English (US) Deutsch Español (España) Français (France) 日本語 한국어 Português do Brasil 简体中文

Cloudflare Help Center

Detailed system status >

Articles in this section

Connect with the Cloudflare Community

Get answers

More on this topic: Discussions and Tips

Understanding a CNAME Setup

  • Updated

This article describes the purpose, benefits, and limitations of enabling a CNAME setup for a Cloudflare domain.

Overview

CNAME setup is available to paid Cloudflare plans at the Business or Enterprise level.

A CNAME setup allows a customer to maintain authoritative DNS outside of Cloudflare.  It allows individual subdomains to benefit from Cloudflare's services without requiring updates for a domain's registration to point to Cloudflare's nameservers for DNS resolution.  

Be careful not to confuse CNAME setup terminology with CNAME records which are available in the DNS app for all plan types.

The logical flow of a DNS lookup for a domain on a CNAME setup is shown in the diagram below:

a diagram showing the logical flow of a DNS lookup for a domain on a CNAME setup

Activating CNAME setup for a domain

Review our guide that explains the benefits and limitations of a CNAME setup

1. Create a Cloudflare account and add your website

Stop when the website instructions ask you to change your nameservers.

2. Upgrade the domain to a Business plan or higher as needed.

3. Go to Overview.

4. In Advanced Actions, select Convert to CNAME DNS Setup.

From Overview, select Convert to CNAME DNS Setup

5. Select Convert.

5. Once you finish, add the new TXT record to your authoritative DNS.

The TXT record must remain in authoritative DNS for the duration Cloudflare's services are utilized.

6. After a few hours, Cloudflare will have verified the TXT record and sent a confirmation email.

7. Provision Universal SSL for the domain.

(Optional) Provision Cloudflare Universal SSL for CNAME setup

Cloudflare's Universal SSL certificate will be deployed once:

If a custom SSL certificate has been uploaded, the following steps can be skipped.
To provision a Universal SSL certificate, follow the instructions in our developer documentation.

Adding DNS records to a CNAME setup

Once a CNAME setup is enabled, DNS records must be updated in both Cloudflare's DNS app and your authoritative DNS:

1. Add an A or CNAME record in the Cloudflare DNS app for the subdomain.

An orange-cloud icon beside the DNS record will proxy traffic to Cloudflare.

2. Edit the corresponding CNAME record in your authoritative DNS to append .cdn.cloudflare.net to the hostname.

For example, when configuring www.example.com on a CNAME setup with Cloudflare, the CNAME record in authoritative DNS would need to point to www.example.com.cdn.cloudflare.net:

www.example.com CNAME www.example.com.cdn.cloudflare.net

If www.example.com is currently an A record in your authoritative DNS, it must be changed to a CNAME.

CNAME records can be added to your authoritative DNS for each subdomain to be proxied to Cloudflare.

Limitations

The CNAME setup has two limitations:

  1. DDOS protection for attacks against DNS infrastructure is only available for the delegated subdomain records.
  2. Only subdomains, not the root domain, can use Cloudflare's services. This limitation is imposed by Internet DNS specifications.

Add a redirect at your origin webserver (such as in an .htaccess file) to forward traffic for the root domain to a subdomain proxied to Cloudflare.

Related resources

Not finding what you need?

Searching can help answer 95% of support questions. This is the quickest way to get answers.

Ask the Community Submit a request

Related articles

Not finding what you need?

Searching can help answer 95% of support questions. This is the quickest way to get answers.

Ask the Community Submit a request