CNAME Website changes

We are planning on changing our NameServers to point to Cloudflare tomorrow.

Currently we have a web based security product protecting our website and we want this to be replaced with cloudflare.

Our CNAME records www point to this product.

What do i need to do to our DNS to ensure zero downtime and maintain our security?

I’ve setup the security policies already as best i can before the NameServer change so this is purely a DNS question.

Make sure that your DNS records here perfectly match your existing records. When adding a site, Cloudflare will give you an opportunity to make any changes.

I suggest you leave any critical DNS entries set to :grey: DNS Only.

If a CNAME record is :orange: Proxied, it essentially becomes an “A” record for the public. Behind the scenes, it will still resolve to the target. But some systems are using the Public lookup to confirm the CNAME record. Naturally, this will fail, as the target will no longer be publicly advertised.

1 Like

Thanks everything in DNS does look like it matches perfectly. But the whole point of moving to cloudflare is so we can protect our website.

My question is how do I point Cloudflare to our website rather than the existing security product which is going offline at the weekend. Is it just a matter of editing those CNAMES to our website? Will it automatically be protected?

Ah, now I see. It sounds like what you have is:

  1. A CNAME for ‘www’ that points to a security product. Their behind-the-scenes points to your origin server.
  2. An ‘example.com’ DNS record that points…somewhere. Maybe a redirect to ‘www’.

What you want to end up with is:

  1. A :orange: Proxied/Protected record for ‘www’ that points to your origin server.
  2. An ‘example.com’ DNS record that redirects to ‘www’

As you can see, you’ll need to replace the CNAME with an “A” record. And then this tutorial for the redirect:

I think that has answered my question perfectly and what i was expecting but wasn’t 100% sure. Thank you so much. I’ll read through that document and make those changes.

1 Like

I forgot my destination Step 1 should have specified that it would usually be a :orange: Proxied “A” record with the IP address of your origin server.

none of my DNS records say protected at the moment but those i added as advised say “proxied”

i wonder if they become protected after the NameServer changes?

They become protected after Cloudflare DNS kicks in, and they resolve to Cloudflare proxy IP addresses instead of your origin IP address. You can verify this at DNSChecker.org