← Back to blog
Tool Friday EP. 15

Tool Friday #15 — Cloudflare: I Came For DNS, Stayed For The Free CAPTCHA No One Talks About

The workflow
01
Move DNS off your registrar
15 minutes per domain, free, reversible. Insurance against billing failures.
02
Add Turnstile to your forms
Drop-in CAPTCHA, no Google, free up to 1M requests/month.
03
Forget about it
Bots stop signing up. SSL renews itself. CDN works in the background.
Matteo Lombardi
May 8, 2026
Try Cloudflare free → Try it

I moved my domains to Cloudflare last year because my registrar nearly killed my site.

The story is short and embarrassing. Stratega.co — main domain, business email, everything — slipped into expired-parking on a Saturday morning. Card on file. Auto-renew toggle ON. No warning email. The renewal just silently failed. Site down. Email bouncing. Coffee getting cold.

The fix took 45 minutes. I logged into the registrar, paid the renewal, restored the Cloudflare nameservers in the registrar config — and everything came back.

That’s the story most people would write a Tool Friday about: “move your DNS off your registrar, register and DNS shouldn’t be the same company, etc.” It’s true. It’s the boring lesson. There are 100 articles about it.

But it’s not why I’m writing this one.

I’m writing this one because of a feature on Cloudflare’s free tier that almost no founder talks about: Turnstile. The free CAPTCHA. The small, quiet, invisible thing that has saved me more time over the past three months than the DNS layer ever will.

TL;DR: Cloudflare’s free tier gives you four things most founders pay other companies for: DNS, SSL, CDN, and a free CAPTCHA called Turnstile. The DNS is what gets you onto the platform. Turnstile is what makes you stay. I added it to my Stratega Academy login form, bot signups went to zero, and I haven’t thought about it since. That’s roughly the whole pitch.

What Turnstile actually is

Turnstile is Cloudflare’s CAPTCHA product. The thing that decides whether the human on the other end of a form is a human or a bot. It’s the product that competes with Google’s reCAPTCHA — those “click all the traffic lights” boxes you’ve clicked a thousand times.

The user side of Turnstile: usually invisible. Sometimes a single checkbox. No traffic lights, no fire hydrants, no “select all squares with a bicycle”.

The developer side: drop in a script tag and a token in your form. Cloudflare handles the rest.

The pricing side: free up to 1 million requests per month. A solo founder will not hit that ceiling for years.

Three months ago I added it to the login form on Stratega Academy (my course platform). Before Turnstile: small but constant trickle of bot signups with junk emails. Garbage in my CRM. Analytics counting fake users as real visitors. Background noise I’d been ignoring for weeks.

After Turnstile: zero bot signups. One afternoon of work to ship it. I haven’t touched it since.

If that sounds anticlimactic — good. That’s what makes it a Tool Friday. The best tools are the ones you stop thinking about after you ship them.

Why I prefer it over reCAPTCHA

I don’t actively dislike reCAPTCHA. It works. It’s free. Most people use it. But for a solo founder running their own infra, here’s the case for Turnstile, in plain terms:

1. Less Google. I already use Gmail, Google Workspace, GA4, GTM, Search Console, and Google Drive. Adding reCAPTCHA means yet another Google product wrapped around my auth flow. Turnstile lets me put one less integration on the Google pile. If you ever want to move off Google one day, fewer hooks to unhook.

2. Privacy posture. reCAPTCHA tracks users across the web. Turnstile doesn’t. That matters less if you’re a B2C startup and more if your buyers are EU enterprises who read privacy policies. (Mine increasingly are.)

3. It looks better. Most users see one tick box and move on. The “click traffic lights” UX of reCAPTCHA is a small but real friction point on a login form. Less friction = more signups = more revenue. Small effect, but cumulative.

4. It’s actually free at founder volume. 1M requests/month is enormous. reCAPTCHA’s free tier is also fine, but it’s ad-supported in spirit — you’re paying with data, not money.

The DNS story (for completeness)

Since the trigger that got me onto Cloudflare in the first place was a DNS disaster, I owe you the boring version too. Skip this section if you’re already on Cloudflare for DNS. If you’re not, here’s why you should be:

Your registrar (Namecheap, GoDaddy, Porkbun) is one company. Your DNS provider should be another company. When my registrar fumbled the renewal in April, the only reason it was a 45-minute outage instead of a multi-day disaster is that DNS lived on Cloudflare, separate from the registrar. The moment renewal was paid, I restored the Cloudflare nameservers and everything came back instantly.

If DNS had been on the registrar (the default for most founders), the parking page would have stayed up until propagation cleared, and every third-party service pointed to that domain — email, hosting, integrations — would have flickered off in lockstep.

Moving DNS to Cloudflare costs nothing and takes 15 minutes per domain. The setup:

  1. Sign up for Cloudflare. Add your domain.
  2. Cloudflare scans your existing DNS records and copies them over. Verify MX (email) and CNAME (hosting) look right.
  3. Cloudflare gives you two nameservers (e.g. rodney.ns.cloudflare.com and vivienne.ns.cloudflare.com). Replace the registrar’s defaults with those.
  4. Wait 5 minutes to a few hours for propagation. Done.

SSL turns on automatically. CDN works in the background. You forget about it.

I run two of my own domains on Cloudflare today (stratega.co and trendjourney.ai) plus one I built for a friend. Total cost: zero euros per month. Total time spent thinking about DNS in the past 12 months: about an hour, most of it during the registrar outage.

That’s the boring part. Worth doing. Not worth a whole article.

What’s not in the free tier (and why I don’t care)

  • Workers (their serverless compute) has a generous-but-limited free tier. If you actually start using Workers, you’ll hit the ceiling. For DNS / SSL / CDN / Turnstile, you’ll never hit it.
  • R2 (their S3 alternative) charges egress-free but storage costs money past 10GB. Useful if you outgrow Supabase Storage; not relevant for most founders.
  • Image optimization and advanced firewall rules require Pro ($20/month). I don’t use them.
  • Page rules beyond the basic three require Pro. The basic three are plenty for normal use.

The Pro plan exists. I haven’t found a reason to need it.

The verdict

Score: 9/10

If you have any login form, signup form, or contact form on the internet, Turnstile alone is worth moving to Cloudflare. Free, drop-in, no Google, no “click all the traffic lights”, no signups from bots called qwertyu123@tempmail.org.

The DNS layer is a bonus. The CDN is a bonus. The SSL is a bonus. The one point off is that the UI feels enterprise-y in places — you can tell the product was built for Fortune 500 first and solo founders second. You get used to it.

The story I’d tell another founder is one sentence: put Turnstile on your login form by Sunday and stop thinking about bots.

Cloudflare: cloudflare.com. Turnstile: cloudflare.com/products/turnstile. Three months in, my Academy login form has shipped one bot signup. (One. And it was me, testing.)

Tool Friday is a weekly series where I review one tool I actually use. This week’s tool: a free CAPTCHA, hidden inside a free DNS service, that 99% of founders haven’t noticed.

Verdict

If you have any login form on the internet, Turnstile alone is worth moving to Cloudflare. The free DNS is just the bonus.

9
/10
Free
Free tier covers DNS, CDN, SSL, Turnstile · Pro $20/mo (not needed for most)
More Tool Friday reviews
8
n8n
AI hallucinates. n8n doesn't.
9
Docker + Tailscale
Run everything on your own machine. Reach it from anywhere.
9
Obsidian
Your notes, linked. Your brain, on disk.
7.5
Typefully
Write tweets in your workflow. Never open Twitter.