Managing DNS in Cloudflare

What is DNS?

DNS translates domain names into IP addresses and that's why it's often called the "Internet phone book". 


Adding DNS records

When you first add a domain to Cloudflare, a general DNS records scan is performed in an attempt to automatically add all the domain's DNS records to the Cloudflare DNS application. If you need to manually add data for a domain, follow the procedure below:


If your domain was added to Cloudflare through one of our hosting partners, manage your DNS data through the hosting partner. In this case, the Cloudflare DNS app informs the customer to manage DNS outside of Cloudflare.


1. Log in to the Cloudflare dashboard.


2. Click the appropriate Cloudflare account for the domain where you will add records.


3. Make sure the right domain is selected.


4. Click the DNS app.


5. The UI interface for adding DNS records appears under DNS Records :

DNS-Wizard.png

6. Replace the Name with the subdomain or root domain.


  According to Internet standards, the Name should:


be 63 characters or less,

begin with a letter,

end with a letter or number,

and contain only letters, numbers, or hyphens as interior characters.

Additionally, Cloudflare allows underscores on A and CNAME data names because some modern web services support underscores. However, Cloudflare does not recommend using underscores due to limited browser support.


7. (Optional) Some data types such as A, AAAA, and CNAME allow customers to enable or disable Cloudflare proxy. For Cloudflare Proxy Switcher:


The orange cloud icon proxies traffic through Cloudflare for DNS Name data. 

The gray cloud icon ensures traffic for DNS record names is not proxied to Cloudflare. Cloudflare still serves DNS for the gray cloudy DNS records, but no other Cloudflare features such as SSL, page rules, caching, WAF, etc are applied.

Gray cloud icons for A, AAAA, or CNAME records will expose your origin IP address to attackers and allow them to attack your origin IP address directly even if you then proxy the traffic to Cloudflare. Direct attacks to your home IP can only be mitigated by having your hosting provider change your home IP address.


8. Selection The default type is A record. Expand the DNS data types in the table below for further instructions on each data type:


To ensure visitor traffic reaches a domain, the domain needs at least an A or AAAA record pointing to the IP address of the originating web server or a CNAME record pointing to the hostname of the hosting service.


DNS records are important for IP address resolution:


A 


A record is required to redirect the visitor's browser request to the originating web server.


To add an A record:


1. Replace Value with the real address (Please note you cannot use Cloudflare IP).

Example: 203.0.113.34


2. Click Add Record.

Multiple A records for the same subdomain can be added with different IP addresses. Cloudflare DNS will replace the requests to the various IP addresses provided. However, Cloudflare DNS will continue to redirect traffic to all the specified IP addresses even if the IP addresses are unreachable.


Cloudflare Load Balancing is a recommended solution to spread traffic across multiple IP addresses while only delivering traffic to reachable IP addresses.


CNAME  


CNAME records are required to direct a visitor's browser request to the originating web server. Unlike the A record, CNAME will point to a host name such as www.example.com and not an IP address. www.example.com will then either have an A record that lists the IP address or use another CNAME record that points to a different host name. Ultimately, the CNAME data set should point to a hostname that is assigned to an IP address.


To add a CNAME record:


1. Replace Value with the target (destination) domain.

    Example: mysite.myhost.com

    Example: s3-eu-west-1.amazonaws.com


2. Click Add Record.

AAAA 

1. Replace Value with the real address.


Example:  2001:db8:ffff:ffff:ffff:ffff:ffff:ffff:ffff


2. Click Add Record.


DNS records for email and email authentication:


txt 


TXT data is usually used for email authentication.


Review the SPF and DKIM sections of this table to see examples.


To add TXT data:


1. Replace the Value with the actual data.

2. Click Add Record.


 MX


MX records are required for email delivery to email servers. Any MX record server name requires an associated A record that lists the IP address of the mail server.

Untuk menambahkan data MX :


1. Click on the Value field to open a popup window to provide further MX data details:


konten mx.png

Server is the DNS hostname of the mail server.


