DNS only CNAME pointing to proxied A record returns CF proxy IPv6 addresses

Hello, I have been using this setup for a good while now, but recently it stopped working. It is configured as follows:
- An A record for my root domain (proxied).
- A CNAME record for a subdomain that points to my root domain (DNS only).

When I do an nslookup for my subdomain, it returns 3 addresses:
- Two IPv6 addresses of CF proxies.
- The unproxied IPv4 address of my server.

The problem now is that some of my services (non-HTTP(S)) try to connect to the CF proxy addresses (which fails). I don’t really understand how this suddenly started being a problem, as I had not touched my DNS settings in months prior to this.

Setting the A record for the root domain to DNS only fixes it. Setting up an AAAA record for my root domain (proxied) also fixes it. The first fix I’m not a fan of because I then lose the benefits of proxying. The second solution I’m not a fan of because I then have to extend my DDNS setup.
Honestly, I would just expect that the AAAA record lookup for the DNS only subdomain would return nothing instead of the CF proxy addresses.

So is this intended behavior, or is something wrong?


1 Like

Hi @glenn.decooman,

Thanks for the report and the clear steps. I have managed to reproduce this and sent it through to Support urgently as it does indeed look broken.



Sorry for the very delayed follow-up, this is likely related to the incident here:


Alright, thanks for the help!

1 Like

Many thanks for reporting this bug so clearly and setting the wheels in motion for a fix! Such a basic DNS fucntionality bug like this broke a lot of stuff and wasted a lot of peoples’ time (like mine).

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.