Output Format

The zone file

The tool generates a BIND-format zone file (RFC 1035) that Cloudflare's DNS import accepts directly. Here's what's inside it and how to use it.

Format

What the output looks like

The zone file starts with a comment header containing metadata, followed by DNS records grouped by type. Each record is a single line in standard BIND format.

cloudflare-dns-import-example.com.txt BIND / RFC 1035 
;; Cloudflare DNS Import File
;; Generated by SES DKIM → Cloudflare
;; Domain: example.com
;; Date: 2025-01-15 09:32:11
;;

;; CNAME Records
zey4t3k72nvkphf3xtxycmlpbd2mrylz._domainkey.example.com. 1 IN CNAME zey4t3k72nvkphf3xtxycmlpbd2mrylz.dkim.amazonses.com.
2wozuadye6pgxp5pvr7ov6gkvqikt6ca._domainkey.example.com. 1 IN CNAME 2wozuadye6pgxp5pvr7ov6gkvqikt6ca.dkim.amazonses.com.
zvtgr4yut5ntwyzsrzhy7ztbfa4ewdlo._domainkey.example.com. 1 IN CNAME zvtgr4yut5ntwyzsrzhy7ztbfa4ewdlo.dkim.amazonses.com.

Field Reference

Zone file structure

Each record line follows the standard BIND format:

Record syntax 
<name>.  <ttl> IN <type>  <value>.
Field Value in output Notes
name FQDN with trailing dot From CSV Name column. Trailing . appended if missing.
ttl 1 Hardcoded to 1 . Cloudflare treats this as automatic TTL after import.
class IN Internet class. Always IN for standard DNS records.
type From CSV Type column CNAME , TXT , MX , or any other valid type.
value FQDN with trailing dot (CNAMEs) From CSV Value column. Trailing . appended to CNAME targets.

Importing

How to import into Cloudflare

01
Open Cloudflare DNS
Log in to the Cloudflare dashboard. Select the domain you verified in SES. Navigate to DNS → Records .
02
Find the import option
Import DNS records is either in the main records view or under an Advanced dropdown at the top right of the DNS panel.
03
Upload the zone file
Upload the .txt file you downloaded. Cloudflare will parse it and show a preview of the records it found.
04
Confirm the import
Review the detected records and confirm. Cloudflare adds them to your zone immediately. DNS propagation typically takes a few minutes.
05
Verify in AWS SES
Back in SES → Configuration → Identities → Authentication tab , check the DKIM status. AWS detects the records automatically — usually within minutes, up to 72 hours.
TTL note. The zone file uses TTL 1 , which Cloudflare interprets as automatic TTL. After import, Cloudflare sets it to its own default (usually 300s or auto). You can change it manually in the DNS panel afterwards.
← Usage Guide Open the Tool ↗