In this article, you’ll learn how to manage DNS records for your site using Cloudflare. As well as, the purpose of common DNS records, and how you can add or delete those records. But first, to configure your site on Cloudflare successfully, you’ll need to add your domains and subdomains via DNS records.
Generally, the public Internet does its best to deliver your content — but it can’t account for network congestion. Leading to slow load times and a degraded end-user experience. The Cloudflare network is different. It routes over 10 trillion global requests per month.
Cloudflare was created to ease the difficulties of content delivery. While empowering its users with the resources to make their sites, apps, and blogs safe and performant.
So, if you’re a pro web developer, you can start straight away! And you can do all this through the use of a powerful edge network that’s Cloudflare. That provides content and other services as close to you as possible. Meaning, you’ll get the information as fast as possible.
So, what is it and how does it work? Why does every webmaster need it for their web performance & security? Well, you can see more details on
What are DNS records?
DNS records are a set of global systems for translating IP addresses to human-readable domain names.
When a user tries to access a web address like “example.com”, their web browser or application performs a DNS Query against a DNS server, supplying the hostname. The DNS server takes the hostname and resolves it into a numeric IP address, which the web browser can connect to.
A component called a DNS Resolver is responsible for checking if the hostname is available in the local cache. And if not, it contacts a series of DNS Name Servers, until eventually, it receives the IP of the service the user is trying to reach.
Related Topic: Why Cloudflare is the Best for Web Performance & Security
From the revised article through the link provided above, you already have an idea of what Cloudflare is and how it works.
Now let’s learn how to Manage Cloudflare DNS Records for your Website below. We’ll start with the definition of what a DNS is. DNS translates domain names to IP addresses and that’s why it is often called the “phonebook of the Internet.”
How to Add DNS records to Cloudflare
When you first add a domain to Cloudflare, a scan of common DNS records is performed. This is in an attempt to automatically add all of the domain’s DNS records to the Cloudflare DNS app.
That in mind, if you need to add records manually for a domain, you can follow the procedure below. And if your domain is added to Cloudflare through one of their hosting partners, you can manage your DNS records through the hosting partner.
In this case, the Cloudflare DNS app (known as 220.127.116.11) informs customers to manage DNS outside of Cloudflare. Below is a screenshot of what to expect.
How to add DNS records:
- Log in to the Cloudflare dashboard.
- Click the appropriate Cloudflare account for the domain where you will add records.
- Ensure the proper domain is selected and then click on the DNS app.
- The UI interface for adding DNS records appears under DNS Records.
- Replace Name with a subdomain or the root domain.
Per Internet standards, the preferred name must:*
What is Cloudflare Proxy Toggle?
Additionally, Cloudflare allows an underscore _ in the A and CNAME record **Name** since some modern web services support an underscore.
However, Cloudflare discourages using underscores due to limited browser support. Although optional, some record types such as A, AAAA, and CNAME allow a customer to toggle the Cloudflare proxy on or off. For the Cloudflare Proxy Toggle:
- An orange cloud icon proxies traffic through Cloudflare for the DNS record Name.
- A grey cloud icon ensures traffic for the DNS record Name is not proxied to Cloudflare.
Keep in mind, Cloudflare still serves DNS for a grey clouded DNS record. But no other Cloudflare features such as SSL, page rules, caching, WAF, etc are applied.
Related Topic: How to Auto Refresh Web Pages | Top 5 Extensions to use
Grey cloud icons for A, AAAA, or CNAME records will expose your origin IP address to attackers and allows them to attack your origin IP address directly even if you later proxy traffic to Cloudflare.
In addition, direct attacks to your origin IP are only mitigated by asking your hosting provider to change your origin IP address.
For the default DNS Type records:
To ensure visitor traffic reaches a domain, a domain requires at least an A or AAAA record to point to the origin web server IP address. Or rather a CNAME record that points to the hostname of a hosting service.
Eventually, the Type selection defaults to A records. Below are the expanded DNS record types in a table form for further instructions pertaining to each record type:
1. Critical DNS records for IP address resolution:
▶ A: What is an A record?
An A Records are necessary to direct a visitor’s browser requests to an origin web server.
Cloudflare Load Balancing is the recommended solution for spreading traffic across multiple IP addresses while only sending traffic to reachable IP addresses. To add an A record:
- Replace Value with a real address (you cannot use a Cloudflare IP). Example: 203.0.113.34 2.
- Click Add Record. Multiple A records for the same subdomain can be added with different IP addresses.
Cloudflare’s DNS will alternate requests to the various IP addresses provided.
However, Cloudflare’s DNS will continue to alternate traffic to all specified IP addresses even if an IP address is unreachable.
▶ CNAME: What is a CNAME record?
CNAME Records are necessary to direct a visitor’s browser requests to an origin web server. Unlike an A record, the CNAME will point to a hostname like www.example.com.
