Stats
Actions
Tags
Help us improve
Share bugs, ideas, or general feedback.
From cloudflare-dns
Manage Cloudflare DNS zones and records via Terraform in nexaedge/infrastructure. Auto-invoke when configuring a new domain, subdomain, DNS record, or zone. TRIGGER when: user mentions "DNS", "domain", "subdomain", "A record", "CNAME", "MX record", "TXT record", "SPF", "DKIM", "DMARC", "nameserver", "zone", "cloudflare", or needs to point a domain/subdomain to a service, IP, or Pages project. DO NOT TRIGGER when: user is asking about DNS concepts without wanting to make changes, or when working on non-NexaEdge infrastructure.
npx claudepluginhub nexaedge/nexaedge-marketplace --plugin cloudflare-dnsHow this skill is triggered — by the user, by Claude, or both
Slash command
/cloudflare-dns:cloudflare-dnsThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
You manage DNS zones and records for NexaEdge domains through Terraform — never through the Cloudflare dashboard or CLI.
Provisions Cloudflare infrastructure using OpenTofu/Terraform for zones, DNS records, WAF rules, SSL settings, Page Rules, and cache configurations.
Adds, updates, deletes, and lists DNS records (A, AAAA, CNAME, MX, TXT, SRV, CAA, NS) for Zeabur-registered domains via the Zeabur CLI.
Hits Cloudflare REST API for bulk/fleet ops: DNS records, custom hostnames, email routing, cache purge, WAF/redirect rules, D1 cross-DB queries, R2/KV bulk, Vectorize/Queues. Outputs curl/scripts.
Share bugs, ideas, or general feedback.
You manage DNS zones and records for NexaEdge domains through Terraform — never through the Cloudflare dashboard or CLI.
terraform plan or terraform apply locally. All Terraform operations go through GitHub Actions via PR.aws_iam_access_key resources. GitHub Actions uses OIDC federation.nexaedge/infrastructure repository under the cloudflare/ stack.~/code/nexaedge/infrastructure~/code/nexaedge/infrastructure/cloudflare/~/code/nexaedge/infrastructure/cloudflare/zone.tf~/code/nexaedge/infrastructure/cloudflare/pages.tf~/code/nexaedge/infrastructure/cloudflare/redirects.tfFollow these phases in order. Do NOT skip phases.
Clarify what the user needs:
If the request comes from another skill/agent with enough context, proceed without asking.
cd ~/code/nexaedge/infrastructure
git checkout main
git pull --rebase
Read the relevant Terraform files:
cloudflare/zone.tf to see existing zones and recordscloudflare/pages.tf if the domain points to a Cloudflare Pages projectcloudflare/redirects.tf if the domain needs redirect rulescloudflare/outputs.tf to see what nameserver outputs existIdentify if the zone already exists or needs to be created.
Create a new branch and make changes:
cd ~/code/nexaedge/infrastructure
git checkout -b dns/<descriptive-branch-name>
Add to cloudflare/zone.tf. Follow existing patterns exactly:
resource "cloudflare_zone" "<domain_identifier>" {
account = {
id = var.cloudflare_account_id
}
name = "example.com"
type = "full"
}
Naming convention: Replace dots with underscores, remove TLD separators. Examples:
nexaedge.com → nexaedge_comnexaedge.com.br → nexaedge_com_brexample.dev → example_devWhen adding a new zone, also add nameserver outputs in cloudflare/outputs.tf:
output "cloudflare_nameservers_<domain_identifier>" {
value = cloudflare_zone.<domain_identifier>.name_servers
}
Add to cloudflare/zone.tf grouped with the zone's other records. Follow existing patterns:
resource "cloudflare_dns_record" "<zone>_<name>_<type>" {
zone_id = cloudflare_zone.<zone>.id
name = "subdomain" # Use the subdomain part, or "@" for apex
type = "CNAME" # A, AAAA, CNAME, MX, TXT, etc.
