{"id":2591,"date":"2019-10-22T16:58:14","date_gmt":"2019-10-22T08:58:14","guid":{"rendered":"https:\/\/www.mondoze.com\/guide\/?post_type=kb&#038;p=2591"},"modified":"2022-10-05T08:02:51","modified_gmt":"2022-10-05T00:02:51","slug":"managing-dns-records-in-cloudflare","status":"publish","type":"kb","link":"https:\/\/www.mondoze.com\/guide\/kb\/managing-dns-records-in-cloudflare","title":{"rendered":"Managing DNS records in Cloudflare"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"2591\" class=\"elementor elementor-2591\" data-elementor-settings=\"[]\">\n\t\t\t\t\t\t<div class=\"elementor-inner\">\n\t\t\t\t\t\t\t<div class=\"elementor-section-wrap\">\n\t\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-279cc2fe elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"279cc2fe\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t\t\t<div class=\"elementor-row\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-1987f119\" data-id=\"1987f119\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-column-wrap elementor-element-populated\">\n\t\t\t\t\t\t\t<div class=\"elementor-widget-wrap\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-efc3767 elementor-widget elementor-widget-heading\" data-id=\"efc3767\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">How To Manage DNS Records in Cloudflare<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-200f9ac elementor-widget elementor-widget-text-editor\" data-id=\"200f9ac\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t<div class=\"elementor-text-editor elementor-clearfix\">\n\t\t\t\t<h3><strong>What is DNS?<\/strong><\/h3><p>DNS translates domain names to IP addresses and that&#8217;s why it is often call the &#8220;phonebook of the Internet.&#8221;<\/p><h3><strong>Adding DNS records<\/strong><\/h3><p>When you first add a domain to Cloudflare, a scan of common DNS records is perform in an attempt to automatically add all of the domain&#8217;s DNS records to the Cloudflare <strong>DNS<\/strong>\u00a0app. If you need to add records manually for a domain, follow the procedure below:<\/p><p>If your domain is add to Cloudflare via one of our hosting partners, manage your DNS records via the hosting partner. In this case, the Cloudflare <strong>DNS<\/strong>\u00a0app informs customers to manage DNS outside of Cloudflare.<\/p><p>1. Log in to the Cloudflare dashboard.<\/p><p>2. Click the appropriate Cloudflare account for the domain where you will add records.<\/p><p>3. Ensure the proper domain is selected.<\/p><p>4. Click the\u00a0<strong>DNS\u00a0<\/strong>app.<\/p><p>5. The UI interface for adding DNS records appears under\u00a0<strong>DNS Records<\/strong>:<\/p><p><img decoding=\"async\" loading=\"lazy\" class=\"alignnone size-medium wp-image-2593\" src=\"https:\/\/www.mondoze.com\/guide\/wp-content\/uploads\/2021\/03\/n1-300x47.png\" alt=\"\" width=\"300\" height=\"47\" \/><\/p><p>6. Replace\u00a0<strong>Name<\/strong>\u00a0with a subdomain or the root domain.<\/p><p>Per Internet standards,\u00a0<strong>Name<\/strong>\u00a0must:<\/p><ul><li>be 63 characters or less,<\/li><li>start with a letter,<\/li><li>end with a letter or digit,<\/li><li>and contain only letters, digits, or a hyphen as the interior characters.<\/li><\/ul><p>Additionally, Cloudflare allows an underscore\u00a0<em>_<\/em>\u00a0in the\u00a0<em>A<\/em>\u00a0and\u00a0<em>CNAME record\u00a0<\/em><strong>Name<\/strong>\u00a0since some modern web services support an underscore. However, Cloudflare discourages using underscores due to limited browser support.