How to keep a domain registered at NameSilo (without transferring it to Cloudflare) but move its DNS and DNSSEC over to Cloudflare, and how that affects catch‑all email

NameSilo DNS to Cloudflare

Brief key points (Premise A: domain stays at NameSilo; Premise B: only move DNS and DNSSEC to Cloudflare — impact on catch‑all mail and steps):

1) Impact principle (core conclusion)

When you change the domain’s nameservers to Cloudflare, Cloudflare’s DNS zone becomes authoritative; mail flow is determined by DNS MX records.

As long as you keep the same MX (and required TXT/SPF/DKIM/DMARC) records in the Cloudflare DNS zone that your current mail host uses, mail (including catch‑all) will not be interrupted.

If you do not copy correct MX/TXT etc. records into Cloudflare during the switch, mail delivery will temporarily fail (bounces or rejections) and the catch‑all will be affected.

2) DNS migration steps (recommended)

Before changing nameservers, add your domain to Cloudflare and let it scan/import DNS records. Cloudflare will usually auto‑import common records (MX, CNAME, A, etc.), but you must verify manually.

Verify and ensure the presence of: all MX and CNAME records, any A/AAAA records referenced by mail hostnames, all TXT (SPF) records, and DKIM/DMARC records.

Keep the exact same record values as in NameSilo’s panel (priority/hostname/TTL).

After switching nameservers to Cloudflare, wait for DNS propagation (typically minutes up to 48 hours). Do not remove or change the old mail host settings until you confirm the new DNS is active and mail can be sent/received normally.

If you use a catch‑all (@) address, confirm the MX in Cloudflare points to the correct mail host; catch‑all behavior is enforced in the mail host control panel (catch‑all is usually a mail server feature, not DNS).

3) About DNSSEC

If you previously enabled DNSSEC at NameSilo, after enabling Cloudflare DNS: enable DNSSEC in Cloudflare; Cloudflare will provide a DS record (or required values). Then go back to NameSilo and add/replace the DS record in the registrar panel. Otherwise validation will fail and cause resolution problems.

Process: configure and enable DNSSEC in Cloudflare (or obtain the DS values Cloudflare shows), then update the DS entry at NameSilo with Cloudflare’s values.

4) Catch‑all behavior in different scenarios

If the catch‑all is implemented by a third‑party mail service (DNS only: MX points to e.g., Google Workspace, and catch‑all is enabled in that service’s control panel) — as long as you keep the same MX when switching DNS, the catch‑all is unaffected.

If the catch‑all is provided by NameSilo’s own mail hosting — after switching nameservers to Cloudflare you can still use it provided you keep and correctly point Cloudflare MX and related records to NameSilo’s mail servers; NameSilo’s mail host will continue to receive mail.

If you decide to migrate mail to another mail host during the switch, you must update MX/TXT/DKIM etc. in Cloudflare and configure catch‑all at the destination mail host.

5) Common notes (brief)

Back up/export or screenshot all current DNS records before switching.

Changing nameservers makes Cloudflare’s DNS the authoritative source — fully configure Cloudflare first before changing NS at the registrar.

Monitor mail logs and perform send/receive tests during the transition.

If you enable Cloudflare’s proxy (“orange cloud”), do not proxy MX or mail subdomains — set them to “DNS only” (grey cloud), otherwise mail flow will break.

6) NameSilo promo code

This is an ad: when buying, enter 1d0llar to save $1.

～～

Footnote: The steps for moving DNS from NameCheap to Cloudflare may be similar, but I'm not sure.