I currently have a couple of subdomains to my domain, managed by Bluehost.
If I follow the Cloudflare instructions, and point my nameservers away from Bluehost to Cloudflare, how does Cloudflare “know” how to handle this properly?
At the most basic level, the How It Works says that Cloudflare passes requests on to my original website’s IP - how does it know that IP?
And what if the subdomain that the request came on is a redirect (CNAME) handled by Bluehost?
Same answer for all of your questions: Cloudflare doesn’t know. You should tell it via NS records from your panel. If you are migrating to Cloudflare for bandwidth and caching benefits, you don’t need to changes the server IPs, otherwise if your concern is DDoS, you need to change IPs and just white-list Cloudflare's edge servers via firewall.
You don’t need much to know at this step. Just learn how to add your domain and sub-domains. But knowing how CF works and where it is standing will save a lot of your time.
You set CF as your DNS server so any request to your website should be translated by CF. This is where CF need to know how to map subdomain1.yourdomain.com into an IP address. You may have a different server to handle that subdomain. If so, add a A RECORD and point the subdoamin to your server IP. If subdoamin is handled by the same machine which handles main domain, then you will better to define an alias (if you add an A record still everything works but if later you need to change the IP of main server you have to change any other records depend on that), which in terms of DNS is called a CNAME record.
Actually CF does more than that by sitting between your servers and the clients. It acts like a smart proxy and for example protects you against DDoS attacks or save your bandwidth by serving the clients from its cache whenever possible.
I’m on the “DNS query results for…” pages of the Cloudflare initial setup. Cloudflare found some but not all ANAMEs and CNAMEs from my domain.
Is it safe to say that every ANAME and CNAME in my current domain configuration needs to be reproduced in the Cloudflare DNS setup before proceeding to change nameservers?