Secondary DNS Override

This page is served via Cloudflare

This domain (dnslab.one) uses Cloudflare as a secondary DNS provider. The A record for this hostname is managed on a PowerDNS primary server and transferred to Cloudflare via AXFR. With Secondary DNS Override, Cloudflare proxies HTTP traffic through its global network — enabling WAF, DDoS protection, CDN caching, and Workers.

Cloudflare Request Metadata

These values prove this request was served through Cloudflare's edge network.

CF-Ray

9f3cad5569301ec6

Unique request identifier assigned by Cloudflare

Data Center

CMH

Cloudflare colo (PoP) serving this request

Country

Country of the client IP (GeoIP)

TLS Version

TLSv1.3

TLS version negotiated between client and Cloudflare

HTTP Protocol

HTTP/2

HTTP protocol version (HTTP/2, HTTP/3, etc.)

Bot Score

N/A

Cloudflare Bot Management score (1=bot, 99=human)

Client IP

216.73.217.2

Your IP address as seen by Cloudflare

How It Works

Hidden Primary

A PowerDNS server acts as the authoritative primary for dnslab.one. It serves all DNS records but is not listed in NS records at the registrar.

Zone Transfer (AXFR)

Cloudflare pulls the full zone from the primary via AXFR, authenticated with TSIG (HMAC-SHA256). Changes propagate within seconds via DNS NOTIFY.

Live-Signing DNSSEC

Cloudflare signs the zone in real-time using Algorithm 13 (ECDSA P-256). The primary doesn't need DNSSEC — Cloudflare handles it automatically.

Override (Proxy)

Selected records are proxied (orange cloud) through Cloudflare's network. This page is served by a Cloudflare Worker — WAF, CDN, and Bot Management are all active.

Open DNS Portal (Requires Cloudflare Access)