<\/p><p>7. (Optional) Some record types such\u00a0<em>A<\/em>,\u00a0<em>AAAA<\/em>, and\u00a0<em>CNAME<\/em>\u00a0allow a customer to toggle the Cloudflare proxy on or off. \u00a0For the\u00a0<strong>Cloudflare Proxy Toggle:<\/strong><\/p><ul><li>An<em>\u00a0orange cloud icon<\/em>\u00a0proxies traffic through Cloudflare for the DNS record\u00a0<strong>Name<\/strong>.<strong>\u00a0<\/strong><\/li><li>A\u00a0<em>grey cloud icon<\/em>\u00a0ensures traffic for the DNS record\u00a0<strong>Name\u00a0<\/strong>is not proxied to Cloudflare. \u00a0Cloudflare still serves DNS for a grey clouded DNS record, but no other Cloudflare features such as SSL, page rules, caching, WAF, etc are applied.<\/li><\/ul><p>Grey cloud icons for\u00a0<em>A<\/em>,\u00a0<em>AAAA<\/em>, or\u00a0<em>CNAME records<\/em>\u00a0will expose your origin IP address to attackers and allows them to attack your origin IP address directly even if you later proxy traffic to Cloudflare. \u00a0Direct attacks to your origin IP are only mitigated by asking your hosting provider to change your origin IP address.<\/p><p>8. The\u00a0<strong>Type<\/strong>\u00a0selection defaults to\u00a0<em>A records. \u00a0<\/em>Expand the DNS record types in the tables below for further instructions pertaining to each record type:<\/p><p>To ensure visitor traffic reaches a domain, a domain requires at least an\u00a0<em>A or AAAA record<\/em>\u00a0to point to the origin web server IP address or a\u00a0<em>CNAME record<\/em>\u00a0that points to the hostname of a hosting service.<\/p><p>Critical DNS records for IP address resolution:<\/p><h4><strong>A<\/strong><\/h4><p><em>A Records<\/em>\u00a0are necessary to direct a visitor&#8217;s browser requests to an origin web server.<\/p><p>To add an\u00a0<em>A record<\/em>:<\/p><p>1. Replace\u00a0<strong>Value<\/strong>\u00a0with a real address (Please note you cannot use a Cloudflare IP).<br \/>Example:\u00a0<em>203.0.113.34<\/em><\/p><p>2. Click\u00a0<strong>Add Record<\/strong>.<br \/>Multiple\u00a0<em>A records<\/em> for the same subdomain can be add with different IP addresses. Cloudflare&#8217;s DNS will alternate requests to the various IP addresses provided. However, Cloudflare&#8217;s DNS will continue to alternate traffic to all specified IP addresses even if an IP address is unreachable.<\/p><p>Cloudflare Load Balancing is the recommend solution for spreading traffic across multiple IP addresses while only sending traffic to reachable IP addresses.<\/p><h4><strong>CNAME<\/strong><\/h4><p><em>CNAME Records<\/em>\u00a0are necessary to direct a visitor&#8217;s browser requests to an origin web server. \u00a0Unlike an\u00a0<em>A record<\/em>, the\u00a0<em>CNAME<\/em>\u00a0will point to a hostname like\u00a0www.example.com\u00a0instead of an IP address.\u00a0www.example.com\u00a0would then either have an\u00a0<em>A record<\/em>\u00a0that lists the IP address or use another\u00a0<em>CNAME record\u00a0<\/em>that points to a different hostname. Eventually, a chain of\u00a0<em>CNAME records<\/em>\u00a0must point to a hostname that resolves to an IP address.<\/p><p>To add a\u00a0<em>CNAME record<\/em>:<\/p><p>1. Replace\u00a0<strong>Value<\/strong>\u00a0with the target (destination) domain.