{"id":1738,"date":"2020-06-08T01:37:20","date_gmt":"2020-06-07T17:37:20","guid":{"rendered":"https:\/\/www.wesbytes.com\/guide\/?post_type=kb&p=1738"},"modified":"2026-01-02T17:16:52","modified_gmt":"2026-01-02T09:16:52","slug":"cloudflare-dns-domain-name-systems-faq","status":"publish","type":"kb","link":"https:\/\/www.servergigabit.com\/guide\/kb\/cloudflare-dns-domain-name-systems-faq","title":{"rendered":"Cloudflare DNS (Domain Name Systems) (FAQ)"},"content":{"rendered":"
\n

Cloudflare DNS (Domain Name Systems) (FAQ)<\/h3>\n<\/div>\n

Please visit the Cloudflare Learning Center\u00a0DNS<\/a>\u00a0guides.<\/p>\n

\"Cloudflare<\/p>\n

 <\/p>\n

\n
\n

Is Cloudflare a free DNS (domain nameserver) provider?<\/h3>\n<\/div>\n

Cloudflare offers\u00a0free DNS services\u00a0to customers in all plans. Note that:<\/p>\n

1. You do not need to change your hosting provider to use Cloudflare.<\/p>\n

2. You do not need to move away from your registrar. The only change you make with your registrar is to point the authoritative nameservers to the Cloudflare nameservers.<\/p>\n

As of October 2018, you can transfer your domain to\u00a0Cloudflare Registrar.<\/p>\n

 <\/p>\n

\n
\n

Does Cloudflare charge for or limit DNS queries?<\/h3>\n<\/div>\n

Cloudflare\u2019s authoritative DNS services are free of charge and Cloudflare does not limit DNS queries for a domain on the Cloudflare network.<\/p>\n

 <\/p>\n

\n
\n

How fast is Cloudflare\u2019s free DNS service?<\/h3>\n<\/div>\n

Cloudflare is the\u00a0fastest DNS provider\u00a0in the world, with the fastest speed overall for any DNS provider.<\/p>\n

 <\/p>\n

\n
\n

How many DNS records can I have per domain?<\/h3>\n<\/div>\n

The limits per domain are as follows:<\/p>\n

    \n
  • 3,500 DNS records for domains in the Pro, Business, and Enterprise plans<\/li>\n
  • 1,000 DNS records for Free domains<\/li>\n<\/ul>\n

    If you\u2019re an Enterprise customer and would like to add more than the limit for a domain, contact us describing the use case and the need for more record types.<\/p>\n

     <\/p>\n

    \n
    \n

    Where do I change my nameservers to point to Cloudflare?<\/h3>\n<\/div>\n

    Make the change at your registrar, which may or may not be your hosting provider. If you don\u2019t know who your registrar is for the domain, you can find this by doing a WHO is search. \u00a0Follow the instructions in our support guide to change nameservers to Cloudflare.<\/p>\n

     <\/p>\n

    \n
    \n

    Can I use Cloudflare without changing my nameservers to Cloudflare?<\/h3>\n<\/div>\n

    Changing your nameservers to Cloudflare is what allows us to fully proxy and provision a site. If you can\u2019t change to our nameservers, you have two options:<\/p>\n

    1. Activate Cloudflare through one of our\u00a0certified hosting partners.<\/p>\n

    2 Ask for a\u00a0CNAME setup.<\/p>\n

     <\/p>\n

    \n
    \n

    How long does it take for a DNS change I made to push out?<\/h3>\n<\/div>\n

    The Cloudflare DNS default Time-To-Live (TTL) is 300 seconds (5 minutes). Any changes or additions you make to your Cloudflare zone file will push out in 5 minutes or less. Note that your local DNS cache may take longer to update; as such, propagation everywhere might take longer than 5 minutes.<\/p>\n

     <\/p>\n

    \n
    \n

    Does Cloudflare support IPv6 DNS entries?<\/h3>\n<\/div>\n

    IPv6 needs to be add as an AAAA record, not an A record, in your DNS app settings.<\/p>\n

    See also:<\/em><\/p>\n

      \n
    • Adding AAAA records<\/li>\n
    • Cloudflare offers a\u00a0free IPv6 Gateway\u00a0to all customers<\/li>\n<\/ul>\n

       <\/p>\n

      \n
      \n

      Can I use Cloudflare with a Blogger.com domain?<\/h3>\n<\/div>\n

      You can use Cloudflare with any custom domain (yoursitename.com) for which you have control over managing its authoritative DNS.<\/p>\n

       <\/p>\n

      \n
      \n

      Does Cloudflare offer domain masking?<\/h3>\n<\/div>\n

      Cloudflare does not offer domain masking or DNS redirect services (your hosting provider might). We only offer URL forwarding through\u00a0Page Rules.<\/p>\n

       <\/p>\n

      \n
      \n

      Can I CNAME a domain not on Cloudflare to a domain that is on Cloudflare?<\/h3>\n<\/div>\n

