Wildcard DNS Entries For Free

#1

Amazon CloudFront seems to have this feature since 2013 for free.
Would be nice to have it in CloudFlare too.

Why

I have an idea for a low-budget service where I want to use Cloudflare Workers on all unregistred subdomains to output a page customized according to the subdomain name.
Of course I may do it with client side JavaScript but it may hurt SEO (and deprive me of all other benefits of CloudFlare like fast CDN and DDOS mitigation).
Because the project is just an idea and budget is low I can’t afford myself acquiring an Enterprise plan or even Pro.
A further abstraction of the project idea would be allowing users to bring their own domains to the service and manage them but as CloudFlare plans are per domain I doubt it will be feasible, without Enterprise plan at least.

Offtopic

Have you thought to start providing static site hosting service with CF? Maybe in partnership with Netlify.

#2

Wildcards have been already supported “forever”.

#3

Yeah, but they can’t be :orange:, hence, no Workers.

2 Likes
#4

Well, technically they can, one only needs to dig a bit deeper into his pockets :wink:

But yes, I did miss the worker bit.

2 Likes
#5

The wildcard info message in the DNS settings page currently says: (emphasis mine)

Wildcards may be added to DNS, but only Enterprise customers can proxy wildcards through the CDN…

And according to cloudflare support, the enterprise plan starts at $5,000 per month ($60,000 annually).

That’s not “dig a bit deeper into [your] pockets”, that’s well into “completely empty your pockets” territory (for anyone that isn’t actually an enterprise).

So while I can kind of understand if this was a feature of the Pro ($20/mo) plan, right now it’s extremely cost prohibitive for developers / personal users (and probably many small businesses too) - especially when AWS route53 includes it (for no extra cost, which ends up being like $1/mo for a small site).

#6

Chances are you don’t need a proxied wildcard entry if you’re doing anything other than SAAS or giving out subdomains, things which aren’t common for anyone other than businesses with millions in revenue that can afford Cloudflare enterprise.


If you’re, as you said, a “developer” or “personal user”, then you probably could take the time to automatically add the desired DNS subdomains using the API when needed.

4 Likes
#7

Here are two ideas that require bringing own domains to fight censorship:

  1. A user brings his own domain, from which we serve text files which may be personalized based on a user token supplied by client/user. Personalization is done via CloudFlare Workers (with KV) on the edge. These text files may be PAC-scripts constructed according to client preferences. PAC-scripts may be used to fight censorship or for internal networking. The ability to bring own domains is crucial because any public domain that fights censorship may be easily censored but if user brings his own domain which we use secretly then it can’t be revealed and blacklisted.
  2. I’m a big site being censored. I create a service on CloudFlare which allows users bring their own domains and create mirrors on them of my site by proxying requests via CloudFlare Workers. Mirrors are used privately or may be shared with others if so desired.

Both use cases deal with fighting censorship and censorship being abused in bad hands is a problem in some countries.

1 Like
#8

I was going to mention the API as well, @judge, but the problem there is that Cloudflare limits the amount of DNS records per domain. A wildcard would point every possible combination; individual subdomains would be eating away at the domain’s quota.

See https://support.cloudflare.com/hc/en-us/articles/360017421192-Cloudflare-DNS-FAQ#CloudflareDNSFAQ-HowmanyDNSrecordscanIhaveperdomain

#9

Cloudflare is still a business, and choosing to require Enterprise to use proxied wildcards was a business decision ¯\_(ツ)_/¯

As for the limit, this was discussed extensively here New dns records number limit?

#10

I understand this.

Was simply noting why the API would not be the ideal route once the project reached a certain size.