Learn how Enterprise customers add subdomains to their Cloudflare account via the Subdomain Support feature.
Cloudflare Subdomain Support simplifies management of Cloudflare performance and security for subdomains and provides several additional benefits. Subdomain Support is available for multiple subdomain levels such as www.example.com, dev.www.example.com, etc.
Refer to the following details for additional information:
This guide uses the following terms:
A domain purchased from a domain registrar (example.com).
A level of subdomain below the root domain (foo.example.com, dev.foo.example.com, or www.dev.foo.example.com).
The domain or subdomain level directly above the child subdomain (example.com is a parent of foo.example.com and foo.example.com is a parent of dev.foo.example.com).
Subdomain Support provides several benefits:
- Subdomain Support allows designated teams within your organization to control Cloudflare settings for a specific subdomain, while your central IT team maintains control of your root or parent domain.
- For example, a central IT team for example.com assigns child subdomains such as api.example.com to other teams while maintaining control of the parent domain’s DNS (example.com).
- api.example.com requires different Cloudflare settings than blog.example.com.
Subdomain Support has several noteworthy requirements:
- Child subdomain DNS resolution breaks if the parent domain enables DNSSEC but the child subdomain disables DNSSEC.
- When the parent domain is active on Cloudflare, migrating a child subdomain from one Cloudflare account to another first requires moving the child subdomain back into the parent domain.
- The parent domain’s SSL certificate displays to visitors of the child subdomain if the parent’s Dedicated SSL certificate explicitly lists the child subdomain and is created after the child’s SSL certificate was created.
- Example: foo.example.com is a child of example.com. Both domains are on Cloudflare. If example.com has a Dedicated certificate with foo.example.com explicitly listed as a hostname, the example.com Dedicated certificate is served to visitors of foo.example.com.
- If the parent and child subdomain are both on Cloudflare, match the subdomain setup type (Full or CNAME) to the parent setup type.
- Cloudflare Edge Side Code (ESC) for a parent domain does not automatically apply to child subdomains and requires changes to the ESC.
- The Cloudflare Custom Hostnames feature is not compatible with Subdomain Support.
Adding child subdomains to Cloudflare
Parent domain setup
Recommended child subdomain setup
Parent domain on Cloudflare via a Full setup
Full setup only
Parent domain on Cloudflare via a CNAME setup
CNAME setup only
The parent domain is not on Cloudflare
Adding child subdomains via CNAME setups
Add child subdomains in the same manner mentioned in our guide on configuring a CNAME setup.
Adding child subdomains via Full setups
Add a child subdomain on a Full setup in the manner mentioned in our guide on changing domain name servers to Cloudflare. If your parent domain is on a Full setup, add the NS records to the parent domain’s Cloudflare DNS app.
Best practices for adding child subdomains
The parent domain loses configuration control over the subdomain once the child subdomain is added to Cloudflare. For instance, example.com’s Page Rule for shop.example.com will no longer work when the shop.example.com child subdomain is added to Cloudflare. Move Page Rule configuration from the parent domain to the child subdomain before activating the child subdomain with TXT records or setting NS records.
This concept similarly applies to any Cloudflare feature configured for the child subdomain such as
Migrating a subdomain to a new Cloudflare account
To move a subdomain on a Full setup from one Cloudflare account to another:
- Add the subdomain to the new Cloudflare account.
- Delete the subdomain's CNAME or A record within the old Cloudflare account.
- Create the subdomain's CNAME or A record within the new Cloudflare account.
- Update the NS records for the subdomain to refer to the new nameservers corresponding to the new Cloudflare account.