What is the difference between "Proxied" and "DNS Only"?

When you add a new DNS record, it’s automatically set to “Proxied” but can be changed to “DNS Only”.
I know there were various questions about it but I just like to know question - what is the difference between them? What are the upsides and downsides to using either of them?

Alternatively, is there any article about it (I couldn’t find one)?

The DNS proxied means it will be shown a Cloudflare IP if you look it up. Thus all attacks at that domain will DDoS Cloudflare and not you host directly.
Non proxied means all traffic goes directly to your own IP without Cloudflare being a safety net in front.
The upside of proxied is that you will enjoy the Coudflare benefits but you can not make a direct connection to your IP, which means any custom ports wont work.
Non proxied has the advantage of being able to use custom ports to connect as it will connect to your IP directly.

Taken from here

For DNS records proxied to Cloudflare, Cloudflare’s IP addresses are returned in DNS queries instead of your original server IP address. This allows Cloudflare to optimize, cache, and protect all requests for your website.

1 Like

to make it simple: unless you know what you are doing always use proxied

3 Likes

You see, the servers behind those IPs already use CDN/caching, so they claim Cloudflare overall creates a “double CDN/caching”.
If they’re correct, then I figured “DNS Only” should fix this.

Is there a way to keep “Proxied” but disable caching for certain DNS entries?

Cloudflare does not proxy third-party domains, only your domain. So:

If example.com is proxied by Cloudflare and has a page pointing to images in a third-party CDN, the request to these images will not be proxied by, and these images will not be cached by, Cloudflare.

If I use domain.com and add a CNAME of foo (i.e. foo.domain.com) pointing to foo.bar.com, are you saying there’s no difference between “Proxied” and “DNS Only”?

You can try the “No cache” option in Cloudflare while still having the proxy available. You can also only do that on certain subdomains with page rules if you do want some caching form CF

I see no “No cache” option in https://dash.cloudflare.com/.../caching
I basically want caching on all but external subdomains.

I’m not sure what you mean with “External subdomains” do you mean external content that gets loaded on a page load?

As explained here CF will only cache content from your own pages, so external content won’t be cached at anypoint.

No there is indeed no toggle for caching or not, you can achieve this with page rules. Here a good link to explain the default CF cache levels

Hi,
I have a question. If I use proxied what source IP address I will get in my website?
I checked and I get a random address and the the true IP address of the client.
Is there a way to get the true IP or will I allways get the same IP for the same source?

Thanks

1 Like

The source IP will be a Cloudflare IP address, the actual users IP address is available in the CF-Connecting-IP header. You can restore the real IP in your logs using a few methods including https://support.cloudflare.com/hc/en-us/articles/360029696071

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.