Why: CNAME Cross-User Banned

So Yesterday one of the sub domains on my account started getting a " CNAME Cross-User Banned CNAME Cross-User Banned" error out of the blue… been running fine up til now and suddenly BAM.

So this keeps my clients from being able to access important materials, so it is imperative I get this resolved.

I was told to Bypass proxie and set it to DNS only,. which I did

See image!

Error Im getting:

Error 1014

Ray ID: 61423f6dd23627e8 • 2021-01-19 17:24:10 UTC

CNAME Cross-User Banned

What happened?

You’ve requested a page on a website that is part of the Cloudflare network. The host is configured as a CNAME across accounts on Cloudflare, which is prohibited by security policy.

What can I do?

If you are interested in learning more about Cloudflare, please visit our website.

Cloudflare Ray ID: 61423f6dd23627e8 • Your IP: 166.70.69.207 • Performance & security by Cloudflare

Link to see error live: https://sites.photoslc.com/1994-Terrace-Ct

This error happens when you attempt to CNAME to a Cloudflare proxied site. What likely happened here is:

  • Your customer was already using Cloudflare, but their record was grey-clouded, and they changed to proxied/orange-clouded
  • Your customer started using Cloudflare
  • Your customer’s CNAME points to another Cloudflare proxied domain.

This is a well known, and expected error, and the solution and cause are discussed in the article below:

Error 1014: CNAME Cross-User Banned

Common cause

By default, Cloudflare prohibits a DNS CNAME record between domains in different Cloudflare accounts. CNAME records are permitted within a domain ( www.example.com CNAME to api.example.com ) and across zones within the same user account ( www.example.com CNAME to www.example.net ).

Resolution

To allow CNAME record resolution to a domain in a different Cloudflare account, the domain owner of the CNAME target must contact Cloudflare Support and specify the domains allowed to CNAME to their target domain. A Cloudflare Pro, Business, or Enterprise plan is required on the target domain for Cloudflare Support to change default CNAME restrictions.

3 Likes

Thank you!

So I need to have hdphoto.com contact cloudflare support and have them add me to their OK domain list, is that correct?

So why has this same system worked perefctly for me for a few years? Why would this suddenly ■■■■ out on me?

I mentioned in my original post the situations where that would have happened, but we can’t discuss any specifics since this is another customer’s site.

Correct, the domain to which you are CNAMEing will need to contact us and provide your domain, so we can add to the allowlist.

There are risks involved such as you could (accidentally or not) expose the IP of hdphoto.com by grey-clouding the CNAME under your domain, so the owner of that domain needs to understand and accept these risks.

1 Like

Hi
I also have same issue.
According to this article
https://support.cloudflare.com/hc/en-us/articles/360029779472-Troubleshooting-Cloudflare-1XXX-errors#:~:text=Error%201014%3A%20CNAME%20Cross-User%20Banned,-Common%20cause&text=By%20default%2C%20Cloudflare%20prohibits%20a,www.example.net).

you need to pro or above account and ask cloudflare support to add this exception (or turn off proxied on domain)
However, when i look at pricing for the $20 pro account, it says Cname compaitibility is not included

I personally dont mind paying the $20 a month to fix this issue, but the next plan where it is included is $200 a month, which is out of my reach

Just one correction, the target domain needs a paid plan, the zone that points to the target domain does not.

A Cloudflare Pro, Business, or Enterprise plan is required on the target domain for Cloudflare Support to change default CNAME restrictions.

So the OP of this thread wouldn’t need to upgrade.

1 Like

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.