Hi, I need to implement a dynamic DNS server to resolved virtual host names within my domain.
How can I create a Cloudflare DNS entry that will forward to my Dynamic DNS any host names in my domain that are not recognized by Cloudflare?
For example: 12345.mydomain.com needs to be forwarded to a DNS server that is hosted externally.
Background: I created an NS record pointing to my external dynamic DNS server in Cloudflare, but the requests are never forwarded to that server
Use a wildcard DNS record and point it at your DDNS hostname…
Note that this will direct all non-matching subdomain requests of which there may be a large number from internet scanning bots.
Thank you, still not working as required.
I need to open an HTTPS connection to 12334.host.mydomain.com. I have tried the wildcard A record as well as using CNAME with a subdomain.
I’m a bit lost…
That format is likely a second level subdomain which won’t be covered by the Cloudflare Universal SSL certificate (which will only cover example.com and *.example.com). If you want a Cloudflare SSL certificate for second-level subdomains or higher, you will need to use an Advanced Certificate.
You would need a wilcard entry for *.host for a wildcard second-level domain to resolve.
Thanks sjr, I do have a wildcard certificate for my domain, so I don’t need the Universal SSL certificate.
It does not seem possible to achieve what I’m looking for without switching to Enterprise plan.
Any ideas?
If you are using Cloudflare for DNS only, and the entries are not proxied, then you can set up DNS entries as you need. If you can explain more clearly using the real domain and subdomain names it may be easier to advise.
Since I can’t set Cloudflare to forward every single unrecognized request to my custom DNS server (for some reason, an A record of name * does not forward all requests and neither does a CNAME of type *.host), then the only option is to create a child, of type childname.domain.com in the hopes that a request like 12345.childname.domain.com gets forwarded to my custom DNS server.
The problem is that I don’t know how to set that up in CF
DNS requests aren’t forwarded. When a subdomain is delegated to another nameserver the DNS resolver of the client is told to seek an authoritative answer from that DNS server.
What was the value of the NS server that you created for name and nameserver values?
How have you determined that to be the case?
What I created is an CNAME entry with name *.pax and IPV4 Address of NS1.paymentcollect.com where NS1 is an A DNS record with my own DNS server.
How I know that the requests are not forwarded is because I wrote my DNS software and it displays the requests on the screen.
I can verify they are not redirected to my server by using the following command:
nslookup 0820643337.pax.domain.com
DNS delegation is done using NS records.
Try using nslookup to query for the NS for that record once you have created an NS record to delegate it to the DNS server that you wrote.
yeah, I used nslookup pointing to Cloudflare as well as to my server. Nothing gets forwarded from Cloudflare
Can you show a screenshot of your DNS records and give the domain name and delegated subdomains?
Did you replace your wilcard CNAME record with a wildcard NS record? Or simply create an NS record for pax if you’re having that server be responsible for all entries in the pax.domain.com zone?
If so what is the answer returned for random.pax.domain.com for a query of type NS in nslookup?
I have a CNAME record
CNAME
*.pax
ns.domain.com
No Proxy
I have an A wildcard record pointing to my server
I also have an NS record pointing to my server
This is what I get:
>nslookup 0820643337.pax.domain.com
Server: dns.google
Address: 8.8.8.8
Name: 0820643337.pax.domain.com
Address: 50.1xx.1xx.122
But that's the address of my remote server. The DNS on that server does not report the request
A CNAME nor an A record are not the correct record type(s) for delegating a nameserver. An NS record is required. If you have a CNAME record for a *.pax.domain.com and an NS record for *.pax.domain.com that is not correct. You can’t have both. Same with an A record. You just need an NS record for either *.pax.domain.com or more likely for pax.domain.com pointing to the DNS server you wish to delegate authority to.
You also need to be querying for the correct record type. You need to specify NS as the query type once you have removed the wildcard A and CNAME records for the same label.
Thank you, let me give that a try
Philip
Could you please help me configure that entry?
Type: NS
Name: pax
Nameserver: ns1.domain.com
Where I have an A record with the IP address for ns1
Does this look correct?
Yes that would appear to be correct. The A record for ns1.domain.com needs to continue to exist. You need to create a new record of type NS with a name of pax and the nameserver specified as ns1.domain.com. And then your other DNS server needs to needs to be authoritative for the pax.domain.com zone.
Thank you!
It’s working… I’m so glad you helped me.