Understanding Subdomain Support

Learn how Enterprise customers add subdomains to their Cloudflare account via the Subdomain Support feature.


Cloudflare Subdomain Support simplifies management of Cloudflare performance and security for subdomains and provides several additional benefits. Subdomain Support is available for multiple subdomain levels such as www.example.comdev.www.example.com, etc.

Subdomain Support is only available to Enterprise customers and is enabled by default.

Refer to the following details for additional information:


This guide uses the following terms:

  • Root domain: A domain purchased from a domain registrar (example.com).
  • Child subdomain: A level of subdomain below the root domain (foo.example.comdev.foo.example.com, or www.dev.foo.example.com).
  • Parent domain: The domain or subdomain level directly above the child subdomain (example.com is a parent of foo.example.com and foo.example.com is a parent of dev.foo.example.com).


 Subdomain Support provides several benefits:

  • Subdomain Support allows designated teams within your organization to control Cloudflare settings for a specific subdomain, while your central IT team maintains control of your root or parent domain.
    • For example, a central IT team for example.com assigns child subdomains such as api.example.com to other teams while maintaining control of the parent domain’s DNS (example.com).
  • api.example.com requires different Cloudflare settings than blog.example.com.


Subdomain Support has several noteworthy requirements:

  • Child subdomain DNS resolution breaks if the parent domain enables DNSSEC but the child subdomain disables DNSSEC.
  • When the parent domain is active on Cloudflare, migrating a child subdomain from one Cloudflare account to another first requires moving the child subdomain back into the parent domain.
  • The parent domain’s SSL certificate displays to visitors of the child subdomain if the parent’s certificate explicitly lists the child subdomain and is created after the child’s SSL certificate was created.
    • Example: foo.example.com is a child of example.com. Both domains are on Cloudflare. If example.com has a certificate with foo.example.com explicitly listed as a hostname, the example.com Dedicated certificate is served to visitors of foo.example.com.
  • If the parent and child subdomain are both on Cloudflare, match the subdomain setup type (Full or CNAME) to the parent setup type.
  • Cloudflare Edge Side Code (ESC) for a parent domain does not automatically apply to child subdomains and requires changes to the ESC.
  • The Cloudflare feature is not compatible with Subdomain Support.
If a child subdomain uses a resolve override to a parent domain in a different Cloudflare account, enable CNAME sharing.

Add child subdomains to Cloudflare

A child subdomain incurs a couple of minutes downtime when delegated from the parent domain.

Add child subdomains on either a Full or CNAME setup. Use the table below to determine which setup is best. Ideally, the setup used for the child domain should mimic the setup for the parent domain:

Parent domain setup

Recommended child subdomain setup

Parent domain on Cloudflare via a Full setup

Full setup only

Parent domain on Cloudflare via a CNAME setup

CNAME setup only

The parent domain is not on Cloudflare

Can choose Full or CNAME setup

Ensure Cloudflare configurations for the subdomain are moved from the parent domain to the child subdomain before activating the child subdomain at Cloudflare. Refer to the best practices for adding child subdomains.

Adding child subdomains via CNAME setups

Add child subdomains in the same manner mentioned in our guide on configuring a CNAME setup.

Adding child subdomains via Full setups

Add a child subdomain on a Full setup in the manner mentioned in our guide on changing domain name servers to Cloudflare. If your parent domain is on a Full setup, add the NS records to the parent domain’s Cloudflare DNS app.

Add DNS records to the child subdomain’s Cloudflare DNS app prior to creating the NS records in the parent domain. Once you’ve created the NS records and the child subdomain is active on Cloudflare, remove any DNS records, except for the NS records, that refer from the parent domain to the child subdomain.

Best practices for adding child subdomains

The parent domain loses configuration control over the subdomain once the child subdomain is added to Cloudflare. For instance, example.com’s Page Rule for shop.example.com will no longer work when the shop.example.com child subdomain is added to Cloudflare. Move Page Rule configuration from the parent domain to the child subdomain before activating the child subdomain with TXT records or setting NS records.

If using a Custom SSL certificate with a child subdomain (such as www.example.com), the Custom SSL certificate must explicitly list www.example.com and not just *.example.com in order for the Custom SSL certificate to apply to traffic for www.example.com.

This concept similarly applies to any Cloudflare feature configured for the child subdomain such as


Migrate a subdomain to a new Cloudflare account

A child subdomain incurs a couple of minutes downtime when delegated from the parent domain.

To move a subdomain on a Full setup from one Cloudflare account to another:

  • Add the subdomain to the new Cloudflare account.
  • Delete the subdomain's CNAME or A record within the old Cloudflare account.
  • Create the subdomain's CNAME or A record within the new Cloudflare account.
  • Update the NS records for the subdomain to refer to the new nameservers corresponding to the new Cloudflare account.


Related resources


Not finding what you need?

95% of questions can be answered using the search tool. This is the quickest way to get a response.

Powered by Zendesk