#Use my usual nameservers instead of newly assigned ones

I recently purchased a new domain and thought it was a good idea to set my CF nameservers before adding the domain to Cloudflare.
But apparently if you do so, a new pair of nameservers will be assigned to the domain to prevent hijacking.
https://developers.cloudflare.com/dns/zone-setups/reference/nameserver-assignment/

I tried resetting the nameservers on my registrar and deleting/re-adding it to Cloudflare, but it still offers the new pair. Is there any way to use the original pair?

Thanks

IIRC you may have to give it a week to purge the old zone data

I.e., delete the Zone on CF, wait a week, then try again

nice, thank you. is the week just an approximate estimation? do you know the exact zone data retention?

I believe it is a week, let me check

After a zone is deleted for seven days, it will be purged. Cloudflare does not respond to DNS queries for purged zones and, unlike deleted zones, this status cannot be reverted. In this case, even if you re-add the domain to the same Cloudflare account, none of the zone settings are expected to be restored.
- Zone Status | DNS

awesome, so it's 7 days, thank you so much!

I waited 8 days, re-added the domain and it still had the secondary nameservers 😭

you can't just add the nameservers that CF gives you as the nameservers in the registrar DNS settings?

I would like to use the same nameservers for all the domains in my account, as I have it as a preset on my registrar. It just feels unnecessary to have to use an extra pair of nameservers just because of one mistake done during config

That won’t work, it’s a security feature to prevent hijacking. That domain will never get those nameservers again, and if you don’t set those Cloudflare will assume you don’t control it and it won’t activate the domain. You might not even get the same nameservers for any other domain now.

are you sure? multiple people in this server said you eventually get the original pair after some time. and the article linked above says a zone will be purged after 7 days

A zone will be purged, sure, but the pair might be rotated for the whole account. I am, nor most people here, not privy to all security measures implemented by Cloudflare

And did you remove the Cloudflare nameservers from the registrar while the zone was purged?

yes i did, i reset the domain nameservers and waited a week, but nothing changed

i wish we could get a reply from Cloudflare about this because there is no clear answer on the subject anywhere

It’s Trust&Safety’s department here, they won’t reply and won’t budge. But is it really that much of an issue to have a different pair of nameservers, which you set once and then forget?

i mean it's not a big deal, but still annoying. just because it's a minor inconvenience doesn't necessarily mean everyone should settle for it and not question it.
i just wanted to know if there is a solution, if Cloudflare confirmed the nameservers will forever be different for that domain or for my whole account it would be fine, but instead no one knows what's really going on lol

nameservers wont change after a zone is activated, theyll forever be "different" for that domain

the nameservers you need to set are dynamically selected at zone creation, most of the time these are the same but they arent always as you discovered

whether the "default" for your account has changed, nobody knows, because there are several security systems working in the background to prevent domain takeovers that will adjust nameservers whenever needed

the best course of action is to

• never preset your nameservers at the registrar, nor presume that they will be something specific until you create the zone
• always set the nameservers you are told to set, when youre told to set them
• dont worry about them changing after youve activated the zone, they wont

The reply above this is the best summary of what’s going on… it’s not questioned as it’s a way to avoid abuse. If the other account the domain belonged to had the same pair and you maliciously set the same nameservers and tried to take it over?

I had to learn that the hard way too. Just set the ones it gives you when you add it. Annoying or not, it just has to be done.

I don't understand however, how keeping the same NS allows takeovers.

Since a huge number of domains and thus nameservers point to Cloudflare and you necessarily can add domains to Cloudflare DNS before you actually transfer them, this creates a window for takeover attempts if those nameservers would always be the same.
Or did I miss something fundamental?

You have apple.ns.cloudflare.com and orange.ns.cloudflare.com as nameservers set for example.com, I have the same set in my account (the actual pairs are usually people names, and there are thousands of combinations, by now). I go to my dashboard and say, "you know what? example.com belongs to me now". I add it, the nameservers match, the configuration is now in my account.

You could then do the same to me, or use the DNS control to then maybe take control of e-mail and then the registrar, meaning I have full control of your domain.

I then move to another account with a different pair and... done.

Yes, when you preset nameservers back before this change you were vulnerable to the (remote, but still there) chance of someone yanking your domain before you can add it to cloudflare yourself

its just, in general, not a good idea to set any domain to a nameserver pair you were not explicitly told to set

Makes sense. Thank you