Cloudflare offers automatic CNAME Flattening at the zone apex (or root). All customers with CNAME records at the root have DNS requests safely processed without being limited by the DNS specifications (RFCs).
We shared more background and customer stories in this blog post.
Note: CNAME Flattening does not apply for domains using CNAME setup. In those cases, the root domain and full zone are not using Cloudflare DNS, and cannot benefit from CNAME Flattening.
How CNAME Flattening works
Cloudflare uses CNAME Flattening to present a CNAME as an A record. The Cloudflare server generating the response follows the CNAME chain so that the response to the request from the client (for example, the browser) contains only non-CNAME data -- usually, an IP address. This effectively creates an A or an AAAA record. Without flattening, Cloudflare would serve the CNAME record directly to the recursor (the DNS resolver that translates the domain name to an IP address).
CNAMEs can cause confusion when you wish to have a CNAME for a domain (for example, a CNAME from example.com to example.herokuapp.com) but also wish to have another type of DNS record at the root, for example MX records for mail delivery. The RFC requires CNAMEs to be exclusive to a DNS zone when present and the example presented may cause problems when receiving email, since the RFC also requires an MX record to map to an A record and not a CNAME. CNAME Flattening ensures email delivery because the CNAME is translated to an A record.
Some other DNS providers call similar functionality (without RFC compliance) ALIAS or ANAME records.
Before CNAME Flattening
When you select the "orange cloud" option in Cloudflare DNS Settings, Cloudflare protects the identity of the CNAME and returns the IP addresses of the Cloudflare proxy servers.
$ dig example.com ;; QUESTION SECTION: ;example.com. IN A ANSWER SECTION: example.com. 0 IN CNAME cf-ssl00000-protected.example.com. cf-ssl00000-protected.example.com. 299 IN A 184.108.40.206 cf-ssl00000-protected.example.com. 299 IN A 220.127.116.11 cf-ssl00000-protected.example.com. 299 IN A 18.104.22.168 cf-ssl00000-protected.example.com. 299 IN A 22.214.171.124 cf-ssl00000-protected.example.com. 299 IN A 126.96.36.199
After CNAME Flattening
In the example below, the CNAME example.com is associated with each A record of the proxy servers. Note that they are the same A records as above.
$ dig example.com QUESTION SECTION: ;example.com. IN A ;; ANSWER SECTION: example.com. 299 IN A 188.8.131.52 example.com. 299 IN A 184.108.40.206 example.com. 299 IN A 220.127.116.11 example.com. 299 IN A 18.104.22.168 example.com. 299 IN A 22.214.171.124
CNAME Flattening also works when only DNS is active, even when the record is "grey clouded" (Cloudflare proxy disabled for the record in Cloudflare DNS Settings).
Flattening non-root records
Cloudflare offers CNAME Flattening on non-root CNAME records for Pro, Business and Enterprise plan websites. CNAME Flattening for non-root records can be enabled in the DNS app in the Cloudflare dashboard.
RFC (Request For Comments)
The specifications that govern using a CNAME at the root within DNS are some of the earliest decisions about the Internet, some even before the web was available:
- http://tools.ietf.org/html/rfc1034 November, 1987
- http://tools.ietf.org/html/rfc1035 November, 1987
- http://tools.ietf.org/html/rfc1912 February, 1996