I recently started using Cloudflare Pages for the first time. My goal is to ultimately use it to serve my domain’s MTA-STS txt file, and potentially other things if that goes well. (Yes, I am aware that DANE is better but currently MTA-STS is all I can do.)
I started testing it with a domain I keep at Cloudflare Registrar. I added a custom domain in the form of a subdomain. The CNAME record that Cloudflare automatically added was orange-clouded, which caused the custom domain verification to fail until I went in and manually grey-clouded it. That seems like a rather odd choice by Cloudflare, but at least it’s an easy fix.
Anyway, I would ideally like to serve my MTA-STS file from a domain with DNSSEC. My domain does have DNSSEC enabled, but since I have to create a non-proxied CNAME record to pages(.)dev – and pages(.)dev is not DNSSEC enabled – my MTA-STS file is technically not being served from a domain with DNSSEC. For example, when I run the ‘dig’ command for my Pages subdomain, the ‘ad’ flag is not present because pages(.)dev is unsigned.
Is there any way to use Cloudflare pages without the non-proxied CNAME record to pages(.)dev, or perhaps an alternate Cloudflare Pages domain that is DNSSEC enabled? I am still very new to Pages and I suck at web development so… I may be missing something very obvious here.
Thank you for your time.