Yes, DNS history is one way to leak your IP. There are several other ways that the origin IP may get leaked, so you should be very careful if you use Cloudflare:
* Keep all subdomains on CloudFlare
* Don't use wildcard subdomains if you are not on Pro account
* Don't host mail or other services on the same server as your web server (email headers have origin IP)
* Never initiate an outbound connection based on user action
* Make sure that your web server and web application are patched against all known information disclosure vulnerabilities.
* Change your origin IP once configured for maximum DDoS protection on CloudFlare
* Keep all subdomains on CloudFlare
* Don't use wildcard subdomains if you are not on Pro account
* Don't host mail or other services on the same server as your web server (email headers have origin IP)
* Never initiate an outbound connection based on user action
* Make sure that your web server and web application are patched against all known information disclosure vulnerabilities.
* Change your origin IP once configured for maximum DDoS protection on CloudFlare
Cloudflare documents it here: https://blog.cloudflare.com/ddos-prevention-protecting-the-o...