No SRV TLS option

We are trying to add Office365 SRV records as as can be seen in the below screen shot there is no option to add the TLS protocol.

how do we get around this?

1 Like

Cloudflare have recently broken their DNS management page for some reason. We cannot add any SRV record ‘protocol’ other than TCP or UDP. This makes Office365 setup impossible to complete, as it requires TLS. I have posted bug notices through the link on the DNS page.

Please can you all post bug notices so we get some movement on this? It’s totally incredible that they have left us in this state, with no option to switch back to the old interface to restore functionality.

You can import the values using BIND

Same here. Good ol’ Cloudflare.

I exported the record as a ‘tcp or udp’ then changed the text to ‘tls’ and re-uploaded. Seems to work fine.

You’d think Cloudflare would fix something like the pretty quickly.


Same here, tryin to create a _tls to work with outlook 365, but had to export a _TCP, change it and re-import as a txt.

Please bring that function back in the gui.

Help us guys.

Eesh. Still not resolved.

I can confim that the workaround outlined above to export the DNS zone file, edit and reimport does work. The importer throws an error about an invalid DNS record type, but this can be ignored since the record is correctly created in the background. The old incorrect TCP record also remains, and can be deleted from the GUI after import.

This workaround worked for me too, but it’s just not good enough. Is there no regression testing?!

Same here. Please fix this!

I’m having the same problem. I need tls protocol for Office 365. The workarounds that people are suggesting are over my head. Is there some fix coming soon? Is there some other option?

Hello Jamie,
All you need to do for their fix is create the record as a _tcp one then download it and edit _tcp to _tls and import it.

You are able to script the changing as well using Cloudflare’s API.

1 Like

Sorry for the issues, this has been escalated with our engineering team. When we changed to our new DNS dashboard the _tls protocol option was removed from the SRV record options. We’re checking with the DNS team to verify why & next steps. Will update this post with details as I have them.


Hi, thank you for responding. This is nuts. It is required by Microsoft Office 365. What would make the DNS team think it wasn’t required?

This technique worked for me. It took me a couple days to figure out that it worked because someone had to teach me the proper way to check SRV propagation.

Thank you for the help.

Sorry, but not sure this technique works 16 Sep!

Exported record of _sip as tcp, changed it to tls and is says uploaded, but the import says record invalid and the entry seems blank?

How do I check the workaround has worked? Cloudflare, come on now - this has been 10 days… either revert to the old interface or pull a finger out!

Yeah, it still works … but your right, it’s a pain.

You can easily check to see if you got it right by simply re-exporting the current DNS setting to another test file, and open it to see if your changes ‘stuck’.
(And yes, the protocol field is empty in CloudFlare menu, but Bind sees it.)

I just had to do it for Office 365.
The only weirdness was that I got an extra of each of the two SRV records that needed to be deleted.
Otherwise, it’s just fine. Be careful to delete the correct one(s).

Would be a lot more ‘fine’ if it just worked, though…

I’ve done a fair bit of searching. All the guides on MS, here, etc., show configuring an SRV record on CF and being able to select TLS for the protocol.

I only have the options of TCP and UDP available?

I’ve tried TCP and that doesn’t work (I was hoping that with the 443 port it would change to TLS).

Am I missing something or has CF changed their options? In which case, how can I setup my Office365 SRV DNS record that needs TLS?

Hi Team,

We are trying to add Office365 SRV records as _sip._tls.xxxxxxxxx. 3600 IN SRV 100 1 443

There is no option to add the tls as protocol, did try to add TCP export and edited to tls and import but fails.

Any answers in highly appreciated.


Any updates on a fix for this?