Cloudflare and DNSSEC

This website is now on Cloudflare as of 2018-08-02, so we will get some idea of any performance gains and whether there are any limitations compared to using a single origin web server. The free plan does not offer any local (to me) Australian edge servers which freaked me out the first time I tried Cloudflare a few years ago. My pings time to this server went from 20ms up to about 170ms before I found out about the limitation of no AU cache servers on the free plan.

Cloudflare dashboard for markc.blog

However, the DNS results from https://tools.keycdn.com/ping assures me that DNS lookup is much faster in general from around the world. I’m not too impressed with the actual FTTB (First Time To Byte) load time via Cloudflare though. Delivery from my own nginx server is a little faster than from Cloudflare, but then it’s hard to compete with the reach of 200 points of presence around the world compared to a single web server in Sydney.

Note to self: Don’t forget to remove any DNSSEC DS records from a domains upstream Registrar BEFORE trying to transfer that domains Full DNS hosting to Cloudflare.