Setup

If you want to use Cloudflare as your primary DNS provider and manage your DNS records on Cloudflare, your domain should be using a full setup.

This means that you are using Cloudflare for your authoritative DNS nameservers.

Before you begin

Before you update your domain nameservers, make sure that you:

• Already own a domain name (such as example.com or cloudflare.com).

Note

If you do not already have a domain name ↗, get one at-cost through Cloudflare Registrar ↗.

All domains purchased through Cloudflare Registrar automatically use Cloudflare for authoritative DNS, which means you can skip the rest of this tutorial.

• Have previously created a Cloudflare account.
• Disabled DNSSEC at your registrar (where you bought your domain name).

Provider-specific instructions

This is not an exhaustive list of how to update DS records in other providers, but the following links may be helpful:

• DNSimple ↗
• Domaindiscount24 ↗
• DreamHost ↗
• Dynadot ↗
• Enom ↗
• Gandi ↗
• GoDaddy ↗
• Hostinger ↗
• Hover ↗
• InMotion Hosting ↗
• INWX ↗
• Joker.com ↗
• Name.com ↗
• Namecheap ↗
• NameISP ↗
• Namesilo ↗
• OVH ↗
• Squarespace ↗
• Registro.br ↗
• Porkbun ↗ (do not fill out keyData)
• TransIP ↗

Note

If your previous provider allows you to add DNSKEY records on the zone apex and use these records in responses to DNS queries, refer to this migration tutorial to learn how to migrate a zone with DNSSEC enabled.

Add site to Cloudflare

In the Cloudflare dashboard, add your domain.

If Cloudflare is unable to identify your domain as a registered domain, make sure you are using an existing top-level domain ↗ (.com, .net, .biz, or others).

Cloudflare requires your apex domain to be one level below a valid TLD defined in the Public Suffix List (PSL) ↗. Enterprise customers can onboard lower-level subdomains using Subdomain setup.

Review DNS records

When you start using Cloudflare's nameservers for authoritative DNS and your zone is in a full setup, Cloudflare will become your primary DNS provider. This means that your DNS records in Cloudflare need to be accurate for your domain to work properly.

Cloudflare can automatically scan for common records and add them to the DNS zone for you, or you can add records manually. These records show up under your domain on the DNS > Records page of the dashboard.

Note

If you add a zone via the API, you can manually invoke the quick scan with the Scan DNS Records endpoint.

Since the quick scan is not guaranteed to find all existing DNS records, you need to review your records, paying special attention to the following:

• Zone apex records (example.com)

  More about zone apex records

  Zone apex refers to the domain or subdomain that you are adding to Cloudflare.

  Usually, the zone apex record makes your domain accessible by visitors. In this case, the necessary record type (A, AAAA, or CNAME) and its content will depend on the provider that hosts your website or application.

  If you are using Cloudflare Pages, refer to Custom domains.

  If you are using other providers, look for their guidance on how to connect domains managed on external DNS services. Then, make sure you have the records required by your hosting provider on your DNS records table at Cloudflare.

• Subdomain records (www.example.com or blog.example.com)

  More about subdomain records

  Most subdomains serve a specific purpose within the overall context of your website. For example, blog.example.com might be your blog, support.example.com could be your customer help portal, and store.example.com would be your e-commerce site.

  Even if you do not require specific subdomains, you might want to set up at least the www subdomain. It will usually point to the same content as what you have on the apex domain (example.com) or use a redirect. Having a DNS record on the www subdomain helps guarantee that a visitor who types www. in front of your domain address on their browser can still find your website or application.

• Email records

  More about email records

  Depending on your business needs, you can configure DNS records so that you can use your domain to receive emails, receive and send emails from your domain, or prevent others from sending emails on your behalf (spoofing).

  Below are some examples of what those DNS records might look like. The exact values for your DNS mail records depend on your email provider. If you have issues, review the Troubleshooting and contact your email service provider to confirm your DNS records are correct.

