Proxying wildcard DNS records using load balancer

Hi there,
I recently tested out cloudflare load balancer and found that I can proxy wildcard DNS records through cloudflare without having to subscribe for the enterprise plan. I would like to know whether it is intended to work like that since we are paying for DNS queries in load balancer or is it just a bug. Currently I’m creating DNS records using the API and I want know if I can avoid that using a single record and load balancer

For anyone looking for this, You can also proxy wildcard dns records using SSL for SaaS. Which is now free and you don’t have to even pay for load balancer to proxy wildcard DNS record.

@codebreaker, can you explain how you set this up? i can add custom hostnames but still can’t get wildcard subdomains to work with a worker.

You need to go to SSL> custom hostname and setup an origin (eg: → Then you need to add your hostname (eg: and enable wildcard option so that all requests to * will also proxy through cf. You don’t need to add a dns record if the custom hostname root is the same domain you setup “ssl for custom hostname”.

Then you need to add a worker route . (eg: “” or “*” if you want to intercept all the requests")

Are you sure you got this working without a load balancer? I finally managed to get it to work, but with a load balancer… didn’t seem like it’s possible without, unless i’m missing something (steps documented here: Discord)

Yes I have a load balancer running on * . I issued wildcard SSL cert for * and it proxies through cloudflare. But when I tried with LB disabled after your reply and all the wildcard routes fails even though only first level wildcard subdomain is specified in load balancer :upside_down_face:. So I guess you need to enable load balancer for first level subdomain for this method to work. I don’t know the logic behind it. but that works

You can still proxy your wildcard traffic through cloudflare without LB using 2 accounts by pointing one account to fallback origin of another account. You need to disable proxy in the account you want wildcard subdomain and point both and * to and setup worker and control your cloudflare traffic through the second account

1 Like

Wow, how did you ever figure that out? Thanks for the pointers, @codebreaker, I’m going to give the multi-account approach a try too.

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.