that serve web content.

Grey Cloud (DNS Only)

Cloudflare simply responds with the IP address — traffic goes directly to your server without passing through Cloudflare. No CDN, no DDoS protection, no caching. The record works exactly like a traditional DNS entry.

Use DNS only (grey cloud) for: Records that need direct connections to your server, particularly those related to email and FTP.

Step 4: Set Correct Proxy Status for Each Record

Getting the proxy status right is essential. Here is a reference for common records:

Records That Should Be Proxied (Orange Cloud)

yourdomain.com (A record) — Your main website
www (CNAME or A record) — Your www subdomain
Any subdomain that serves a website (e.g., blog, shop, app)

Records That MUST Be DNS Only (Grey Cloud)

mail (A record) — Must be grey cloud. Email servers connect directly on ports 25, 465, 587, and 993, which Cloudflare does not proxy. If this is orange, email connections will fail.
ftp (A or CNAME record) — Must be grey cloud. FTP uses ports 21 and passive ports that Cloudflare does not support. Proxying this will break FTP access.
cpanel (A or CNAME record) — Should be grey cloud if you access cPanel via cpanel.yourdomain.com.
webmail (A or CNAME record) — Should be grey cloud if you access webmail via webmail.yourdomain.com.
webdisk (A or CNAME record) — Should be grey cloud.

Warning MX records themselves do not have a proxy toggle — they are always DNS only. However, MX records typically point to mail.yourdomain.com, which is an A record. That mail A record must be set to DNS only (grey cloud). If you proxy it, the MX lookup will resolve to a Cloudflare IP instead of your mail server, and all incoming email will fail silently. This is the most common cause of email breaking after a Cloudflare migration.

Step 5: Verify After Migration

After switching your nameservers to Cloudflare and waiting for propagation, verify that everything is working correctly:

Check your website — Visit your domain in a browser and make sure the site loads correctly. Check for mixed content warnings or redirect loops.
Test email — Send a test email to and from your hosting email accounts. Check that both sending and receiving work.
Verify DNS records — Use tools.ultrawebhosting.com/dns-report to run a full DNS report on your domain. This will show you all active records and help you spot anything missing.
Test FTP — If you use FTP, connect using your FTP client to make sure it still works. Use your server's IP address or the ftp subdomain (which should be DNS only).
Check cPanel access — Make sure you can still access cPanel. If cpanel.yourdomain.com does not work, you can always access cPanel directly via yourdomain.com:2083 or through the Client Area.

Tip After migrating, run a DNS report at tools.ultrawebhosting.com/dns-report to get a complete overview of your domain's DNS configuration. This tool will show all record types, nameservers, and propagation status in one view — making it easy to spot missing or incorrect records.

Common Migration Mistakes

Here are the most frequent issues we see when clients migrate DNS to Cloudflare:

Proxying the mail subdomain — This breaks email. Always set the mail A record to DNS only (grey cloud).
Missing MX records — Cloudflare's scan occasionally misses MX records. If email stops working, check for missing MX records first.
Missing TXT records — SPF, DKIM, and DMARC records may not be imported. Without them, your outgoing email is more likely to be flagged as spam.
Wrong A record IP — If the A record points to an old server IP instead of your Ultra Web Hosting server, your site will not load. Double-check the IP matches what is shown in cPanel under Server Information.
Switching nameservers before verifying records — Always verify all records are correct in Cloudflare before changing nameservers at your registrar. Once you switch, Cloudflare becomes the authoritative DNS, and any missing records will immediately cause problems.