Portal Community

dns/delete

Permanently delete a DNS record from a Cloudflare zone.

Immediate and irreversible: DNS record deletion takes effect immediately and cannot be undone. Always verify the record ID by calling dns/list and dns/get before deletion. A deleted record breaks routing for any traffic depending on it.

When to Use

Configuration

Connection

FieldTypeRequiredDescription
ApiTokenstringrequiredScoped Cloudflare API Token with DNS.Edit permission. Store in BizFirst Credentials Manager.

Operation Fields

FieldTypeRequiredDescription
ZoneIdstringrequired32-character hexadecimal Zone ID.
RecordIdstringrequiredUUID of the record to delete. Resolve via dns/list — never guess this value.

Sample Configuration

{
  "resource": "dns",
  "operation": "delete",
  "connection": {
    "ApiToken": "{{ $credentials.cloudflare_dns_edit }}"
  },
  "ZoneId": "023e105f4ecef8ad9ca31a8372d0c353",
  "RecordId": "372e67954025e0ba6aaa6d586b9e0b59"
}

Validation Errors

CodeConditionResolution
MISSING_API_TOKENApiToken is emptySet the ApiToken credential with DNS.Edit permission
MISSING_ZONE_IDZoneId is emptyProvide the Zone ID
UNKNOWN_ERRORRecord not found or insufficient permissionsVerify both Zone ID and Record ID are correct

Output

Success Port

FieldTypeDescription
idstringUUID of the deleted record — log this for audit trail
statusstringdeleted on successful deletion

Error Port

On failure, the error port receives an object with code and message.

Sample Output

{
  "id": "372e67954025e0ba6aaa6d586b9e0b59",
  "status": "deleted"
}

Expression Reference

ExpressionReturns
{{ $node.DnsDelete.output.id }}Deleted record UUID for audit log
{{ $node.DnsDelete.output.status }}"deleted" on success

Node Policies & GuardRails

PolicyDetail
Always resolve Record ID via dns/list firstNever hard-code a Record UUID in the configuration — always look it up to ensure you are deleting the correct record
Take a dns/get snapshot before deletionCall dns/get and log the full record object before deleting — enables manual recreation if deletion was unintentional
Require DNS.Edit tokenDeletion requires write permission — a read-only token will fail
Store ApiToken in Credentials ManagerNever hardcode the token in configuration JSON
Log the deleted record IDWrite the returned id to an audit log with timestamp and initiating workflow run ID

Examples

Example 1: Customer Offboarding DNS Cleanup

Trigger: customer account closed. Workflow: (1) Retrieve the customer's stored record IDs from the database. (2) For each record ID, call dns/delete with the Zone ID and record ID. (3) Log each deleted ID to the offboarding audit trail. (4) Mark the customer record as fully deprovisioned.

Example 2: Remove Verification TXT Record After Success

After an external service (e.g., Google Workspace) confirms domain verification: (1) Call dns/list filtered by Type: "TXT" and Name: "_google-site-verification.example.com". (2) Extract the record ID. (3) Call dns/delete to remove it. This keeps the zone clean.

Example 3: Post-Migration A Record Decommission

After a server migration is complete and stable for 72 hours: (1) List A records matching the old server's IP. (2) For each matching record, call dns/get to log it. (3) Call dns/delete. (4) Send a notification confirming cleanup is done.