Cloudflare with External Nameserver (No not CNAME SETUP)


#1

Hi,

I’m working for an organization in Sweden, and we have our own nameservers - which we want to keep. At the same time we would like to use Cloudflare to mitigate DOS-attacks and such. Is it in any way possible to setup our root domain SecretDomainName.se with CloudFlare without using their name servers? CNAME Setup seem to, as I understand it, only work with subdomains.

Sincerely,
Matt


#2

Hi Matt,

There are a few options, but both require the higher tier Cloudflare plans.

Business and Enterprise customers have the option of Vanity Nameservers, which are the fully Cloudflare hosted nameservers, just with a different name.

Cloudflare also offers DNS Firewall as a standalone product which allows us to act as a proxy for your current nameservers.


#3

Nope, I use a CNAME on my root (@).


#4

Sorry, I think I wasn’t clear enough.

I’m asking for a solution to use cloudflare without changing to cloudflare’s nameservers. We have our own local Nameservers, on our own servers. What I’m wondering, is if there is any solution where we can use cloudflare but keep our own nameservers? Or if there is any solution similar to “CNAME Setup” but usable with the root domain.
Thanks,
Matt


#5

Vi är killarna som kan!

A few options:

  • You can ANAME the root if your DNS software supports it.
  • You can create an A record which points to the same IP as your non root hostnames resolve to.[1]
  • You can perform a 301 redirect from root to www (or whatever) from something other than your true origin server (e.g. an S3 bucket).

However as Sergi points out that doesn’t protect your DNS servers from DDoS attack so you’re still potentially at risk.

[1] IP address can change so you need to monitor and change the A record if that happens.


#6

A CNAME at the root is technically not RFC compliant and can cause problems with mail delivery (among other things). Cloudflare does CNAME flattening at the root returning an IP address instead of the CNAME target) to allow for this and a few other providers do something similar.

ANAME is a newer DNS record type which basically does the same thing as CNAME flattening.

Most DNS software won’t let you create a CNAME at the root unless it also supports flattenign in some manner.


#7

This topic was automatically closed after 14 days. New replies are no longer allowed.