Portal / Nodes / Cloudflare / dns/list
dns/list
List DNS records for a zone, with optional filtering by type or name.
When to Use
- DNS audit: Enumerate all DNS records for a zone to produce a documentation snapshot or compliance report.
- Stale record detection: Find A records pointing to decommissioned IP addresses by listing all A records and comparing against the known current IPs.
- CNAME mapping review: List all CNAME records to verify subdomain routing is correct before a migration.
- Email record verification: List MX and TXT records to confirm email delivery configuration (SPF, DKIM, DMARC) is in place.
- Pre-delete inspection: Retrieve the full list before a dns/delete call to confirm the record ID of the target record.
Configuration
Connection
| Field | Type | Required | Description |
ApiToken | string | required | Scoped Cloudflare API Token with DNS.Read permission. Store in BizFirst Credentials Manager. |
Operation Fields
| Field | Type | Required | Description |
ZoneId | string | required | 32-character hexadecimal Zone ID. |
Page | integer | optional | Page number for pagination. Default: 1. |
PerPage | integer | optional | Records per page (max 5000). Default: 50. |
Type | string | optional | Filter by record type: A, AAAA, CNAME, MX, TXT, SRV, NS, CAA. |
Name | string | optional | Filter by record name (exact match, e.g., api.example.com). |
Sample Configuration
{
"resource": "dns",
"operation": "list",
"connection": {
"ApiToken": "{{ $credentials.cloudflare_dns_read }}"
},
"ZoneId": "023e105f4ecef8ad9ca31a8372d0c353",
"Type": "A",
"PerPage": 100
}
Validation Errors
| Code | Condition | Resolution |
MISSING_API_TOKEN | ApiToken is empty | Set the ApiToken credential in the connection panel |
MISSING_ZONE_ID | ZoneId field is empty | Provide a valid 32-character hex Zone ID |
UNKNOWN_ERROR | Cloudflare API error | Check token permissions and Zone ID validity |
Output
Success Port
| Field | Type | Description |
records | array | Array of DNS record objects |
records[].id | string | Unique record UUID — used in dns/get, dns/update, dns/delete |
records[].type | string | Record type (A, AAAA, CNAME, MX, TXT, etc.) |
records[].name | string | Fully-qualified record name |
records[].content | string | Record value (IP address, hostname, or text) |
records[].ttl | integer | Time-to-live in seconds (1 = automatic) |
records[].proxied | boolean | Whether the record routes through Cloudflare proxy |
records[].proxiable | boolean | Whether this record type can be proxied |
records[].createdOn | string | ISO 8601 creation timestamp |
records[].modifiedOn | string | ISO 8601 last-modified timestamp |
pagination | object | Pagination metadata |
pagination.page | integer | Current page |
pagination.per_page | integer | Records per page |
pagination.count | integer | Records on this page |
pagination.total_count | integer | Total records matching the filter |
Error Port
On failure, the error port receives an object with code and message.
Sample Output
{
"records": [
{
"id": "372e67954025e0ba6aaa6d586b9e0b59",
"type": "A",
"name": "example.com",
"content": "198.51.100.4",
"ttl": 1,
"proxied": true,
"proxiable": true,
"createdOn": "2024-01-15T10:30:00Z",
"modifiedOn": "2025-02-01T08:00:00Z"
},
{
"id": "9a7806061c88ada191ed06f989cc3dac",
"type": "CNAME",
"name": "www.example.com",
"content": "example.com",
"ttl": 1,
"proxied": true,
"proxiable": true,
"createdOn": "2024-01-15T10:31:00Z",
"modifiedOn": "2024-01-15T10:31:00Z"
}
],
"pagination": {
"page": 1,
"per_page": 50,
"count": 2,
"total_count": 2
}
}
Expression Reference
| Expression | Returns |
{{ $node.DnsList.output.records }} | Full array of DNS record objects |
{{ $node.DnsList.output.records[0].id }} | Record ID of the first result |
{{ $node.DnsList.output.records[0].content }} | Content/value of the first record |
{{ $node.DnsList.output.pagination.total_count }} | Total matching record count |
Node Policies & GuardRails
| Policy | Detail |
| Use DNS.Read scoped token | This is a read-only operation — do not use a DNS.Edit token unless sharing credentials with write operations |
| Store ApiToken in Credentials Manager | Never hardcode the token in configuration JSON |
| Use filters to reduce result size | Specify Type and Name to limit results when you know the target record — avoids large payloads |
| Paginate for large zones | Zones with hundreds of records require multiple pages — implement a Loop node iterating page until count < per_page |
| Validate record ID before writes | Always call dns/list to confirm the record ID before dns/update or dns/delete |
Examples
Example 1: Find Record ID by Name for Downstream Update
Call dns/list with Type: "A" and Name: "api.example.com". Use a Function node to extract records[0].id and pass it to a dns/update node to change the IP address.
Example 2: MX Record Audit
Call dns/list with Type: "MX". Feed the records array into a DataMapping node that extracts name, content, and priority. Send the result to a Google Sheet or a notification with the current MX configuration for review.
Example 3: Detect Unproxied A Records
Call dns/list with Type: "A". Filter downstream on proxied === false. For each unproxied record, create a task in Jira to review whether the record should be proxied through Cloudflare for security.