Hi,

I’ve got a deployment that uses Cloudflare DNS. I’m deploying web apps in Azure. During the deployment (which can involve the creation of multiple endpoints), we have some powershell which posts new A record dns entry for each new endpoint with a unique name to Cloudflare.

All these endpoints are supposed to be used by our www domain record via a CNAME. In order to do this, we then create a trafficmanager resource in Azure and add all the endpoints and their addresses to it.

We therefore, end up with this:

www.domain.com → CNAME: trafficmanager.net → endpoint1.domain.com, endpoint2.domain.com,endpoint3.domain.com

This all works as expected.

However, I’ve noticed that if we create endpoint A records with the Cloudflare proxy setting turned on, we get this error in the browser when we hit the main domain: www.domain.com

Error 1000 Ray ID: 47e2dcf472e6272c • 2018-11-23 10:13:25 UTC

DNS points to prohibited IP

The site doesn’t load. This means, we have to disable proxy for all the endpoint addresses. Why is this happening?

So at the moment, we are running our endpoints like this:

not like this:

Is this because I have both a Cloudflare CNAME at one level, and then multiple Cloudflare A records at another level?

Let me know if you’d like any further info re: the domain etc.

A Prohibited IP is usually either an IP address of a Cloudflare server, or an internal (private IP space) address.

Go ahead and post the hostname of one of the entries that’s a Prohibited IP if you’d like someone here to take a look.

thanks sdayman.

I think the last reply in this topic is the reason for the issue.

Let’s close the issue for now.

thanks

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.