<br \/>Example:\u00a0<em>mysite.myhost.com<\/em><br \/>Example:\u00a0<em>s3-eu-west-1.amazonaws.com<\/em><\/p><p>2. Click\u00a0<strong>Add Record<\/strong>.<\/p><h4><strong>AAAA<\/strong><\/h4><p>1. Replace\u00a0<strong>Value<\/strong>\u00a0with a real address.<\/p><p>Example:<em>\u00a02001:db8:ffff:ffff:ffff:ffff:ffff:ffff<\/em><\/p><p>2. Click\u00a0<strong>Add Record<\/strong>.<\/p><p>DNS records for email and email authentication:<\/p><h4><strong>TXT<\/strong><\/h4><p><em>TXT records<\/em> are commonly use for mail authentication.<\/p><p>Review the\u00a0<em>SPF<\/em>\u00a0and\u00a0<em>DKIM<\/em>\u00a0sections of this table for examples.<\/p><p>To add a\u00a0<em>TXT record<\/em>:<\/p><p>1. Replace\u00a0<strong>Value<\/strong>\u00a0with real data.<br \/>2. Click\u00a0<strong>Add Record<\/strong>.<\/p><h4><strong>MX<\/strong><\/h4><p><em>MX Records<\/em>\u00a0are necessary for delivery of email to a mail server. Any MX record\u00a0<strong>Server<\/strong>\u00a0name requires a corresponding A record that lists the IP address of the mail server.<\/p><p>To add an\u00a0<em>MX record<\/em>:<\/p><p>1. Click on the\u00a0<strong>Value<\/strong>\u00a0field to open a popup window for supplying further\u00a0<em>MX record<\/em>\u00a0details:<br \/><img decoding=\"async\" loading=\"lazy\" class=\"alignnone size-medium wp-image-2594\" src=\"https:\/\/www.mondoze.com\/guide\/wp-content\/uploads\/2021\/03\/n2-300x195.png\" alt=\"\" width=\"300\" height=\"195\" \/><\/p><p><strong>Server\u00a0<\/strong>is the DNS hostname of the mail server.<\/p><p><strong>Priority<\/strong>\u00a0is a relative number.<br \/>The lowest\u00a0<strong>Priority<\/strong>\u00a0number in a group of\u00a0<em>MX records<\/em>\u00a0will have priority over the rest.<\/p><p>2. Click\u00a0<strong>Save<\/strong>.<\/p><p>3. Click\u00a0<strong>Add Record<\/strong>.<\/p><p>A typical\u00a0<em>MX\u00a0<\/em><em>record\u00a0<\/em><strong>Name<\/strong>\u00a0is the root domain such as\u00a0<em>example.com<\/em>. However, reach out to your email hosting provider to confirm the\u00a0<em>MX\u00a0<\/em><strong>Name<\/strong>\u00a0and\u00a0<strong>Server<\/strong>\u00a0details.<\/p><h4><strong>DKIM<\/strong><\/h4><p>There is no\u00a0<em>DKIM record<\/em> type. \u00a0DKIM is instead configure as a DNS\u00a0<em>TXT record<\/em>.<\/p><p><em>DKIM records<\/em>\u00a0can often exceed the 255-character limit for\u00a0<em>TXT records<\/em>. Therefore, Cloudflare will automatically split these into multiple records at the same domain name, producing a record with a format similar to the following when queried:<\/p><p><code>default._domainkey.example.com. 299 IN TXT \"v=DKIM1; k=rsa; p=\" \";\"<\/code><\/p><p>Remove quotation marks and spaces when adding\u00a0<em>DKIM records<\/em>\u00a0to your zone. Also, you do not need to prefix (escape) semicolons with a &#8220;\\&#8221; character for\u00a0<em>DKIM records<\/em>\u00a0added to Cloudflare.<\/p><p>http:\/\/dkimcore.org\/tools\/\u00a0is a recommended online DKIM validation tool.<\/p><p>Some services require additional\u00a0<em>CNAME records<\/em>\u00a0for DKIM verification. Verification will fail for CNAME records used to verify DKIM unless there is a grey-cloud icon beside the\u00a0<em>CNAME record<\/em>\u00a0in the\u00a0<strong>DNS<\/strong>\u00a0app.<\/p><h4><strong>SPF<\/strong><\/h4><p>1. Replace\u00a0<strong>Value<\/strong>\u00a0with real data.<\/p><p>DNS specifications have deprecate the <em>SPF record<\/em>\u00a0type in favor of\u00a0<em>TXT records<\/em>.