Skip to content
Cloudflare Docs

Parent zone on full setup

When the parent zone is using a full setup1, the steps to set up your child zone depend on whether the subdomain already exists in the parent domain.

Subdomain does not exist

If you have not yet created DNS records covering your subdomain in the parent zone:

  1. Add the subdomain to a Cloudflare account as a new zone. It can be the same account where the parent zone exists or a different one.

  2. Complete the configuration accordingly for full or secondary setup.

  3. Get the nameserver names for the subdomain. These can be found within your newly created child zone in DNS > Records, and will not be the same nameservers as the ones used in the parent zone.

  4. Within the DNS > Records of the parent zone, add two NS records for the subdomain you want to delegate.

    For example, if you delegated www.example.com, you might add the following records to example.com:

    TypeNameContent
    NSwwwjohn.ns.cloudflare.com
    NSwwwmelinda.ns.cloudflare.com

  5. After a few minutes, the child zone will be active.

  6. Create the various DNS records needed for your child zone.

  7. (Optional) Enable DNSSEC on the child zone.

Subdomain already exists

If you have already created DNS records covering your subdomain in the parent zone:

  1. Add the subdomain to a Cloudflare account as a new zone. It can be the same account where the parent zone exists or a different one.

  2. Complete the configuration accordingly for full or secondary setup.

  3. In your child zone, make sure you have all DNS records that relate to the subdomain. This includes all DNS records deeper than the delegated subdomain. For example, if you are delegating www.example.com, you should also move over records for api.www.example.com.

  4. If the parent zone is on Cloudflare, make sure that you migrate over any settings (WAF custom rules, Rules, Workers, and more) that might be needed for the child zone.

  5. In the child zone, order an advanced SSL certificate that covers the child subdomain and any deeper subdomains (if present).

  6. Get the nameserver names for the subdomain. These can be found within your newly created child zone in DNS > Records, and will not be the same nameservers as the ones used in the parent zone.

  7. Within the DNS > Records of the parent zone, update existing address records (A/AAAA) on your subdomain to NS records. If you only have one address record, update the existing one and add a new NS record. If you have multiple address records, update any two of them.

    For example, to delegate the subdomain www.example.com, the updated records in the parent zone example.com should contain NS records similar to the following:

    TypeNameContent
    NSwwwjohn.ns.cloudflare.com
    NSwwwadam.ns.cloudflare.com

    In this example, john.ns.cloudflare.com and adam.ns.cloudflare.com represent the subdomain nameservers that you got from step 6.

  8. Flush the address records of your subdomain in public resolvers (1.1.1.1 and 8.8.8.8).

  9. In the DNS > Records of the parent zone, delete all the remaining records on the delegated subdomain, except the NS records that you created in step 7.

    Also delete all DNS records deeper than the delegated subdomain. For example, if you are delegating www.example.com, records for api.www.example.com should only exist in the new child zone.

  10. Within a short period of time, the child zone should be active.

  11. (Optional) Enable DNSSEC on the child zone.

Footnotes

  1. Meaning that Cloudflare is your Authoritative DNS provider.

Cloudflare DashboardDiscordCommunityLearning CenterSupport Portal
Cookie Settings