Cross-Domain Restriction Issue with Cloudflare Nameservers
We’re experiencing some issues related to the CF cross-domain restriction between two domains with Cloudflare Nameservers. Here’s a brief outline of our setup and the problem:
Current Setup
We have two independent Cloudflare company accounts and “sites”. The first account and site belongs to Company A. Company A’s key domain points to both its own Website and also its customer websites to Company A’s CNAME record, as their websites are hosted by Company A on a platform that points from Company A’s Cloudflare site to external servers. Therefore, we’re hiding Company A’s IP address for security reasons by requiring and mandating only CNAME records can be used by our customers.
Company B, a customer of Company A, has a CF account for its DNS records using CF nameservers and a site domain. Company B’s domain is hosted with Godaddy (though this is irrelevant to the issue at hand).
Problem
We’re unable to point Company B’s domain root record either A or use a CNAME to flatten in order to redirect its root domain record to its www subdomain, because we get the following error:
Error 1014
CNAME Cross-User Banned
Based on some documentation we’ve read, we think we need the cross-domain “restriction” lifted by Cloudflare. This is not something Company B can request on their Free account, nor configure in their account. However, the account Company B is pointing its www subdomain record to successfully (but not its root domain) is to Company A’s site using a CNAME record and who does have a Business Cloudflare account.
Questions
Assuming the restriction can be lifted and will solve the problem, is it Company A or Company B that needs to request the cross-domain restriction to be lifted? And how do we do this?
What is the process for lifting this restriction for each additional customer’s root domain record for their websites?
We would ideally like the restriction lifted from the Business Primary account so that any customer can host their domain with Cloudflare and get CNAME flattening for their root domain and it will work with their www subdomain pointing to our environment via our CF nameservers.
We believe this answer is needed from CF direct. We appreciate your assistance.
We have that (Cloudflare for SaaS subscription) for Company A, but we don’t have it for Company B’s (the Customer). Which Company / account is required to have the Cloudflare for SaaS subscription? and is there some setting that needs turning on to prevent the cross-domain restriction, if so where/what is it?
We’ve managed to resolve the issue for Company A (which only has a Business Plan, not an Enterprise plan), and Company B (which doesn’t require more than a Free Plan). We accomplished this without needing an Enterprise plan, Apex domain, or extensive modifications. Here are the key steps we took:
Root Domain Configuration: For Company B, we set the root domain’s @ record to be a CNAME record pointing to its subdomain (Example: www.domainname.co.uk). It’s important to note that the proxy status feature was kept turned off.
Avoiding Double Proxy: To prevent a double proxy situation (since both Company A’s and Company B’s records are managed by Cloudflare), we ensured that the proxy status was also turned off for the subdomain’s CNAME record for the www.
SSL Certificate Setup: To make the root domain operational for Company B, we configured Company B’s root hostname in Company A’s Cloudflare account and added an SSL certificate. This step was successful, and we didn’t need an Enterprise plan or Apex domain.
Stay tuned for further updates and confirmation on this issue resolution within a couple of days.
I would favor redirecting the apex to the www hostname and keeping it out of the Cloudflare for SaaS account altogether, but I’m glad you were able to identify conditions that made it work for you. Thanks for returning to share what worked.