Website hosted behind vendor CF Account

Background:
DNS Zone hosted outside CF, DNS resolved via CNAME record to a root site hosted by 3rd party vendor.

Issue:
I’m in process of moving external DNS Zone for our root domain behind ClouldFlare however we have discovered that the vendor we use for hosting our current www.domain.com site is hosting it already behind Cloudflare. They didn’t register our domain so we are able to add under our CF Account, however because we are using CNAME record to redirect traffic to their CF tenant we are running into issue. We are getting 1016 error and not sure how to fix it. I believe because the CNAME domain is hosted already on CF there shouldn’t be an issue however that is not what the vendor is telling us. They seem to think that you can’t have double CF for traffic flow.

ticket number 2414685 @MoreHelp

The issue is that the CNAME record does resolve to IP… but the CNAME point to an record that is hosted under vendor Cloudflare account… do I need to create A record for the vendor server ip essencially bypassing their Cloudflare intance?

What is the domain?

RECORD:

www CNAME www.kichler.com.dxcloud.episerver.net

Currently DNS hosted by external DNS… we are in Pending state under CF because as soon i transfer it breaks it…

Loads fine for me!

What do you see when you try to load it?

It loads fine now because we removed it from CF zone… and we reverted back to external DNS hosts… but as soon I transfer it back it get 1016 error… even though CNAME record exists… We talked with the vendor who is hosting it and they are using CFlare as the WAF… so now it seems like its behind 2 WAF’s… even though we were doing DNS Proxy Bypass… right now the traffic clows like the diagram below

what we end up when we move external DNS to CF DNS Zone …

Hi @PeterG,

Are you still having this issue?

I’m not getting answers from CF support… they keep refering me to 1016 guide yet no one is explaining if the setup that we trying to achieve does work… Does our vendor need to create bypass on their CF WAF and give us server ip’s directly in order for our zone to work?

I’m wondering how their Cloudflare setup works, it does not seem to be a standard Cloudflare SaaS setup but some kind of CNAME setup.

I think they are right that this will not work, layering proxy levels does not work except in very specific circumstances.

1 Like

but you would think that if vendor sites are already inside CF network the simple CNAME setup as DNS Only instead full CF Proxy would work because in this essence our CF zone acts like DNS server…

Some might say… why don’t you just have the vendor to host your whole zone… well the price is one and controll is other. They are only hosting 1 site for us… and we have multiple others that we don’t want them to host therefore we need the zone record to be under out tenant.

That’s not how it works, if your proxied DNS points to a proxied CNAME then that usually gives a 1014, but I guess may give a 1016 if something is more broken.

Can you not just set that one record to :grey: as it already has their Cloudflare setup and manage the rest of your sites through your account?

we tried… and only option seems to be is to bypass vendor CF totally and user our account to point to their servers using “A” record. Whcih we are fine doing it but requires little more legal paperwork change.

Our attemps to migrate dns zone from external DNS to our CF account and just pointing that single CNAME record to vendor CF failed with the errors described above, it seems we have to convert that into A record and bypass their CF totally.

That shouldn’t be the case unless their setup is not done properly.

So if you move the DNS to Cloudflare and create an unproxied CNAME pointing to the same place it currently points then it stops working?

If that’s the case then I’d recommend asking the vendor about this and they may want to contact Cloudflare Support directly to see what is wrong with their setup.

1 Like

Yep… exactly… that is what is happening… same record just moved into CF DNS with unproxied CNAME fails, but works fine when DNS is hosted outside CF.

I’ve tried our CF account support to give us a call but they are only refering me to error guide… Its like pulling teeth…

I imagine this will be a problem on the vendor’s side so I’d recommend talking to them and see if they can reach out to support as they may have more luck. If you have a good relationship with them, they may be able to cc you on the ticket so you can discuss this and try and figure out the issue with support.

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.