Root DNS entries to avoid self-referencing loop for Cloudflare internal DNS

Our website was build by a design company that also hosts the site, and uses Floudflare. We currently manage our own DNS through a CPanel (hosted somewhere crappy) and it is set up like this:

example.com. 	600 	IN 	A 	184.168.190.116
www.example.com. 	600 	IN 	CNAME 	www.example.com.cdn.cloudflare.net
cloudflare-verify.example.com. 	3600 	IN 	TXT 	471998825-37828459

The functions we used the CPanel have all been migrated elsewhere, except DNS. It doesn’t make sense to keep paying for it just to host DNS. So we would like to move to a better DNS host, like Cloudflare.

Question: What are the DNS entries I need to make in my Cloudflare account so our site runs properly?

I have added the site to my Cloudflare account, added subdomains, noted the Name Servers Cloudflare has assigned, but I don’t know what DNS entries to put for the root domain.

When the “www” CNAME is attempted to be added as above, I get this error:

DNS Validation Error (Code: 1004) Invalid CNAME target. You aren’t allowed to use records with partial suffixes

Tracking this down in the Cloudflare Community, I find this explanation:

Invalid CNAME target. You aren’t allowed to use records with partial suffixes (Code: 9059)

  • A CNAME DNS record pointed to www.example.com.cdn.Cloudflare.net should only be created when you are using a third-party set of of name servers and you need to proxy through Cloudflare on a partial setup through a hosting provider, not on a full setup when you are using Cloudflare name servers.

  • This option was disabled as it creates a self-referencing loop for Cloudflare internal DNS and overloads it with a large number of requests from external resolvers.

This makes sense, but I don’t know what the solution is to avoid the self-referencing loop for Cloudflare internal DNS…

Thank you!

Doug

You are moving from a partial CNAME setup on one Cloudflare account controlled by your web design company, to a full setup on a different account controlled by yourself.

The easiest thing is to ask the web design company to give you the value of all the DNS records relevant to your domain, as well as any Cloudflare configuration in place for your domain. You will need to recreate all of these in your own account before changing the nameservers.

Unless your web design company are using Cloudflare SSL for SaaS, then they will no longer be able to manage the elements of Cloudflare that they are using for your website (unless you give them access to manage those features across your entire domain, or give them a tightly scoped API Token.) Depending one the complexity of the setup, this might not be an issue.

(Please resist the temptation to just let the web design company have complete ownership of your domain in Cloudflare. If the relationship ends badly, they might cut you off from your domain. If you control the account you can grant them access, but they cannot cut you off from your domain)

1 Like

Thank you for these details. This is helping me to understand now.

If the web design company is paying for Cloudflare features, and I am on the free plan, then would moving the full setup Cloudflare configuration to my account cause those features to go away? (this might be what you were explaining in your third paragraph)

And as long as I control the Name Servers with the registrar, they cant cut us off from the domain, right?

Thank you again.

Ultimately, yes. He who controls the registrar controls the universe. Whoever controls the nameservers can cause you headaches, and varying degrees of pain.

If the design company is paying for a Cloudflare plan then it is probably a pass through charge to you (management fees added perhaps), so you would probably know if a paid plan was in place. Plans are almost always per domain, not per account.

Yes, moving a domain from one account to another will not preserve any settings or paid subscriptions. You will have to move them. If you are still working with the web design firm, and depending on how much you want them to manage etc. you could give them admin access to your account, tell them what you are doing, and ask them to move the settings.

1 Like

Thank you, greatly, @michael!

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.