Community Tip - Best Practices For CNAME setup / Partial setup

Requirement
Follow these suggestions in this Community Tip for best practices for a Cloudflare CNAME setup / partial setup to enable Cloudflare with external DNS.

Background
In the event that you are simply not able to change your name servers due to organization policy or local DNS limitations, we support a CNAME setup. CNAME setup / partial setup is a manual process available to paid Cloudflare plans only at the Business or Enterprise level. With CNAME setup, authoritative DNS remains elsewhere, and one or more subdomains are delegated to use Cloudflare using CNAME DNS record(s). You do not need to use this if you’ve already changed nameservers to Cloudflare and want us to be your authoritative DNS provider. Remember, a CNAME setup is for Business and Enterprise plans only and shouldn’t be confused with setting up a CNAME record.

Do This

  1. Do not change your name servers.

  2. After creating a Cloudlare account and verifying your DNS records, submit a ticket with the domain you would like to set up via CNAME. Please include the line “CNAME setup domain: example.com” for faster review.

  3. If you are on the Business or Enterprise level of service with a CNAME setup, you will need to add three CNAME records at your authoritative DNS provider to authenticate the SSL certificates for your domain. You can retrieve these CNAME records by contacting Cloudflare Support or you can use the Cloudflare API to query for them. As of March 17, 2021, customers with Biz and Ent zones can convert them to a partial setup directly from the dashboard.

  • Previously, if you wanted to use Cloudflare without using our DNS, you had to contact Support to convert the zones from Full (using Authoritative DNS) to Partial (No DNS). Now, you can make the conversion without contacting Support.

  • From the overview tab of the dashboard, customers with Biz/Ent zones can click “Convert to Partial DNS Setup” to go through guided instructions on how to set up your zone.

unnamed

  1. Note DDOS protection for attacks against DNS infrastructure is only available for the delegated records. Cloudflare’s security and acceleration benefits are only available on delegated subdomains, such as www.example.com. The root domain, such as example.com, cannot be protected or accelerated via Cloudflare. This is due to DNS RFCs.

Lite Reading
Help Center

Community Tutorial

Background Resources
Help Center
YouTube

Research The Issue
Community
Google

If You Need More Help
This community of other Cloudflare users may be able to assist you, login to Cloudflare and post your question to the Community. When you post on the Community make sure to include as much of this information as possible: the specific error message you are seeing, the URLs this is happening on, screen shot of the error, and the steps to reproduce the error. Please indicate what troubleshooting steps you’ve tried in order to help us help you.

Expert Comments Appreciated
This Community Tip will remain open for input from Community experts and those familiar with this issue. We really appreciate comments that start with words like: “The three things I always try”, or “Do this first” or “In my experience”.

This is a Cloudflare Community Tip, to review other tips click here.

Çevirme…traduzir…翻译…traducir…Traduire…Übersetzen…:greyg: Translate this Tip

BPCNCT 102219

1 Like