MCP Cloudflare DNS
Gerencie zonas DNS, registros, purga de cache e regras de página do Cloudflare a partir de qualquer assistente de IA compatível com MCP.
Documentação
mcp-cloudflare-dns
Cloudflare DNS MCP server. Manage zones, DNS records, cache, and page rules from Claude, Cursor, Codex, or any MCP-compatible AI assistant.
# Install: uvx mcp-cloudflare-dns
# Ask your AI:
"List all DNS records for example.com"
"Add a CNAME record pointing api.example.com to my-app.vercel.app"
"Purge the cache for https://example.com/products"
"What page rules are active on example.com?"
Start Here
| You are | Start with | Time |
|---|---|---|
| Installing the server | Quickstart | 5 min |
| Creating a safe API token | API token permissions | 5 min |
| Extending DNS/cache tools | docs/architecture.md and cf/server.py | 15 min |
Architecture
flowchart TD
Client[MCP client] -->|stdio or SSE| Server[cf/server.py]
Server --> Env[CF_API_TOKEN]
Server --> Guard{Destructive allowed?}
Server --> SDK[Cloudflare SDK]
SDK --> Zones[Zones]
SDK --> DNS[DNS records]
SDK --> Cache[Cache purge]
SDK --> Rules[Page rules]
Guard -->|false| Block[Block delete/full purge]
Guard -->|true| SDK
Zones --> Result[MCP result]
DNS --> Result
Cache --> Result
Rules --> Result
Result --> Client
More detail lives in docs/architecture.md.
Primary Workflow
flowchart TD
Ask([User asks DNS task]) --> Tool[Select MCP tool]
Tool --> Validate{Token present?}
Validate -->|no| ConfigError[Return config error]
Validate -->|yes| Risk{Destructive action?}
Risk -->|yes| Allow{CF_ALLOW_DESTRUCTIVE=true?}
Risk -->|no| Call[Call Cloudflare API]
Allow -->|no| Refuse[Refuse safely]
Allow -->|yes| Call
Call --> Return[Return zone or record result]
Why this one?
The official Cloudflare MCP covers Workers, KV, D1, and R2 — but has zero DNS tools. This server fills that gap.
| Feature | This server | Official CF MCP |
|---|---|---|
| DNS record CRUD | Yes | No |
| Zone listing | Yes | No |
| Cache purge | Yes | No |
| Page rules | Yes | No |
| Zone settings | Yes | No |
| Workers/KV/D1/R2 | No | Yes |
They complement each other — use both.
Quickstart
1. Get a Cloudflare API token — dash.cloudflare.com/profile/api-tokens → Create Token → use "Edit zone DNS" template
2. Add to your MCP client config:
{
"mcpServers": {
"cloudflare-dns": {
"command": "uvx",
"args": ["mcp-cloudflare-dns"],
"env": {
"CF_API_TOKEN": "your-cloudflare-api-token"
}
}
}
}
3. Restart your AI client. Done.
Available tools
| Tool | What it does |
|---|---|
list_zones | All zones on your account with status and nameservers |
get_zone | Details for a specific zone |
get_zone_settings | SSL mode, security level, minification, HTTPS redirect, etc. |
list_dns_records | All DNS records, filterable by type or name |
get_dns_record | Single record by ID |
create_dns_record | Add A, AAAA, CNAME, MX, TXT, NS, etc. |
update_dns_record | Edit content, TTL, proxy status, or comment |
delete_dns_record | Remove a record (requires CF_ALLOW_DESTRUCTIVE=true) |
purge_cache | Purge specific URLs or entire zone cache |
list_page_rules | All page rules with targets and actions |
Environment variables
| Variable | Required | Description |
|---|---|---|
CF_API_TOKEN | Yes | Cloudflare API token (also accepts CLOUDFLARE_API_TOKEN) |
CF_ALLOW_DESTRUCTIVE | No | Set to true to enable record deletion and full cache purge |
MCP_TRANSPORT | No | Set to sse for remote/VPS deployment (default: stdio) |
MCP_HOST | No | SSE bind host (default: 127.0.0.1) |
MCP_PORT | No | SSE bind port (default: 3001) |
API token permissions
Minimum required scopes for your token:
| Resource | Permission |
|---|---|
| Zone — DNS | Edit |
| Zone — Zone | Read |
| Zone — Cache Purge | Purge |
| Zone — Page Rules | Edit (if using page rules tools) |
License
MIT