Instead of an IP address. www.example.com would then either have an A record that lists the IP address. Or uses another CNAME record that points to a different hostname. Eventually, a chain of CNAME records must point to a hostname that resolves to an IP address.
To add a CNAME record, replace Value with the target (destination) domain. Example 1 is mysite.myhost.com and example 2 is s3-eu-west-1.amazonaws.com. Then thereafter, click Add Record.
▶ AAAA: What is an AAAA record?
An AAAA record maps a domain name to the IP address (Version 6) of the computer hosting the domain. An AAAA record is used to find the IP address of a computer connected to the internet from a name.
The AAAA record is conceptually similar to the A record, but it allows you to specify the IPv6 address of the server, rather than the IPv4.
AAAA records are less common than A records, however, their popularity is rising along with the increased adoption of IPv6 addresses. For example, all the DNSimple name servers are assigned to an IPv6 address and can be queried via either IPv4 or IPv6.
As with the A records, you can use multiple AAAA records for the same domain in order to provide redundancy. Multiple names could point to the same address, in which case each would have its own AAAA record pointing to that same IP address.
The DNS A record is specified by RFC 3596. For example (127.198.30.245). To replace Value with a real address, for example, 2001:db8:ffff:ffff:ffff:ffff:ffff:ffff , click on the Add Record option.
2. DNS records for email and email authentication:
▶ TXT: What is a TXT record?
A DNS TXT record is commonly used for mail authentication. You can review the SPF and DKIM sections for this guide and more examples.
Basically, TXT records added through the UI have a max length of 2048 characters. You can add TXT records requiring more than 2048 characters via the API.
To add a TXT record, you can replace the Value with real data. Just click to Add Record.
▶ MX: What is an MX record?
A typical MX record *Name** is the root domain such as *example.com. However, you should reach out to your email hosting provider to confirm the *MX Name* and Server details. An MX Record is necessary for the delivery of email to a mail server.
Any MX record Server name requires a corresponding A record that lists the IP address of the mail server. Mail Exchange (MX) records are DNS records that are necessary for delivering email to your address.
In simple DNS terms, an MX record is used to tell the world which mail servers accept incoming mail for your domain. As well as where emails sent to your domain should be routed to.
To add an MX record:
- Click Add Record.
- Choose MX from the Type field to display the required MX record details.
- Then click Save.
The mail server is the DNS hostname of the mail server. Priority is a relative number.
If your MX records are not pointed to the correct location, you will not receive any emails. The lowest Priority number in a group of MX records will have priority over the rest.
▶ DKIM: What is a DKIM record?
DKIM record (Domain Keys Identified Mail) is a method to validate the authenticity of email messages.
When each email is sent, it is signed using a private key and then validated on the receiving mail server (or ISP) using a public key in DNS. This process verifies that the message was not altered during transit.
DKIM records can often exceed the 255-character limit for TXT records. Therefore, Cloudflare will automatically split these into multiple records at the same domain name, producing a record with a format similar to the following when queried:
default._domainkey.example.com. 299 IN TXT "v=DKIM1; k=rsa; p=<encoded public key>" "<rest of public key>;"
Remove quotation marks and spaces when adding DKIM records to your zone. Also, you do not need to prefix (escape) semicolons with a “\” character for DKIM records added to Cloudflare.
Tools to use DKIM record:
As an example, http://dkimcore.org/tools/ is a recommended online DKIM validation tool.
Some services require additional CNAME records for DKIM verification. Verification will fail for CNAME records used to verify DKIM unless there is a grey-cloud icon beside the CNAME record in the DNS app.
▶ SPF: What is an SPF record?
The SPF record helps you to replace Value with real data. But, DNS specifications have deprecated the SPF record type in favor of TXT records.
Although Cloudflare and most other DNS providers support the dedicated SPF record types, some DNS clients may instead look for a TXT record.
Add both an SPF record and a TXT record to your domain to ensure backward compatibility. SPF content as a TXT record will look similar to the following:
TXT @ v=spf1 include:example.net -all
Contact your mail provider about SPF record content if you observe SPF failures in your email headers or if your mail is undeliverable.
▶ DMARC: What is a DMARC record?
DMARC record stands for Domain-based Message Authentication, Reporting, and Conformance.
It’s a DNS TXT Record that can be published for a domain to control what happens if a message fails authentication. For instance, if the recipient server can’t verify that the message’s sender is who they say they are.
A published DMARC record basically serves two purposes. Whereby, a Domain-based Message Authentication, Reporting & Conformance (DMARC) allows an email recipient to know if the email is protected by SPF and/or DKIM.
On the other hand, DMARC describes how the email recipient should process the email if neither of those authentication methods passes. Since there is no DMARC record type, DMARC is instead configured as a DNS TXT record.
To learn more about DMARC records, visit the DMARC project.
3. Specialized DNS records:
▶ CAA: What is a CAA record?
A CAA record (Certification Authority Authorization Record) is used to specify which certificate authorities (CAs) are allowed to issue certificates for a domain. It helps you to replace Value with real data.
