Portal / Nodes / Cloudflare / dns/get
dns/get
Retrieve a single DNS record by its record ID within a zone.
When to Use
- Pre-update inspection: Retrieve a record's current content before calling dns/update to confirm what is changing and build a rollback payload.
- Content verification: Verify that a recently created or updated record has the expected value before declaring a deployment complete.
- TTL audit: Check the TTL of a specific record to confirm it was reduced before a planned migration.
- Proxy status check: Verify whether a record is proxied before making routing or security decisions that depend on Cloudflare CDN being in the path.
Configuration
Connection
| Field | Type | Required | Description |
ApiToken | string | required | Scoped Cloudflare API Token with DNS.Read permission. Store in BizFirst Credentials Manager. |
Operation Fields
| Field | Type | Required | Description |
ZoneId | string | required | 32-character hexadecimal Zone ID. |
RecordId | string | required | UUID of the DNS record. Obtain from dns/list. |
Sample Configuration
{
"resource": "dns",
"operation": "get",
"connection": {
"ApiToken": "{{ $credentials.cloudflare_dns_read }}"
},
"ZoneId": "023e105f4ecef8ad9ca31a8372d0c353",
"RecordId": "372e67954025e0ba6aaa6d586b9e0b59"
}
Validation Errors
| Code | Condition | Resolution |
MISSING_API_TOKEN | ApiToken is empty | Set the ApiToken credential in the connection panel |
MISSING_ZONE_ID | ZoneId is empty | Provide the Zone ID |
UNKNOWN_ERROR | Record not found or access denied | Verify both Zone ID and Record ID are correct |
Output
Success Port
| Field | Type | Description |
id | string | Record UUID |
type | string | DNS record type |
name | string | Fully-qualified record name |
content | string | Record value |
ttl | integer | Time-to-live in seconds (1 = automatic) |
proxied | boolean | Whether the record routes through Cloudflare proxy |
createdOn | string | ISO 8601 creation timestamp |
modifiedOn | string | ISO 8601 last-modified timestamp |
Error Port
On failure, the error port receives an object with code and message.
Sample Output
{
"id": "372e67954025e0ba6aaa6d586b9e0b59",
"type": "A",
"name": "api.example.com",
"content": "198.51.100.4",
"ttl": 1,
"proxied": true,
"createdOn": "2024-01-15T10:30:00Z",
"modifiedOn": "2025-02-01T08:00:00Z"
}
Expression Reference
| Expression | Returns |
{{ $node.DnsGet.output.id }} | Record UUID |
{{ $node.DnsGet.output.content }} | Record value (IP, hostname, or text) |
{{ $node.DnsGet.output.ttl }} | TTL value in seconds |
{{ $node.DnsGet.output.proxied }} | Boolean — true if proxied through Cloudflare |
{{ $node.DnsGet.output.modifiedOn }} | Last-modified timestamp |
Node Policies & GuardRails
| Policy | Detail |
| Use DNS.Read scoped token | This is a read-only operation — do not over-scope the token |
| Store ApiToken in Credentials Manager | Never hardcode the token in configuration JSON |
| Obtain Record ID from dns/list | Record IDs are UUIDs — never guess or hard-code them; always resolve via dns/list first |
| Store current record before update | Use dns/get before dns/update and store the output as a rollback snapshot in a VariableAssignment node |
| Rate limit awareness | dns/get counts toward the 1,200 req/5 min limit; avoid rapid polling in loops |
Examples
Example 1: Capture Rollback Snapshot Before Update
Before calling dns/update, call dns/get and store the result using a VariableAssignment node as rollback_record. If the update causes issues, the stored object can be passed directly to dns/update to restore the original values.
Example 2: Verify Record Content After Creation
After dns/create, pass the new record's ID to dns/get. Add an IfCondition node to verify content === expectedIp. If it matches, continue the deployment; if not, trigger an alert.
Example 3: Check Proxied Status Before WAF Rule Testing
Call dns/get for a record and check proxied === true. Only if the record is proxied will Cloudflare WAF rules apply. Use this as a gate before running security tests that depend on WAF interception.