Learn the purpose of common DNS records and how you can add or delete those records at Cloudflare. To configure your site on Cloudflare successfully, you add domains and add subdomains via DNS records.
What is DNS?
DNS translates domain names to IP addresses and that's why it is often called the "phonebook of the Internet." For details on DNS and its purpose on the Internet, visit our what is DNS Learning Center. For DNS records not covered in this article, visit our Learning Center guide on DNS records.
Adding DNS records
When you first add a domain to Cloudflare, a scan of common DNS records is performed in a attempt to automatically add all of the domain's DNS records to the Cloudflare DNS app. If you need to add records manually for a domain, follow the procedure below:
- Log in to the Cloudflare dashboard.
- Click the appropriate Cloudflare account for the domain where you will add records.
- Ensure the proper domain is selected.
- Click the DNS app.
- The UI interface for adding DNS records appears under DNS Records:
6. Replace Name with a subdomain or the root domain.
7. (Optional) Some record types such A, AAAA, and CNAME allow a customer to toggle the Cloudflare proxy on or off. For the Cloudflare Proxy Toggle:
- An orange cloud icon proxies traffic through Cloudflare for the DNS record Name.
- A grey cloud icon ensures traffic for the DNS record Name is not proxied to Cloudflare. Cloudflare still serves DNS for a grey clouded DNS record, but no other Cloudflare features such as SSL, page rules, caching, WAF, etc are applied.
8. The Type selection defaults to A records. Expand the DNS record types in the tables below for further instructions pertaining to each record type:
Critical DNS records for IP address resolution:
A Records are necessary to direct a visitor's browser requests to an origin web server.
To add an A record: 1. Replace Value with a real address (you cannot use a Cloudflare IP). Example: 203.0.113.34 2. Click Add Record. Multiple A records for the same subdomain can be added with different IP addresses. Cloudflare's DNS will alternate requests to the various IP addresses provided. However, Cloudflare's DNS will continue to alternate traffic to all specified IP addresses even if an IP address is unreachable.
CNAME Records are necessary to direct a visitor's browser requests to an origin web server. Unlike an A record, the CNAME will point to a hostname like www.example.com instead of an IP address. www.example.com would then either have an A record that lists the IP address or use another CNAME record that points to a different hostname. Eventually, a chain of CNAME records must point to a hostname that resolves to an IP address.
To add a CNAME record: 1. Replace Value with the target (destination) domain. Example: mysite.myhost.com Example: s3-eu-west-1.amazonaws.com 2. Click Add Record. (What is a CNAME record?)
1. Replace Value with a real address. Example: 2001:db8:ffff:ffff:ffff:ffff:ffff:ffff 2. Click Add Record. (What is an AAAA record?)
DNS records for email and email authentication:
TXT records are commonly used for mail authentication. Review the SPF and DKIM sections of this guide for examples.
To add a TXT record: 1. Replace Value with real data. 2. Click Add Record. (What is a TXT record?)
MX Records are necessary for delivery of email to a mail server. Any MX record Server name requires a corresponding A record that lists the IP address of the mail server.
To add an MX record: 1. Click Add Record.
2. Choose MX from the Type field to display the required MX record details:
Mail server is the DNS hostname of the mail server. Priority is a relative number. The lowest Priority number in a group of MX records will have priority over the rest. 3. Click Save.
DKIM records can often exceed the 255-character limit for TXT records. Therefore, Cloudflare will automatically split these into multiple records at the same domain name, producing a record with a format similar to the following when queried:
default._domainkey.example.com. 299 IN TXT "v=DKIM1; k=rsa; p=<encoded public key>" "<rest of public key>;"
Remove quotation marks and spaces when adding DKIM records to your zone. Also, you do not need to prefix (escape) semicolons with a "\" character for DKIM records added to Cloudflare.
Some services require additional CNAME records for DKIM verification. Verification will fail for CNAME records used to verify DKIM unless there is a grey-cloud icon beside the CNAME record in the DNS app.
1. Replace Value with real data.
Although Cloudflare and most other DNS providers support the dedicated SPF record types, some DNS clients may instead look for a TXT record.
SPF content as a TXT record will look similar to the following:
TXT @ v=spf1 include:example.net -all
Contact your mail provider about SPF record content if you observe SPF failures in your email headers or if your mail is undeliverable.
Domain-based Message Authentication, Reporting & Conformance (DMARC) allows an email recipient to know if the email is protected by SPF and/or DKIM. DMARC describes how the email recipient should process the email if neither of those authentication methods passes.
To learn more about DMARC records, visit the DMARC project.
Specialized DNS records:
1. Replace Value with real data. For further assistance, refer to our support guide dedicated to configuring CAA records. (What is a CAA record?)
1. Click on Add Record.
2. Choose SRV from the Type field to display the required SRV record details:
3. Create the SRV name. For example:
Service: _xmpp-client Protocol: tcp Name: yourdomain.com Priority: 5 Weight: 0 Port: 5222 Target: talk.l.google.com
4. Click Save. Cloudflare will combine the Service, Protocol, and Name fields to create the SRV record name.
Using the example data above, a DNS query for the SRV record would return the following response:
_xmpp-client._tcp.yourdomain.com. IN SRV 5 0 5222 talk.l.google.com.
For proxied domains, Cloudflare responds to DNS queries with its own shared, dynamic IP addresses. Therefore, PTR records cannot be added to Cloudflare.
The main reason to have a PTR record is to prevent emails from ending up in spam folders. Since Cloudflare doesn't support email traffic by default, you would instead need to set the PTR record where your email server is located. Please reach out to your email provider for assistance.
There is no need to configure SOA records when using Cloudflare's nameservers as the authoritative nameservers. Cloudflare automatically creates the SOA record when you migrate your domain to Cloudflare. (What is an SOA record?)
For questions about a DNS record not listed in the table above, visit our Learning Center.
Cloudflare can proxy certain DNS records. Please visit our guide on which records are appropriate to proxy.
Deleting DNS Records
1. Log in to the Cloudflare dashboard.
2. Choose the appropriate Cloudflare account associated with the domain where you will delete records.
3. Choose the domain for which you will delete records
4. Click the DNS app.
5. Identify the record to delete and click Edit.
6. Click Delete. A confirmation dialog appears.
7. Click Delete again to confirm.