CAA records allow domain owners to declare which certificate authorities are allowed to issue a certificate for a domain. They also provide a means of indicating notification rules in case someone requests a certificate from an unauthorized certificate authority.
If no CAA record is present, any CA is allowed to issue a certificate for the domain. If a CAA record is present, only the CAs listed in the record(s) are allowed to issue certificates for that hostname.
CAA records can set policy for the entire domain or for specific hostnames. CAA records are also inherited by subdomains. For example, a CAA record set on
example.com also applies to any subdomain, like
subdomain.example.com (unless overridden). C
AA records can control the issuance of single-name certificates, wildcard certificates, or both. The DNS CAA record is specified by RFC 6844. For further assistance, refer to the support guide dedicated to configuring CAA records.
▶ SRV: What is an SRV record?
An SRV record (or Service records) are custom DNS records. They are used to establish connections between a service and a hostname.
When an application needs to find the location of a specific service, it will search for a related SRV record. If it finds one, it will sift through the list of services and their connecting hostnames to find the following:
Creating an SRV record can potentially save you time later on.
For example, a compatible new email client will pull your ports and settings preferences from the SRV record if you have one configured. Without the SRV record, a new email client will guess (usually incorrectly) these preferences.
To add an SRV record:
- Click on Add Record.
- Choose SRV from the Type field to display the required SRV record details.
- Create the SRV name and then click Save.
Service: _xmpp-client Protocol: tcp Name: yourdomain.com Priority: 5 Weight: 0 Port: 5222 Target: talk.l.google.com
Cloudflare will combine the Service, Protocol, and Name fields to create the SRV record name.
Using the example data above, a DNS query for the SRV record would return the following response:
_xmpp-client._tcp.yourdomain.com. IN SRV 5 0 5222 talk.l.google.com.
▶ PTR: What is a PTR record?
A PTR record (or pointer records) helps resolve an IP address to a fully-qualified domain name (FQDN) as an opposite to what A record does. PTR records are also called Reverse DNS records.
PTR records are mainly used to check if the server name is actually associated with the IP address from where the connection was initiated. IP addresses of all Intermedia mail servers already have PTR records created.
If you are using both Intermedia mail servers and external mail servers (e.g. Dedicated Web Server or Cloud Server) and the external server does not belong to Intermedia infrastructure, you need to create a PTR record.
Simply, because it will help your server pass some security tests when connecting to other mail servers. To do that, you will need to contact the company which owns the IP address of the server. Usually, it is your Internet Service Provider (ISP).
For proxied domains, Cloudflare responds to DNS queries with its own shared, dynamic IP addresses. Therefore, PTR records cannot be added to Cloudflare.
Customers with Enterprise domains using Cloudflare’s DNS Firewall feature can request Cloudflare Support for assistance with updating PTR records. You can check your PTR record in external DNS lookup solutions like MX Toolbox.
▶ SOA: What is an SOA record?
To achieve this, the “slaves” (i.e. servers situated lower on the hierarchy) synchronize their data with that of the “master” server. The way the zone transfer is supposed to proceed is regulated by the SOA record.
For this purpose, this type of DNS record receives various types of information. There is no need to configure SOA records when using Cloudflare’s nameservers as the authoritative nameservers.
Cloudflare automatically creates the SOA record when you migrate your domain to Cloudflare.
How to Delete your Site DNS Records
Now that we’ve covered the major types of traditional DNS infrastructure, you should know that DNS can be more than just the “plumbing” of the Internet.
Advanced DNS solutions can help do some amazing things, including:
- Global server load balancing (GSLB): fast routing of connections between globally distributed data centers
- Multi CDN: routing users to the CDN that will provide the best experience
- Geographical routing: identifying the physical location of each user and ensuring they are routed to the nearest possible resource
- Datacenter and cloud migration: moving traffic in a controlled manner from on-premise resources to cloud resources
- Internet traffic management: reducing network congestion and ensuring traffic flows to the appropriate resource in an optimal manner
These capabilities are made possible by next-generation DNS servers that are able to intelligently route and filter traffic.
Related Topic: Email undeliverable when using Cloudflare
You can learn more about NS1’s intelligent DNS platform and take DNS to the next level. All in all, you can delete your DNS records at any time.
To delete your DNS records;
- First, log in to the Cloudflare dashboard.
- Secondly, choose the appropriate Cloudflare account associated with the domain where you will delete records.
- Then again, choose the domain for which you will delete records.
- Click the DNS app and identify the record to delete and then click to Edit or Delete.
- After a confirmation dialog appears, click Delete again to confirm.
Finally, for more questions about a DNS record not listed in the guide above, you can visit the Cloudflare Learning Center.
And since Cloudflare can proxy certain DNS records, please visit their guide on which records are appropriate to the proxy. But, if you’ll require or need more help, you can Contact Us or even share your thoughts in the comments section.