<\/p><p>Although Cloudflare and other DNS providers\u00a0 that most support the dedicated <em>SPF record<\/em>\u00a0types, some DNS clients may instead look for a\u00a0<em>TXT record<\/em>.<\/p><p>Add both a\u00a0<em>SPF record<\/em>\u00a0and a\u00a0<em>TXT record<\/em>\u00a0to your domain to ensure backwards compatibility.<\/p><p>SPF content as a\u00a0<em>TXT record<\/em>\u00a0will look similar to the following:<\/p><pre>TXT @ v=spf1 include:example.net -all<\/pre><p>Further details on\u00a0<em>SPF record<\/em> syntax can be find at openspf.org. Contact your mail provider about <em>SPF record<\/em>\u00a0content if you observe SPF failures in your email headers or if your mail is undeliverable.<\/p><h4><strong>DMARC<\/strong><\/h4><p>Domain-based Message Authentication, Reporting &amp; Conformance (DMARC) allows an email recipient to know if the email is protect by SPF and\/or DKIM. DMARC describes how the email recipient should process the email if neither of those authentication methods passes.<\/p><p>There is no\u00a0<em>DMARC record<\/em> type. \u00a0DMARC is instead configure as a DNS\u00a0<em>TXT record<\/em>.<\/p><p>To learn more about DMARC records, visit the DMARC project.<\/p><p>Specialized DNS records:<\/p><h4><strong>CAA<\/strong><\/h4><p>1. Replace\u00a0<strong>Value<\/strong>\u00a0with real data.<\/p><h4><strong>SRV<\/strong><\/h4><p>1. Click on the\u00a0<strong>Value<\/strong>\u00a0field to open a popup window for supplying SRV record details:<\/p><p><img decoding=\"async\" loading=\"lazy\" class=\"alignnone size-medium wp-image-2595\" src=\"https:\/\/www.mondoze.com\/guide\/wp-content\/uploads\/2021\/03\/n3-300x242.png\" alt=\"\" width=\"300\" height=\"242\" \/><\/p><p>2. Create the\u00a0<strong>SRV name<\/strong>. For example:<\/p><p><strong>Service<\/strong>:\u00a0<em>_xmpp-client<\/em><\/p><p><strong>Protocol<\/strong>:\u00a0<em>tcp<\/em><strong><br \/>Name<\/strong>:\u00a0<em>yourdomain.com<\/em><\/p><p>3. Click\u00a0<strong>Save<\/strong>. Cloudflare will combine the\u00a0<strong>Service<\/strong>,\u00a0<strong>Protocol<\/strong>, and\u00a0<strong>Name<\/strong>\u00a0fields to create the\u00a0<em>SRV record<\/em>name.<\/p><p>4. A new window will appear requesting to add the\u00a0<strong>SRV content:<\/strong><\/p><p><strong>\u00a0 \u00a0 \u00a0 <img decoding=\"async\" loading=\"lazy\" class=\"alignnone size-medium wp-image-2598\" src=\"https:\/\/www.mondoze.com\/guide\/wp-content\/uploads\/2021\/03\/n4-300x288.png\" alt=\"\" width=\"300\" height=\"288\" \/><\/strong><\/p><p>5. Add the\u00a0<strong>SRV content<\/strong>. For example :<\/p><p><strong>Priority<\/strong>:\u00a0<em>5<\/em><\/p><p><strong>Weight<\/strong>:\u00a0<em>0<\/em><\/p><p><strong>Port<\/strong>:\u00a0<em>5222<\/em><\/p><p><strong>Target<\/strong>:\u00a0<em>talk.l.google.com<\/em><\/p><p>6. Click\u00a0<strong>Save<\/strong>.<\/p><p>Using the example data below, a DNS query for the <em>SRV record<\/em>\u00a0would return the following response:<\/p><pre>_xmpp-client._tcp.yourdomain.com. IN SRV 5 0 5222 talk.l.google.com.<\/pre><h4><strong>PTR<\/strong><\/h4><p>For proxied domains, Cloudflare responds to DNS queries with its own shared, dynamic IP addresses. \u00a0Therefore,\u00a0<em>PTR records<\/em> cannot be add to Cloudflare.