Understanding Subdomain Support

Learn how Enterprise customers add subdomains to their Cloudflare account via the Subdomain Support feature.


Overview

Cloudflare Subdomain Support simplifies management of Cloudflare performance and security for subdomains and provides several additional benefits. Subdomain Support is available for multiple subdomain levels such as www.example.com, dev.www.example.com, etc.

Subdomain Support is only available to Enterprise customers.

Terminology

This guide uses the following terms:

Root domain

A domain purchased from a domain registrar (example.com).

Child subdomain

A level of subdomain below the root domain (foo.example.com, dev.foo.example.com, or www.dev.foo.example.com).

Parent domain

The domain or subdomain level directly above the child subdomain (example.com is a parent of foo.example.com and foo.example.com is a parent of dev.foo.example.com).

Benefits

 Subdomain Support provides several benefits:

  • Subdomain Support allows designated teams within your organization to control Cloudflare settings for a specific subdomain, while your central IT team maintains control of your root or parent domain.
    • For example, a central IT team for example.com assigns child subdomains such as api.example.com to other teams while maintaining control of the parent domain’s DNS (example.com).
  • api.example.com requires different Cloudflare settings than blog.example.com.

Requirements

Subdomain Support has several noteworthy requirements:

  • Child subdomain DNS resolution breaks if the parent domain enables DNSSEC but the child subdomain disables DNSSEC.
  • When the parent domain is active on Cloudflare, migrating a child subdomain from one Cloudflare account to another first requires moving the child subdomain back into the parent domain.
  • The parent domain’s SSL certificate displays to visitors of the child subdomain if the parent’s Dedicated SSL certificate explicitly lists the child subdomain and is created after the child’s SSL certificate was created.
    • Example: foo.example.com is a child of example.com. Both domains are on Cloudflare. If example.com has a Dedicated certificate with foo.example.com explicitly listed as a hostname, the example.com Dedicated certificate is served to visitors of foo.example.com.
  • If the parent and child subdomain are both on Cloudflare, match the subdomain setup type (Full or CNAME) to the parent setup type.
  • Cloudflare Edge Side Code (ESC) for a parent domain does not automatically apply to child subdomains and requires changes to the ESC.
  • The Cloudflare Custom Hostnames feature is not compatible with Subdomain Support.
If a child subdomain uses a resolve override to a parent domain in a different Cloudflare account, enable CNAME sharing.

Enabling Subdomain Support

Contact your Cloudflare Account Team to enable Subdomain Support for your account. Once enabled, you can add child subdomains to your account.

Subdomain Support is enabled per Cloudflare account.

Adding child subdomains to Cloudflare

Add child subdomains on either a Full or CNAME setup. Use the table below to determine which setup is best. Ideally, the setup used for the child domain should mimic the setup for the parent domain:

Parent domain setup

Recommended child subdomain setup

Parent domain on Cloudflare via a Full setup

Full setup only

Parent domain on Cloudflare via a CNAME setup

CNAME setup only

The parent domain is not on Cloudflare

Can choose Full or CNAME setup

Ensure Cloudflare configurations for the subdomain are moved from the parent domain to the child subdomain before activating the child subdomain at Cloudflare. Refer to the best practices for adding child subdomains.

Adding child subdomains via CNAME setups

Add child subdomains in the same manner mentioned in our guide on configuring a CNAME setup.

Adding child subdomains via Full setups

Add a child subdomain on a Full setup in the manner mentioned in our guide on changing domain name servers to Cloudflare. If your parent domain is on a Full setup, add the NS records to the parent domain’s Cloudflare DNS app.

Add DNS records to the child subdomain’s Cloudflare DNS app prior to creating the NS records in the parent domain. Once you’ve created the NS records and the child subdomain is active on Cloudflare, remove any DNS records, except for the NS records, that refer from the parent domain to the child subdomain.

Best Practices for adding child subdomains

The parent domain loses configuration control over the subdomain once the child subdomain is added to Cloudflare. For instance, example.com’s Page Rule for shop.example.com will no longer work when the shop.example.com child subdomain is added to Cloudflare. Move Page Rule configuration from the parent domain to the child subdomain before activating the child subdomain with TXT records or setting NS records.

This concept similarly applies to any Cloudflare feature configured for the child subdomain such as


Related resources

Not finding what you need?

95% of questions can be answered using the search tool. This is the quickest way to get a response.

Powered by Zendesk