content = "target.example.com"
ttl = 1 # 1 = automatic (when proxied), 300 for non-proxied
proxied = true # true for web traffic, false for MX/TXT/non-HTTP
}
Resource naming convention: <zone_identifier>_<record_description>_<type>
nexaedge_com_www_cname, nexaedge_com_mx, nexaedge_com_spf_txtCommon record patterns from existing config:
CNAME to Cloudflare Pages:
resource "cloudflare_dns_record" "<zone>_<sub>_cname" {
zone_id = cloudflare_zone.<zone>.id
name = "subdomain"
type = "CNAME"
content = "${cloudflare_pages_project.<project>.name}.pages.dev"
ttl = 1
proxied = true
}
MX record (Google Workspace):
resource "cloudflare_dns_record" "<zone>_mx" {
zone_id = cloudflare_zone.<zone>.id
name = "@"
type = "MX"
content = "smtp.google.com"
ttl = 300
priority = 1
}
SPF record:
resource "cloudflare_dns_record" "<zone>_spf_txt" {
zone_id = cloudflare_zone.<zone>.id
name = "@"
type = "TXT"
content = "v=spf1 include:_spf.google.com -all"
ttl = 300
}
DMARC record:
resource "cloudflare_dns_record" "<zone>_dmarc_txt" {
zone_id = cloudflare_zone.<zone>.id
name = "_dmarc"
type = "TXT"
content = "v=DMARC1; p=reject; rua=mailto:dmarc@example.com"
ttl = 300
}
Amazon SES verification:
resource "cloudflare_dns_record" "<zone>_ses_mx" {
zone_id = cloudflare_zone.<zone>.id
name = "@"
type = "MX"
content = "feedback-smtp.sa-east-1.amazonses.com"
ttl = 300
priority = 10
}
If the domain should serve a Cloudflare Pages project, add to cloudflare/pages.tf:
resource "cloudflare_pages_domain" "<project>_<domain_desc>" {
account_id = var.cloudflare_account_id
project_name = cloudflare_pages_project.<project>.name
domain = "subdomain.example.com"
}
If the domain needs HTTP redirects (e.g., www → apex, or alias domain → primary), add to cloudflare/redirects.tf:
resource "cloudflare_ruleset" "<zone>_redirects" {
zone_id = cloudflare_zone.<zone>.id
name = "<domain> redirects"
kind = "zone"
phase = "http_request_dynamic_redirect"
rules = [
{
action = "redirect"
action_parameters = {
from_value = {
status_code = 301
target_url = {
expression = "concat(\"https://target.example.com\", http.request.uri.path)"
}
}
}
expression = "(http.host eq \"source.example.com\")"
description = "Redirect source.example.com to target.example.com"
enabled = true
}
]
}
cd ~/code/nexaedge/infrastructure
git add cloudflare/zone.tf cloudflare/outputs.tf # and any other changed files
git commit -m "dns: add <description of what was added>"
git push -u origin dns/<branch-name>
gh pr create --title "dns: <short description>" --body "$(cat <<'EOF'
## Summary
- <what DNS changes were made>
## Terraform Changes
- <list of resources added/modified>
## Verification
After apply, verify records with:
dig
EOF
)"
terraform plan.gh pr checks <pr-number> --repo nexaedge/infrastructure --watch
gh api repos/nexaedge/infrastructure/pulls/<pr-number>/comments --jq '.[].body' | tail -1
If the plan shows errors or unexpected changes, help the user fix them (go back to Phase 3).
Once the user confirms the plan looks good:
gh pr merge <pr-number> --repo nexaedge/infrastructure --squash --delete-branch
This triggers the terraform-apply workflow on the main branch.
Monitor the apply workflow:
# Find the latest workflow run
gh run list --repo nexaedge/infrastructure --workflow terraform-apply.yml --limit 1
# Watch it
gh run watch <run-id> --repo nexaedge/infrastructure
If the apply fails, read the logs and help debug:
gh run view <run-id> --repo nexaedge/infrastructure --log-failed
After successful apply, verify the DNS records are live:
dig <domain> <record-type> +short
For new zones, also output the nameservers the user needs to configure at their registrar:
dig <domain> NS +short
Tell the user:
~> 5.0 — check the provider docs if unsure about resource schema.pages.tf and possibly redirect rules in redirects.tf.