CNAME setup is a manual process available to paid Cloudflare plans only at the Business or Enterprise level. With CNAME setup, authoritative DNS remains elsewhere, and one or more subdomains are delegated to use Cloudflare using CNAME DNS record(s). You do not need to use this if you've already changed nameservers to Cloudflare and want us to be your authoritative DNS provider.
Note: If you want to add a CNAME record to Cloudflare, that is free on all plans and isn't a CNAME setup. That is outlined here:
Interested in CNAME setup?
First, submit a ticket with the domain you would like to set up via CNAME.
Use the subject line "CNAME setup <domain>" for faster review.
Remember, this is for Business and Enterprise plans only and shouldn't be confused with a CNAME record.
Allowing for CNAME setup is entirely at the discretion of Cloudflare. We're always curious to learn how we can improve our DNS to meet your needs.
If approved for CNAME setup - per our review process and policies - the process is described below.
- Create a Cloudflare account and start adding your website, following the normal process
- Verify your DNS records on Cloudflare for accuracy. Cloudflare will need records to resolve to your origin server corresponding to the subdomains that are being routed into Cloudflare (like WWW for instance).
- STOP at Step 4 of the setup, where the website instructions ask you to change your nameservers. Do not change your nameservers.
- Create a Cloudflare Support ticket citing the domain name to be converted to the CNAME setup. Remember the Business and Enterprise plans offer custom cert upload but we'll also provide a Cloudflare-issued Universal SSL. This Universal SSL will be deployed once your domain is activated and proper DCV records have been added to your authoritative DNS provider. These DCVs can be fetched from our API.
- A unique TXT record will be shown in the Overview section of your Cloudflare Dashboard as well as provided to you by your Cloudflare contact.
- Add the TXT record to your authoritative DNS on the root record, with the subdomain host cloudflare-verify.example.com (replace example.com, of course). The TXT record value will be a number (e.g. 856172357-3825555). Leave this TXT record in place for as long as you want the domain to be active on Cloudflare.
- Cloudflare will verify the presence of the TXT record automatically and email you confirmation of completion. (This may take a few hours.)
- Add CNAME(s) to your authoritative DNS provider following the format provided (more detail below).
- You're done!
All requests accelerated and protected by Cloudflare will come from the Cloudflare IP addresses. Please make sure to whitelist all Cloudflare's IPs -- if you throttle or rate-limit these requests, your website will appear to be offline.
In Step 2 of adding your website, toggle the clouds to orange for the subdomain(s) you want Cloudflare enabled for. For the other subdomains, mark them as gray.
Limitations of CNAME setup
Domains using CNAME setup have two limitations:
- The DDOS protection for attacks against DNS infrastructure is only available for the delegated records.
- Cloudflare's security and acceleration benefits are only available on delegated subdomains, such as www.example.com. The root domain, such as example.com, cannot be protected or accelerated via Cloudflare. This is due to DNS RFCs.
To send root domain traffic to Cloudflare, you may add a redirect on your webserver (.htaccess file or similar) to forward traffic to the subdomains proxied by Cloudflare.
When you reach Step 7 above, after verification of your TXT record is complete, use these formats.
The edit to the CNAME on your authoritative DNS editor (not in Cloudflare's DNS settings) is to append .cdn.cloudflare.net to the entire hostname. The format of the CNAME record will be like this:
www.domain.com CNAME www.domain.com.cdn.cloudflare.net
You can add one or as many CNAMEs as you like to your authoritative DNS. Make sure there is a corresponding record in the Cloudflare DNS Settings that is marked with an orange cloud. Make sure the record(s) you want are enabled by toggling the clouds to orange. Replace EXAMPLE.COM with your domain in the URLs below.
The logical flow of a CNAME lookup is shown in the diagram below:
Decide on your Cloudflare Settings. The defaults are fine, but you can start to get a feel for the options. Replace EXAMPLE.COM with your domain in the URL below.
More on SSL
If you need the Cloudflare-issued SSL with CNAME setup, you must always have CNAME verification records in place to verify the domain, you can use this Cloudflare API call to obtain SSL verification CNAME records to trigger the certificate to be issued.
You may also upload your custom SSL certification as a Business or Enterprise customer.
Turning Cloudflare Off
Once the record is live, you'll have two ways to disable Cloudflare, if you ever need to.
1) On the Cloudflare DNS Settings page, disable the proxy (click the cloud to Grey). You'll still use Cloudflare DNS for that record, if your authoritative DNS doesn't change, but it will be DNS only: you will receive no security or acceleration benefits from using Cloudflare.
2) Remove the CNAME record pointing to Cloudflare from your authoritative DNS.