<\/p><p>The\u00a0<em>PTR record<\/em>\u00a0option shown in the\u00a0<strong>DNS Records<\/strong>\u00a0dropdown is not for adding\u00a0<em>PTR records<\/em>\u00a0for Reverse DNS resolution. \u00a0It is instead for adding a\u00a0<em>PTR Record<\/em> to the Forward DNS resolution for the domain. PTR in Forward DNS is allow under the DNS specification.<\/p><p>The main reason to have a\u00a0<em>PTR record<\/em>\u00a0is to prevent emails from ending up in spam folders. Since Cloudflare doesn&#8217;t support email traffic by default, you would instead need to set the\u00a0<em>PTR record<\/em> where your email server is locate. \u00a0Please reach out to your email provider for assistance.<\/p><p>Customers which with Enterprise domains using Cloudflare&#8217;s <strong>DNS Firewall<\/strong>\u00a0feature can request Cloudflare Support for assistance with updating PTR records.<strong><br \/><\/strong><\/p><h4><strong>SOA<\/strong><\/h4><p>There is no need to configure\u00a0<em>SOA records<\/em> when using Cloudflare&#8217;s nameservers as the authoritative nameservers. Therefore ,Cloudflare automatically creates the <em>SOA record<\/em>\u00a0when you migrate your domain to Cloudflare.<\/p><p>Cloudflare can proxy certain DNS records.<\/p><hr \/><h3><strong>Deleting DNS records<\/strong><\/h3><p>1. Log in to the Cloudflare dashboard.<\/p><p>2. Click the appropriate Cloudflare account for the domain where you will delete records.<\/p><p>3. Ensure the proper domain is select.<\/p><p>4. Click the\u00a0<strong>DNS\u00a0<\/strong>app.<\/p><p>5. Under\u00a0<strong>DNS Records<\/strong>, click\u00a0<strong>X<\/strong>\u00a0to delete a specific DNS record.<\/p>\t\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>How To Manage DNS Records in Cloudflare What is DNS? DNS translates domain names to IP addresses and that&#8217;s why it is often call the &#8220;phonebook of the Internet.&#8221; Adding DNS records When you first add a domain to Cloudflare, a scan of common DNS records is perform in an attempt to automatically add all &hellip;<\/p>\n<p class=\"read-more\"> <a class=\"\" href=\"https:\/\/www.mondoze.com\/guide\/kb\/managing-dns-records-in-cloudflare\"> <span class=\"screen-reader-text\">Managing DNS records in Cloudflare<\/span> Read More \u00bb<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""}}},"kbtopic":[53],"kbtag":[110],"mkb_version":[],"_links":{"self":[{"href":"https:\/\/www.mondoze.com\/guide\/wp-json\/wp\/v2\/kb\/2591"}],"collection":[{"href":"https:\/\/www.mondoze.com\/guide\/wp-json\/wp\/v2\/kb"}],"about":[{"href":"https:\/\/www.mondoze.com\/guide\/wp-json\/wp\/v2\/types\/kb"}],"author":[{"embeddable":true,"href":"https:\/\/www.mondoze.com\/guide\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.mondoze.com\/guide\/wp-json\/wp\/v2\/comments?post=2591"}],"version-history":[{"count":11,"href":"https:\/\/www.mondoze.com\/guide\/wp-json\/wp\/v2\/kb\/2591\/revisions"}],"predecessor-version":[{"id":21946,"href":"https:\/\/www.mondoze.com\/guide\/wp-json\/wp\/v2\/kb\/2591\/revisions\/21946"}],"wp:attachment":[{"href":"https:\/\/www.mondoze.com\/guide\/wp-json\/wp\/v2\/media?parent=2591"}],"wp:term":[{"taxonomy":"kbtopic","embeddable":true,"href":"https:\/\/www.mondoze.com\/guide\/wp-json\/wp\/v2\/kbtopic?post=2591"},{"taxonomy":"kbtag","embeddable":true,"href":"https:\/\/www.mondoze.com\/guide\/wp-json\/wp\/v2\/kbtag?post=2591"},{"taxonomy":"mkb_version","embeddable":true,"href":"https:\/\/www.mondoze.com\/guide\/wp-json\/wp\/v2\/mkb_version?post=2591"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}