Hacker Read

m-p-3 | karma 5698 | avg karma 2.08 · 2019-09-11 13:30:09+00:00

But unless they have the private key for CloudFlare certs, they can't snoop in so it doesn't matter if there are intermediaries in between.

vetinari | karma 8298 | avg karma 1.82 · 2019-09-11 08:34:04

The traffic between Clouflare and the authoritative nameservers will be good old 53/udp.

The only thing the snooper won't be sure with is, which Cloudflare client asked for that record.