Priority is a relative number. Priority Number

in the MX record group will have priority over other numbers. 2. Click Save. 3. Click Add Record .

Nama data  MX  yang khas adalah domain root seperti example.com . Namun, hubungi penyedia hosting email Anda untuk mengonfirmasi Nama MX  dan detail Server .

DKIM

There is no DKIM data type. DKIM is instead configured as DNS TXT data.


DKIM data often exceeds the 255-character limit for TXT data. Therefore, Cloudflare will automatically split it into multiple records on the same domain name, resulting in records with a format similar to the following when queried:


default._domainkey.example.com. 299 IN TXT "v=DKIM1; k=rsa; p=<encoded public key>" "<rest of public key>;"


Remove quotes and spaces when adding DKIM data to your zone. Also, you do not need to prefix (escape) semicolons with "\" characters for DKIM data added to Cloudflare.

http://dkimcore.org/tools/ is the recommended online DKIM validation tool.

Some services require additional CNAME data for DKIM verification. Verification will fail for CNAME data used to verify DKIM unless there is a gray cloud icon next to the CNAME data in the DNS app.

SPF  

1. Replace Values with real data.


DNS specifications no longer use SPF data types and only use TXT data.


Although Cloudflare and most other DNS providers support custom SPF data types, some DNS clients may look for TXT data.


Add SPF records and TXT records to your domain to ensure backward compatibility.


SPF content as TXT data will look similar to the following:

TXT @ v=spf1 termasuk:example.net -semua

More details about SPF data syntax can be found at openspf.org. Contact your email provider about SPF data content if you see SPF failures in the email header or if your email is undeliverable.

DMARC 

Domain-based Message Authentication, Reporting & Conformance (DMARC) allows email recipients to know if an email is protected by SPF and/or DKIM. DMARC describes how email recipients should process emails if neither of these authentication methods pass.


There is no DMARC data type. DMARC is instead configured as DNS TXT data.


To learn more about DMARC records, visit the DMARC project.


Custom DNS records:


CAA  

1. Replace Values with real data.


Srv  


1. Click on the Value column to open a popup window to provide SRV data details:

Layar_Shot_2018-11-05_at_12.53.29_PM.png

2. Create an SRV name. For example:


Service: _xmpp-client


Protocol: Tcp name: domainanda.com


3. Click Save. Cloudflare will combine the Service, Protocol, and Name fields to create the SRV data name.


4. A new window will appear asking to add SRV content:

Layar_Shot_2018-11-05_at_12.54.32_PM.png


5. Add SRV content. For example:


Priority: 5


Weight : 0


Port: 5222


Target : talk.l.google.com


6. Click Save.


Using the example data above, a DNS query for SRV data will result in the following response:

_xmpp-client._tcp.domainanda.com. DI SRV 5 0 5222 talk.l.google.com.

PTR 

For proxied domains, Cloudflare responds to DNS requests with its shared dynamic IP address. Therefore, PTR records cannot be added to Cloudflare.


The PTR record option shown in the DNS Records dropdown is not to add a PTR record for Reverse DNS resolution. It is instead to add a PTR Record to the Forward DNS resolution for the domain. PTR in Forward DNS is allowed under the DNS specification.


The main reason for having PTR records is to prevent emails from going to spam folders. Since Cloudflare does not support email traffic by default, you need to set up PTR records where your email servers are located. Please contact your email provider for assistance.


Customers with Enterprise domains using Cloudflare's DNS Firewall feature can ask Cloudflare Support for assistance in updating PTR records.


SOA


There is no need to configure SOA records when using Cloudflare name servers as authoritative name servers. Cloudflare automatically creates SOA records when you migrate your domain to Cloudflare.


Cloudflare can proxy certain DNS records. 


Delete a DNS record

1. Log in to the Cloudflare dashboard.


2. Click the appropriate Cloudflare account for the domain where you want to delete the record.


3. Make sure the right domain is selected.


4. Click the DNS app.


5. Under DNS Data, click X to delete the specific DNS data.

Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.