  Type	Name	Content	Proxy status	TTL
  A	mail	192.0.2.1	DNS Only	Auto
  MX	example.com	5 john.mx.example-server.test	DNS Only	Auto
  TXT	_dmarc	"v=DMARC1; p=reject; sp=...	DNS Only	Auto
  TXT	*._domainkey	"v=DKIM1; k=rsa; p=..."	DNS Only	Auto
  TXT	example.com	"v=spf1 ip4:..."	DNS Only	Auto

Note

If you activate your domain on Cloudflare without setting up the correct DNS records for your domain and subdomain, your visitors may experience DNS_PROBE_FINISHED_NXDOMAIN errors.

Update your nameservers

Once you have added a domain (also known as a zone) to Cloudflare, that domain will receive two assigned authoritative nameservers.

Warning

If your domain is particularly sensitive to downtime, review our suggestions to minimize downtime.

Get nameserver names

1. Log in to the Cloudflare dashboard ↗ and select your account and domain.

2. On Overview, locate the nameserver names in 2. Replace with Cloudflare's nameservers.

   

3. Keep this window open while you perform the next step.

Note

Cloudflare automatically assigns nameservers to a domain and these assignments cannot be changed. For more details, refer to Nameserver assignments.

Update your registrar

1. Log in to the admin account for your domain registrar. If you do not know your provider, use ICANN Lookup ↗.

Note

Depending on your use case, you may have to perform this step on the DNS records management of your domain parent zone, or at a domain reseller, instead. Refer to Nameservers for details.

2. Remove your existing authoritative nameservers.

3. Add the nameservers provided by Cloudflare. If their names are not copied exactly, your DNS will not resolve correctly.

Provider-specific instructions

This is not an exhaustive list of provider-specific instructions, but the following links may be helpful:

• Ionos ↗
• 101Domain ↗
• Amazon ↗
• Blacknight ↗
• BlueHost ↗
• DirectNIC ↗
• DNSMadeEasy ↗
• Domain.com ↗
• Dotster ↗
• DreamHost ↗
• EasyDNS ↗
• Enom ↗
• Fast Domain ↗
• FlokiNET ↗
• Gandi ↗
• GoDaddy ↗
• HostGator ↗
• Hostico ↗
• HostMonster ↗
• Hover ↗
• Internetdbs ↗
• iPage ↗
• MelbourneIT ↗
• Moniker ↗
• Name.com ↗
• Namecheap ↗
• Network Solutions ↗
• OVH ↗
• Porkbun ↗
• Rackspace ↗
• Register ↗
• Squarespace ↗
• Site5 ↗
• Softlayer ↗
• Yola ↗

Note

To avoid common issues, refer to our Nameserver replacement checklist.

Verify changes

Wait up to 24 hours while your registrar updates your nameservers.

When your domain is Active:

• You will receive an email from Cloudflare.
• Your domain will have a status of Active on the Websites page of your account.
• Online tools such as https://www.whatsmydns.net/ ↗ will show your Cloudflare-assigned nameservers (most of these tools use cached query results, so it may take longer for them to show the updated nameservers).
• CLI commands will show your Cloudflare-assigned nameservers

*Linux/Unix*
dig <DOMAIN_NAME> +trace @1.1.1.1
dig <DOMAIN_NAME> +trace @8.8.8.8

*Windows*
nslookup <DOMAIN_NAME> 1.1.1.1
nslookup <DOMAIN_NAME> 8.8.8.8

Note

If you see unexpected results, refer to our troubleshooting suggestions and check with your domain registrar.

Re-enable DNSSEC

When you updated your nameservers, you should have also disabled DNSSEC at your registrar.

You should now enable DNSSEC to protect from domain spoofing.

Was this helpful?

What did you like?

Accurate

Easy to understand

Solved my problem

Helped me decide to use the product

Other

What went wrong?

Hard to understand

Incorrect information

Missing the information

Other

Thank you for helping improve Cloudflare's documentation!