What is best practices regarding using a Cloudflare DNS record with a load balancer ip?
Keeping end to end HTTPS in mind, should I create an additional A record pointing at the load balancer ip with an SSL cert? And then point a Cloudflare CNAME record at that A record? The issue I find with that is it leaves you open to DDOS attacks at the A record, is the solution just to whitelist Cloudflare IPs only?
Or is it better to point a Cloudflare DNS record directly at the IP address? Will the Origin CA cert still work without a hostname for the loadbalancer?
I have not been able to find the answers to these questions in the docs, but if I have overlooked something please let me know. Thank you!