      Using a CNAME to redirect traffic for a domain not on Cloudflare to a domain that is on Cloudflare creates a DNS resolution error. Since Cloudflare is a reverse proxy for the domain that is on Cloudflare, the CNAME redirect for the domain (not on Cloudflare) wouldn\u2019t know where to send the traffic to.<\/p>\n

      If you would still like to do a redirect for the site not on Cloudflare, then you should establish a traditional 301 or 302 redirect on your origin web server.<\/p>\n

       <\/p>\n

      \n
      \n

      Can I use add-on domains with Cloudflare?<\/h3>\n<\/div>\n

      Add-on domains are technically different domains that point to another \u201cmain\u201d domain server.<\/p>\n

      From a Cloudflare perspective, however, the domains are looked at as unique entities, which means that you would have to add each domain separately.<\/p>\n

      Cloudflare treats each of the following as a separate domain:<\/p>\n

        \n
      • example1.com<\/li>\n
      • example2.com<\/li>\n
      • example3.com<\/li>\n<\/ul>\n

        Each domain needs to be added separately to your Cloudflare account, and may have a separate plan level, from Free to Enterprise. There\u2019s no limit on the number of domains in a Cloudflare account. If you have hundreds or thousands, as some customers do, you\u2019ll want to know how to use the Cloudflare\u00a0API v4.<\/p>\n

        All subdomains are included, so these would all be considered one domain for Cloudflare plans:<\/p>\n

          \n
        • example1.com<\/li>\n
        • www.exampl e1.com<\/li>\n
        • blog.example1.com<\/li>\n
        • Store.example1.com<\/li>\n<\/ul>\n

           <\/p>\n

          \n
          \n

          Does Cloudflare support wildcard DNS entries?<\/h3>\n<\/div>\n

          Cloudflare supports the wildcard \u2018*\u2019 record for DNS management in all customer plan. Enterprise customers get full proxy support for wildcard records.<\/p>\n

          \n

          Free, Pro and Business plans.<\/h4>\n<\/div>\n

          Cloudflare does not proxy wildcard records; therefore, wildcard subdomains are served directly without any Cloudflare performance, security, or apps. As a result, Wildcard domains get no cloud (orange or grey) in the Cloudflare DNS app. If you are adding a `*` CNAME or A Record, you need to make sure the record is grey clouded in order for the record to be created.<\/p>\n

          To get Cloudflare protection on a wildcard subdomain (for example: www), you need to define that record explicitly in your Cloudflare DNS settings. First, log into your Cloudflare account and click the DNSapp. In this example, you would add \u201cwww\u201d as its own CNAME record on your Cloudflare DNS settings and toggle the cloud to orange so the Cloudflare\u2019s proxy is enabled.<\/p>\n

          Cloudflare Enterprise customers can proxy wildcard records. To learn more about the Enterprise plan,\u00a0contact us.<\/p>\n

          Wildcards are only valid in the left-most subdomain label. For example, it\u2019s not possible to add sub.*.example.com, but it\u2019s possible to add *.sub.example.com.<\/p>\n

           <\/p>\n

          \n
          \n

          Why can\u2019t I make ANY queries to Cloudflare DNS servers?<\/h3>\n<\/div>\n

          ANY queries are special and often misunderstood. They are usually used to get all record types available on a DNS name, but what they return is just any type in the cache of recursive resolvers. This can cause confusion when they are used for debugging.<\/p>\n

          Because of Cloudflare\u2019s many advanced DNS features like CNAME flattening, it can be complex and even impossible to give correct answers to ANY queries. For example, when DNS records dynamically come and go or are stored remotely, it can be taxing or even impossible to get all the results at the same time.<\/p>\n

          ANY is rarely used in production, but is often used in DNS reflection attacks, taking advantage of the lengthy answer returned by ANY.<\/p>\n

          Instead of using ANY queries to list records, Cloudflare customers can get a better overview of their DNS records by logging in and checking their DNS app settings.<\/p>\n

          The decision to block ANY queries was implemented for all Authoritative DNS customers in September 2015, and does not affect Virtual DNS customers.<\/p>\n

          Read\u00a0Deprecating the DNS ANY meta-query type\u00a0in the Cloudflare blog.<\/p>\n

           <\/p>\n

          \n
          \n

          Why do I have to remove my DS record when signing up for Cloudflare?<\/h3>\n<\/div>\n

          Cloudflare supports DNSSEC. If a DS record is present at your registrar while using Cloudflare, you will run into connectivity errors such as SERVFAIL when using a validating resolver like Google and noErrrorfrom non-validating ones.<\/p>\n

