Can Cloudflare Tunnels use the CNAME protocol to access domain names that are not in Cloudflare?

m0000xt · July 24, 2023, 2:27am

DarkDeviL · July 24, 2023, 2:43am

If someone is setting up a CNAME towards one of your domain names, they would typically end up with the 1014 CNAME Cross User Banned error.

That be, unless you have actually configured your Cloudflare account to also act on behalf of the origin of the CNAME, such as for example via Cloudflare for SaaS.

→ https://dash.cloudflare.com/?to=/:account/:zone/ssl-tls/custom-hostnames

That should, to my knowledge, not make any difference regardless if the origin is behind a Cloudflare Tunnel or not.

m0000xt · July 24, 2023, 5:34am

SaaS has been used, but it is still an error, Cloudflare Tunnels does not seem to support binding domain names that do not stay in Cloudflare. What should I do if I want to use cname to access an off-site domain name?

CFBrandon · July 25, 2023, 11:57pm

You cannot use Tunnels to access another domain name… probably not in the way you’re thinking.

When you have a www record pointed at your tunnel, it sends all traffic for www.domain.tld to the tunnel connector. At the end of that connection, either the machine running the tunnel needs to be running some sort of service to listen for the connection, or the tunnel connector (cloudflared) needs to be told how to direct that traffic through a local network.

I suppose it’s possible if you install a proxy server on the device with the tunnel connector, and configured the proxy server to fetch from another location. But with Cloudflare products only, I don’t believe so.