domain name

1. Buy a domain

You need a domain name: you can buy it where you want but it must be managed by Cloudflare.
So choose a registry that allows you to change the nameservers.

Because as stated by their documentation:

To use Cloudflare, you need to change your domain’s authoritative DNS servers, which are also referred to as nameservers.
For your reference, here are the Cloudflare nameservers you’ve been assigned.

Here is the dashboard: Cloudflare DNS panel

2. Enable DNSSEC

Once the domain is managed by Cloudflare, you must enable DNSSEC.

And here is the DNS panel: Cloudflare dashboard

3. Now we will check if eveything is OK.

To check that the domain is managed by Cloudflare, just launch:

[workstation] ~/
$ dig NS terror.ninja

; <<>> DiG 9.11.6-P1-RedHat-9.11.6-5.P1.fc30 <<>> NS terror.ninja
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45822
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;terror.ninja.			IN	NS

;; ANSWER SECTION:
terror.ninja.		86400	IN	NS	lara.ns.cloudflare.com.
terror.ninja.		86400	IN	NS	thomas.ns.cloudflare.com.

To check that DNSSEC is enabled:

[workstation] ~/
$ dig +dnssec NS terror.ninja
  
  ; <<>> DiG 9.11.6-P1-RedHat-9.11.6-5.P1.fc30 <<>> +dnssec NS terror.ninja
  ;; global options: +cmd
  ;; Got answer:
  ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54903
  ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1
  
  ;; OPT PSEUDOSECTION:
  ; EDNS: version: 0, flags: do; udp: 4096
  ;; QUESTION SECTION:
  ;terror.ninja.			IN	NS
  
  ;; ANSWER SECTION:
  terror.ninja.		85069	IN	NS	lara.ns.cloudflare.com.
  terror.ninja.		85069	IN	NS	thomas.ns.cloudflare.com.
  terror.ninja.		85069	IN	RRSIG	NS 13 2 86400 20190729161343 20190727141343 34505 terror.ninja. e59AVdr+var+/Dj+mQiDkALiAJq1ISb4YA4JO9fi9RVJyrZuLwoLGJEu CFcB5GWZtZQD0Mvchc4/UK13fga80w==

You should also go here, https://dnssec-analyzer.verisignlabs.com/, and validate the activation of DNSSEC.

4. Cloudflare’s Load Balancer

You need to activate the Load Balancer feature in the Traffic panel. You can take the $5/month option for this demo.

Cloudflare LB feature

As you have noticed, my demo domain is terror.ninja. In the rest of this demo I will regularly make reference to it.
And frequently, I will ask you to rename/replace some files or parameters with your own domain.

5. Next page!

We are done, let’s retrieve our API keys and tokens.