              Here is an example of what an error would look like:    \u2570\u2500\u27a4 dig dnssec-failed.org @8.8.8.8     <<>> DiG 9.8.3-P1 <<>> dnssec-failed.org @8.8.8.8    ;; global options: +cmd    ;; Got answer:    ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 5531    ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION:    ;dnssec-failed.org. IN A<\/pre>\n
          With DNSSEC support, Cloudflare provides the DS record that must be uploaded to your parent when you enable DNSSEC for your domain.<\/p>\n
           <\/p>\n
          \n
          \n
          What happens when I remove the DS record?<\/h3>\n<\/div>\n
          When you remove your DS record, an invalidation process begins which results in the unsigning of your domain\u2019s DNS records. This will allow your authoritative nameservers to be changed. If you are an existing customer, this will not affect your ability to use Cloudflare. New customers will need to complete this step before Cloudflare can be used successfully.<\/p>\n
           <\/p>\n
          \n
          \n
          Does Cloudflare support EDNS0 (extension mechanisms for DNS)?<\/h3>\n
           <\/p>\n<\/div>\n
          Yes, Cloudflare DNS supports EDNS0. EDNS0 is enabled for all Cloudflare customers. It is a building block for modern DNS implementations that adds support for signaling if the DNS Resolver (recursive DNS provider) supports larger message sizes and DNSSEC.<\/p>\n
          EDNS0 is the first approved set of mechanisms for\u00a0DNS extensions, originally published as\u00a0RFC 2671.<\/p>\n
           <\/p>\n
          \n
          \n
          Which record types does Cloudflare not proxy?<\/h3>\n<\/div>\n
          LOC
          \nMX
          \nNS
          \nSPF
          \nTXT
          \nSRV
          \nCAA<\/p>\n
           <\/p>\n
          \n
          \n
          What does the Automatic TTL value mean?<\/h3>\n<\/div>\n
          In the Cloudflare\u00a0DNS<\/strong>\u00a0app, changes to DNS records with an\u00a0Automatic TTL<\/strong>\u00a0will propagate in approximately 5 minutes (300 seconds).<\/p>\n
           <\/p>\n
          \n
          \n
          What should I do if I change my server IP address or hosting provider?<\/h3>\n<\/div>\n
          After switching hosting providers or server IP addresses, update the IP addresses in your Cloudflare\u00a0DNS<\/strong>\u00a0app. Your new hosting provider will provide the new IP addresses that your DNS should use. \u00a0To modify DNS record content in the\u00a0DNS<\/strong>\u00a0app, click on the IP address, and enter the new IP address.<\/p>\n
           <\/p>\n
          \n
          \n
          Does Cloudflare work with dynamic DNS?<\/h3>\n<\/div>\n
          Refer to Cloudflare\u2019s article on\u00a0managing dynamic IPs in Cloudflare DNS programmatically.<\/p>\n
           <\/p>\n
          \n
          \n
          Where can I find my Cloudflare name servers?<\/h3>\n<\/div>\n
          Under the\u00a0DNS<\/strong>\u00a0app of your Cloudflare account, review the\u00a0Cloudflare Nameservers<\/strong>.<\/p>\n
          The IP address associate with a specific Cloudflare nameserver can be retrieve via a dig command or a third-party DNS lookup tool host online such as whatsmydns.net:<\/p>\n
          dig kate.ns.cloudflare.com kate.ns.cloudflare.com.\u00a0\u00a0 \u00a068675\u00a0\u00a0 \u00a0IN\u00a0\u00a0 \u00a0A\u00a0\u00a0 \u00a0173.245.58.124.<\/pre>\n
           <\/p>\n
          \n
          \n
          Should the cloud icon beside my DNS record be orange or gray?<\/h3>\n<\/div>\n
          By default, only A and CNAME records that handle web traffic (HTTP and HTTPs) can be proxied to Cloudflare. All other DNS records should be toggle to a gray cloud. For further details, visit our support guide about which subdomains are appropriate to proxy to Cloudflare.<\/p>\n
          For DNS records proxy to Cloudflare, Cloudflare\u2019s IP addresses are return in DNS queries instead of your original server IP address. This allows Cloudflare to optimize, cache, and protect all requests for your website.<\/p>\n
           <\/p>\n
          \n
          \n
          Can subdomains be add directly to Cloudflare?<\/h3>\n<\/div>\n
          By default, subdomains cannot be add as standalone domains in a Cloudflare account. The root domain must be add to a Cloudflare account and then subdomains are manage within the root domain. However, Enterprise customers can contact Cloudflare support and request to add subdomains directly to their Cloudflare account.<\/p>\n
           <\/p>\n
          \n
          \n
          Can I setup a DNS record for only the root domain?<\/h3>\n<\/div>\n
          If your domain is add as a CNAME setup or is host through a Cloudflare hosting partner, Cloudflare cannot proxy traffic for the root domain. \u00a0This is due to DNS specification (RFC) requirements. \u00a0For such setups, only subdomains can be proxied to Cloudflare and not root domains.<\/p>\n
           <\/p>\n
          \n
          \n
          Why do I see SOA record warnings?<\/h3>\n<\/div>\n
          You can ignore the warnings from third-party tools about invalid Cloudflare SOA serial numbers or out-of-range SOA Expire Values. Because Cloudflare will automatically creates the SOA record when you move your domain to Cloudflare\u2019s Nameservers. \u00a0Some Cloudflare SOA fields differ from other common DNS servers:<\/p>\n