No SRV TLS option

We are trying to add Office365 SRV records as as can be seen in the below screen shot there is no option to add the TLS protocol.

how do we get around this?

1 Like

Cloudflare have recently broken their DNS management page for some reason. We cannot add any SRV record ‘protocol’ other than TCP or UDP. This makes Office365 setup impossible to complete, as it requires TLS. I have posted bug notices through the link on the DNS page.

Please can you all post bug notices so we get some movement on this? It’s totally incredible that they have left us in this state, with no option to switch back to the old interface to restore functionality.

You can import the values using BIND

Same here. Good ol’ Cloudflare.

I exported the record as a ‘tcp or udp’ then changed the text to ‘tls’ and re-uploaded. Seems to work fine.

You’d think Cloudflare would fix something like the pretty quickly.


Same here, tryin to create a _tls to work with outlook 365, but had to export a _TCP, change it and re-import as a txt.

Please bring that function back in the gui.

Help us guys.

This post was flagged by the community and is temporarily hidden.

Eesh. Still not resolved.

I can confim that the workaround outlined above to export the DNS zone file, edit and reimport does work. The importer throws an error about an invalid DNS record type, but this can be ignored since the record is correctly created in the background. The old incorrect TCP record also remains, and can be deleted from the GUI after import.

This workaround worked for me too, but it’s just not good enough. Is there no regression testing?!

Same here. Please fix this!

I’m having the same problem. I need tls protocol for Office 365. The workarounds that people are suggesting are over my head. Is there some fix coming soon? Is there some other option?

Hello Jamie,
All you need to do for their fix is create the record as a _tcp one then download it and edit _tcp to _tls and import it.

You are able to script the changing as well using Cloudflare’s API.

1 Like

Sorry for the issues, this has been escalated with our engineering team. When we changed to our new DNS dashboard the _tls protocol option was removed from the SRV record options. We’re checking with the DNS team to verify why & next steps. Will update this post with details as I have them.


Hi, thank you for responding. This is nuts. It is required by Microsoft Office 365. What would make the DNS team think it wasn’t required?

This technique worked for me. It took me a couple days to figure out that it worked because someone had to teach me the proper way to check SRV propagation.

Thank you for the help.

Sorry, but not sure this technique works 16 Sep!

Exported record of _sip as tcp, changed it to tls and is says uploaded, but the import says record invalid and the entry seems blank?

How do I check the workaround has worked? Cloudflare, come on now - this has been 10 days… either revert to the old interface or pull a finger out!

Yeah, it still works … but your right, it’s a pain.

You can easily check to see if you got it right by simply re-exporting the current DNS setting to another test file, and open it to see if your changes ‘stuck’.
(And yes, the protocol field is empty in CloudFlare menu, but Bind sees it.)

I just had to do it for Office 365.
The only weirdness was that I got an extra of each of the two SRV records that needed to be deleted.
Otherwise, it’s just fine. Be careful to delete the correct one(s).

Would be a lot more ‘fine’ if it just worked, though…