Managing DNS records in Cloudflare

Avatar
Jeremy L Pugh
Follow

Learn about the purpose of common DNS records and how you can add or delete those records at Cloudflare.

What is DNS?

For details on DNS and its purpose on the Internet, visit our what is DNS support guide or our what is DNS learning center.

Adding DNS records

1. Log in to the Cloudflare dashboard.

2. Click the appropriate Cloudflare account for the domain where you will add records.

3. Ensure the proper domain is selected.

4. Click the DNS app.

5. The UI interface for adding DNS records appears under DNS Records:

image8.png

6. Replace Name with a subdomain or the root domain.

7. The selection menu defaults to A records.  Expand the DNS record types in the tables below for further instructions pertaining to each record type:

DNS records for IP address resolution:

A
1. Replace IPv4 address with a real address.
Example: 203.0.113.34

2. Click Add Record.

Multiple A records for the same subdomain can be added with different IP addresses. Cloudflare's DNS will alternate requests to the various IP addresses provided. However, Cloudflare's DNS will continue to alternate traffic to all specified IP addresses even if an IP address is unreachable.
Cloudflare Load Balancing is the proper way to spread traffic across multiple IP addresses while only sending traffic to reachable IP addresses.

(What is an A record?)
CNAME
1. Replace Domain name with a real domain.
Example: www.example.com

2. Click Add Record.
(What is a CNAME record?)
AAAA
1. Replace IPv6 address with a real address.
Example: 2001:db8:ffff:ffff:ffff:ffff:ffff:ffff

2. Click Add Record.
(What is an AAAA record?)

DNS records for email and email authentication:

TXT
1. Replace Click to configure with real data.  TXT records are commonly used for mail authentication. 
Review the SPF and DKIM sections of this table for examples.

2. Click Add Record.
(What is a TXT record?)
MX
1. Click on the Click to configure field to open a popup window for supplying further MX record details:
Screen_Shot_2016-10-10_at_3.45.31_PM.png
Priority is a relative number.
The lowest Priority number in a group of MX records will have priority over the rest.

2. Click Save.

3. Click Add Record.
(What is an MX record?)
DKIM
There is no DKIM record type.  DKIM is instead configured as a DNS TXT record

DKIM records can often exceed the 255-character limit for TXT records. Therefore, Cloudflare will automatically split these into multiple records at the same domain name, producing a record with a format similar to the following when queried via dig or nslookup:

default._domainkey.example.com. 299 IN TXT "v=DKIM1; k=rsa; p=<encoded public key>" "<rest of public key>;"

Remove quotation marks and spaces when adding DKIM records to your zone. Also, you do not need to prefix (escape) semicolons with a "\" character for DKIM records added to Cloudflare. 

Test whether a DKIM record is correctly configured by using a dig command: https://scottlinux.com/2012/10/27/how-to-fetch-dkim-records-from-dns/.
http://dkimcore.org/tools/ is a recommended online DKIM validation tool.

Some services require additional CNAME records for DKIM verification.  Verification will fail for CNAME records used to verify DKIM unless there is a grey-cloud icon beside the CNAME record in the DNS app. 
SPF
1. Replace Click to configure with real data.
DNS specifications have deprecated the SPF record type in favor of TXT records.

Although Cloudflare and most other DNS providers support the dedicated SPF record types, some DNS clients may instead look for a TXT record
Add both a SPF record and a TXT record to your domain to ensure backwards compatibility. 

SPF content as a TXT record will look similar to the following: 
TXT @ v=spf1 include:example.net -all
Further details on SPF record syntax can be found at openspf.org.  Contact your mail provider about SPF record content if you observe SPF failures in your email headers or if your mail is undeliverable.
DMARC
Domain-based Message Authentication, Reporting & Conformance (DMARC) allows an email recipient to know if the email is protected by SPF and/or DKIM. DMARC describes how the email recipient should process the email if neither of those authentication methods passes.
There is no DMARC record type.  DMARC is instead configured as a DNS TXT record

To learn more about DMARC records, visit the DMARC project.

Miscellaneous DNS records:

CAA
1. Replace Click to configure with real data.
For further assistance, refer to our support guide dedicated to configuring CAA records.
(What is a CAA record?)
SRV
1. Click on the Click to configure field to open a popup window for supplying SRV record details:
Screen_Shot_2018-11-05_at_12.53.29_PM.png

2. Create the SRV name. For example:
Service: _xmpp-client
Protocol: tcp
Name: yourdomain.com

3. Click Save. Cloudflare will combine the ServiceProtocol, and Name fields to create the SRV record name.
 
4. A new window will appear requesting to add the SRV content:Screen_Shot_2018-11-05_at_12.54.32_PM.png

5. Add the SRV content. For example:
Priority: 5
Weight: 0
Port: 5222
Target: talk.l.google.com

6. Click Save.

Using the example data above, a DNS query for the SRV record would return the following response:
_xmpp-client._tcp.yourdomain.com. IN SRV 5 0 5222 talk.l.google.com.
(What is an SRV record?)
PTR
For proxied domains, Cloudflare responds to DNS queries with its own shared, dynamic IP addresses.  Therefore, PTR records cannot be added to Cloudflare. 

The PTR record option shown in the DNS Records dropdown is not for adding PTR records for Reverse DNS resolution.  It is instead for adding a PTR Record to the Forward DNS resolution for the domain. PTR in Forward DNS is allowed under the DNS specification.

The main reason to have a PTR record is to prevent emails from ending up in spam folders. Since Cloudflare doesn't support email traffic by default, you would instead need to set the PTR record where your email server is located.  Please reach out to your email provider for assistance.

Customers with Enterprise domains using Cloudflare's DNS Firewall feature can request Cloudflare Support for assistance with updating PTR records.
(What is a PTR record?)
SOA
There is no need to configure SOA records when using Cloudflare's nameservers as the authoritative nameservers. Cloudflare automatically creates the SOA record when you migrate your domain to Cloudflare.
(What is an SOA record?)

For questions about a DNS record not listed in the table above, visit our Learning Center or visit our documentation on how to configure DKIM, SPF, or DMARC records for mail authentication.

Cloudflare can proxy certain DNS records. Please visit our guide on which records are appropriate to proxy.

Deleting DNS records

1. Log in to the Cloudflare dashboard.

2. Click the appropriate Cloudflare account for the domain where you will delete records.

3. Ensure the proper domain is selected.

4. Click the DNS app.

5. Under DNS Records, click X to delete a specific DNS record.

Related resources

How to bulk import DNS records 

Was this article helpful?
2 out of 4 found this helpful
Not finding what you need?

95% of questions can be answered using the search tool. This is the quickest way to get a response.

Submit a request

Popular questions: Why is my site slow, 522 errors, I'm expecting a spike in traffic

Powered by Zendesk