Portal Community

dns/get

Retrieve a single DNS record by its record ID within a zone.

When to Use

Configuration

Connection

FieldTypeRequiredDescription
ApiTokenstringrequiredScoped Cloudflare API Token with DNS.Read permission. Store in BizFirst Credentials Manager.

Operation Fields

FieldTypeRequiredDescription
ZoneIdstringrequired32-character hexadecimal Zone ID.
RecordIdstringrequiredUUID of the DNS record. Obtain from dns/list.

Sample Configuration

{
  "resource": "dns",
  "operation": "get",
  "connection": {
    "ApiToken": "{{ $credentials.cloudflare_dns_read }}"
  },
  "ZoneId": "023e105f4ecef8ad9ca31a8372d0c353",
  "RecordId": "372e67954025e0ba6aaa6d586b9e0b59"
}

Validation Errors

CodeConditionResolution
MISSING_API_TOKENApiToken is emptySet the ApiToken credential in the connection panel
MISSING_ZONE_IDZoneId is emptyProvide the Zone ID
UNKNOWN_ERRORRecord not found or access deniedVerify both Zone ID and Record ID are correct

Output

Success Port

FieldTypeDescription
idstringRecord UUID
typestringDNS record type
namestringFully-qualified record name
contentstringRecord value
ttlintegerTime-to-live in seconds (1 = automatic)
proxiedbooleanWhether the record routes through Cloudflare proxy
createdOnstringISO 8601 creation timestamp
modifiedOnstringISO 8601 last-modified timestamp

Error Port

On failure, the error port receives an object with code and message.

Sample Output

{
  "id": "372e67954025e0ba6aaa6d586b9e0b59",
  "type": "A",
  "name": "api.example.com",
  "content": "198.51.100.4",
  "ttl": 1,
  "proxied": true,
  "createdOn": "2024-01-15T10:30:00Z",
  "modifiedOn": "2025-02-01T08:00:00Z"
}

Expression Reference

ExpressionReturns
{{ $node.DnsGet.output.id }}Record UUID
{{ $node.DnsGet.output.content }}Record value (IP, hostname, or text)
{{ $node.DnsGet.output.ttl }}TTL value in seconds
{{ $node.DnsGet.output.proxied }}Boolean — true if proxied through Cloudflare
{{ $node.DnsGet.output.modifiedOn }}Last-modified timestamp

Node Policies & GuardRails

PolicyDetail
Use DNS.Read scoped tokenThis is a read-only operation — do not over-scope the token
Store ApiToken in Credentials ManagerNever hardcode the token in configuration JSON
Obtain Record ID from dns/listRecord IDs are UUIDs — never guess or hard-code them; always resolve via dns/list first
Store current record before updateUse dns/get before dns/update and store the output as a rollback snapshot in a VariableAssignment node
Rate limit awarenessdns/get counts toward the 1,200 req/5 min limit; avoid rapid polling in loops

Examples

Example 1: Capture Rollback Snapshot Before Update

Before calling dns/update, call dns/get and store the result using a VariableAssignment node as rollback_record. If the update causes issues, the stored object can be passed directly to dns/update to restore the original values.

Example 2: Verify Record Content After Creation

After dns/create, pass the new record's ID to dns/get. Add an IfCondition node to verify content === expectedIp. If it matches, continue the deployment; if not, trigger an alert.

Example 3: Check Proxied Status Before WAF Rule Testing

Call dns/get for a record and check proxied === true. Only if the record is proxied will Cloudflare WAF rules apply. Use this as a gate before running security tests that depend on WAF interception.