DNS Zone hosted outside CF, DNS resolved via CNAME record to a root site hosted by 3rd party vendor.
I’m in process of moving external DNS Zone for our root domain behind ClouldFlare however we have discovered that the vendor we use for hosting our current www.domain.com site is hosting it already behind Cloudflare. They didn’t register our domain so we are able to add under our CF Account, however because we are using CNAME record to redirect traffic to their CF tenant we are running into issue. We are getting 1016 error and not sure how to fix it. I believe because the CNAME domain is hosted already on CF there shouldn’t be an issue however that is not what the vendor is telling us. They seem to think that you can’t have double CF for traffic flow.
The issue is that the CNAME record does resolve to IP… but the CNAME point to an record that is hosted under vendor Cloudflare account… do I need to create A record for the vendor server ip essencially bypassing their Cloudflare intance?
It loads fine now because we removed it from CF zone… and we reverted back to external DNS hosts… but as soon I transfer it back it get 1016 error… even though CNAME record exists… We talked with the vendor who is hosting it and they are using CFlare as the WAF… so now it seems like its behind 2 WAF’s… even though we were doing DNS Proxy Bypass… right now the traffic clows like the diagram below
I’m not getting answers from CF support… they keep refering me to 1016 guide yet no one is explaining if the setup that we trying to achieve does work… Does our vendor need to create bypass on their CF WAF and give us server ip’s directly in order for our zone to work?
but you would think that if vendor sites are already inside CF network the simple CNAME setup as DNS Only instead full CF Proxy would work because in this essence our CF zone acts like DNS server…
Some might say… why don’t you just have the vendor to host your whole zone… well the price is one and controll is other. They are only hosting 1 site for us… and we have multiple others that we don’t want them to host therefore we need the zone record to be under out tenant.
we tried… and only option seems to be is to bypass vendor CF totally and user our account to point to their servers using “A” record. Whcih we are fine doing it but requires little more legal paperwork change.
Our attemps to migrate dns zone from external DNS to our CF account and just pointing that single CNAME record to vendor CF failed with the errors described above, it seems we have to convert that into A record and bypass their CF totally.
I imagine this will be a problem on the vendor’s side so I’d recommend talking to them and see if they can reach out to support as they may have more luck. If you have a good relationship with them, they may be able to cc you on the ticket so you can discuss this and try and figure out the issue with support.