The behaviour detailed below works, but it is not present in the documentation
What steps have you taken to resolve the issue?
Hi,
We have recently created a Partial CNAME setup for one of our zones.
The documentation states that we need to create CNAME records pointing to {your-hostname}.cdn.cloudflare.net for every hostname you wish to proxy through Cloudflare. This works as intended.
We have many second level subdomains so in order to simplify our setup we tried using a wildcard and it worked while being undocumented.
Here is an example:
Domain for the partial zone: domain.com
DNS records in our authoritative DNS:
CNAME: test -> test.domain.com.cdn.cloudflare.net
CNAME: *.test -> domain.com.cdn.cloudflare.net
DNS records inside Cloudflare partial zone
A record: api.test -> <PUBLIC_IP>
A record: test -> <ANOTHER_PUBLIC_IP>
In our tests, api.test.domain.com resolves to the record corresponding to api.test inside Cloudflare.
Is this intended to work?
Is this safe to use second level wildcards in a Partial Setup while being undocumented ?
Thanks for your help!
What feature, service or problem is this related to?
DNS records
What are the steps to reproduce the issue?
Create a zone using Partial Setup for a domain
In the domain autoritative DNS, add the following CNAME record: *.test -> domain.extension.cdn.cloudflare.net
In the Cloudflare zone DNS, add an A record for api.test -> <PUBLIC_IP>
I’ve just typed a very long answer that disappeared when the site suddenly decided to to a refresh, so here’s the short version:
During DNS resolution, it only really matters that the name resolves to a Cloudflare IP address. So your CNAME target doesn’t have to be api.test.domain.com.cdn.cloudflare.net, but could probably be community.cloudflare.com.
Don’t actually do this, as it would cause a lot of other problems. Some settings need to be set at the DNS level. For example, enabling/disabling ECH would set specific https DNS records for domain.com.cdn.cloudflare.net.
Also, you would end up with a lot of TXT records etc for community.cloudflare.com that you don’t want on your domain.
As longs as these DNS level settings are the same for all your subdomains, it wouldn’t matter whether you set the “correct” CNAME record to api.test.domain.com.cdn.cloudflare.net or your “lazy” version with a wildcard to domain.com.cdn.cloudflare.net.
However, if there were different DNS records for domain.com.cdn.cloudflare.net and api.test.domain.com.cdn.cloudflare.net, your “lazy” solution would stop working.
You should also be aware that your way would lead to wrong results in the DNS analytics, as there would never be any queries for api.test.domain.com.cdn.cloudflare.net. Your DNS analytics would essentially become useless.