dnswiz vs Cloudflare DNS
Honest comparison. Where Cloudflare is the right call, where dnswiz is, and how to choose.
- Pick Cloudflare DNS if you're already using Cloudflare for proxy/CDN/WAF and want one console.
- Pick dnswiz if you want authoritative DNS without orange-cloud lock-in, with real failover and observability.
- Cloudflare's free DNS is great for small static sites. The day you need routing or insights, you're back to comparing.
Where Cloudflare wins
- Anycast scale. 330+ POPs. For pure DNS lookup latency from anywhere on earth, Cloudflare is hard to beat. If you're serving a global audience and every millisecond at the resolver matters, this is the strongest argument.
- Free tier. Genuinely free for unlimited zones and queries (as long as the domain is on Cloudflare). For a personal site or a side project, dnswiz Pro is more than you need. We'd be wrong to pretend otherwise.
- Bundled WAF/CDN/proxy. If you want Cloudflare's proxy layer for DDoS, caching, or Workers, having DNS in the same console is real ergonomic value. The orange cloud is one click.
- DNSSEC by default. One toggle. dnswiz DNSSEC is on the roadmap; today we don't sign zones.
Where dnswiz wins
- Real GSLB. Cloudflare's "Load Balancing" is a separate paid product ($5/origin/month, more per geo steering pool). dnswiz ships health-checked POOL records (weighted or active-passive), GEO records, and timed CANARY rollouts on every paid plan. Same console, no add-on.
- No proxy lock-in. On Cloudflare's free DNS, you can't get the good rate-limiting or WAF without proxying through Cloudflare. dnswiz is authoritative-only by design, your traffic goes wherever you point it.
- Built-in query insights. Per-zone analytics: top names, country breakdowns, p50/p95/p99 latency. On Cloudflare you get aggregated DNS analytics at the account level; per-record detail requires Logpush to your own pipeline.
- Hijack monitor. We probe your zone from 8 public resolvers every 5 min and alert if any returns an answer that doesn't match. Catches registrar compromise and BGP-route hijacks. Cloudflare's equivalent is Cloudflare Radar, useful, but not a per-zone alert.
- Per-zone query firewall. Refuse queries by source IP, country, query type, or rate. Stops ANY/AXFR amplification at the DNS layer. Cloudflare offers similar at the HTTP layer (WAF + proxy); at the DNS layer they don't.
Side by side
| Feature | Cloudflare DNS | dnswiz |
|---|---|---|
| Authoritative DNS | Yes | Yes |
| Anycast network | 330+ POPs | Multi-region (growing) |
| DNSSEC | Yes | Roadmap |
| Failover routing | Load Balancing add-on ($5+/mo) | Included |
| Weighted routing | Load Balancing add-on | Included |
| Geo routing | Load Balancing add-on (geo steering) | Included |
| Per-zone insights | Account-level + Logpush | Built in |
| Hijack monitoring | No | Yes |
| DNS-layer query firewall | No (HTTP-layer via proxy) | Yes |
| API key IP allow-list | Yes | Yes |
| Terraform provider | Yes | Yes |
| Lock-in | Full features require proxy ON | None |
| Pricing | Free DNS + paid add-ons (LB, Logpush, etc.) | Flat plan |
The "free" question
Cloudflare DNS being free is real, and it's a strong default for hobby projects. What's not free is everything that turns DNS into something you can rely on for production: load balancing add-ons, Logpush for query logs, Argo Smart Routing if you want latency-based steering, and the "you have to proxy through us" trade for WAF/rate-limit at the edge.
For a static site you don't get paged about, Cloudflare free is hard to beat. For a SaaS that fails over between AWS and GCP and wants insights into who's querying what, the Cloudflare bill catches up fast, and you end up integrating three Cloudflare products instead of one.
Migrating
We wrote a step-by-step guide for Cloudflare specifically. Migrate from Cloudflare to dnswiz with zero downtime covers the TTL pre-cut, parallel zone build, NS delegation flip, and what to do with proxy / Workers / Page Rules that don't have a direct dnswiz equivalent.
Honest disclosures
- Cloudflare runs a vastly bigger anycast network. For p99 DNS latency from every continent, they're faster than us today.
- Cloudflare's free tier is a real product, not a teaser. If your needs fit, go use it.
- If you want the Cloudflare proxy / Workers / CDN, you can keep them and use Cloudflare's DNS too. The market sometimes presents this as a binary choice; it isn't.
- dnswiz is in beta. Cloudflare is a public company. We dogfood our own DNS for dnswiz.app, but we're not the same maturity level.
Try it
Free plan: 5 zones, 100k queries/month. No card. Sign up at console.dnswiz.app.