Parent zone on partial setup
When the parent zone is using a partial setup1, the steps to set up your child zone depend on whether the subdomain already exists in the parent domain.
If you have not yet created a DNS record covering your subdomain in the parent zone:
- Add the subdomain to a Cloudflare account as a new zone. It can be the same account where the parent zone exists or a different one.
- Complete the configuration accordingly for full or secondary setup.
- After creating the DNS records on the child zone, add the Cloudflare nameservers as
NSrecords at your external DNS provider. - Within a short period of time, the child zone should be active.
- Add the subdomain to a Cloudflare account as a new zone. It can be the same account where the parent zone exists or a different one.
- Select either Business or Enterprise as your zone plan and complete the onboarding flow according to your needs.
- On the Overview page ↗, select Convert to CNAME DNS Setup.
- Confirm that you have created all the DNS records needed for your child zone.
- On DNS > Records ↗, get the Verification TXT Record and add it at your authoritative DNS provider.
Example verification record
A verification record for sub.example.com might be:
| Type | Name | Content |
|---|---|---|
| TXT | cloudflare-verify.sub.example.com | 966215192-518620144 |
If your authoritative DNS provider automatically appends DNS record name fields with your domain, make sure to only insert cloudflare-verify as the record name. Otherwise, it may result in an incorrect record name, such as cloudflare-verify.sub.example.com.sub.example.com.
After creating the record, you can use this Dig Web Interface link ↗ to search (dig) for cloudflare-verify.<YOUR DOMAIN> and validate if it is working.
That record must remain in place for as long as your subdomain is active on the partial setup on Cloudflare.
- Within a short period of time, the child zone should be active.
- At your authoritative DNS provider, add
CNAMErecords pointing to{your-hostname}.cdn.cloudflare.netfor the subdomain you have added and any deeper subdomain records you want to proxy through Cloudflare.
Example CNAME record at authoritative DNS provider
The CNAME record for sub.example.com would be:
sub.example.com CNAME sub.example.com.cdn.cloudflare.netIf you have already created a DNS record covering your subdomain in the parent zone:
-
Add the subdomain to a Cloudflare account as a new zone. It can be the same account where the parent zone exists or a different one.
-
Complete the configuration accordingly for full or secondary setup.
-
In your child zone, re-create all DNS records that relate to your subdomain. This includes all DNS records deeper than the delegated subdomain, meaning that if you are delegating
www.example.com, you should also move over records forapi.www.example.com. -
Make sure that you migrate over any settings (WAF custom rules, Rules, Workers, and more) that might be needed for the child zone.
-
In the child zone, order an advanced SSL certificate that covers the child subdomain and any deeper subdomains.
-
Get the Cloudflare nameservers for the subdomain and add them as
NSrecords at your external DNS provider. -
Within a short period of time, the child zone should be active.
-
Within the DNS > Records of the parent zone, delete any
A,AAAA, orCNAMErecords referencing the subdomain or any of its deeper subdomains.
-
Add the subdomain to a Cloudflare account as a new zone. It can be the same account where the parent zone exists or a different one.
-
Select either Business or Enterprise as your zone plan and complete the onboarding flow according to your needs.
-
On the Overview page ↗, select Convert to CNAME DNS Setup.
-
In your child zone, re-create all DNS records that relate to your subdomain. This includes all DNS records deeper than the subdomain you used to create the zone - if you are creating a zone for
www.example.com, you should also move over records forapi.www.example.com. -
Make sure that you migrate over any settings (WAF custom rules, Rules, Workers, and more) that might be needed for the child zone.
-
In the child zone, order an advanced SSL certificate that covers the child subdomain and any deeper subdomains.
-
On DNS > Records ↗, get the Verification TXT Record and add it at your authoritative DNS provider.
Example verification record
A verification record for sub.example.com might be:
| Type | Name | Content |
|---|---|---|
| TXT | cloudflare-verify.sub.example.com | 966215192-518620144 |
If your authoritative DNS provider automatically appends DNS record name fields with your domain, make sure to only insert cloudflare-verify as the record name. Otherwise, it may result in an incorrect record name, such as cloudflare-verify.sub.example.com.sub.example.com.
After creating the record, you can use this Dig Web Interface link ↗ to search (dig) for cloudflare-verify.<YOUR DOMAIN> and validate if it is working.
That record must remain in place for as long as your subdomain is active on the partial setup on Cloudflare.
- Within a short period of time, the child zone should be active.
- Within the DNS > Records of the parent zone, delete any previous
A,AAAA, orCNAMErecords referencing the subdomain or any of its deeper subdomains. - At your authoritative DNS provider, confirm you have
CNAMErecords pointing to{your-hostname}.cdn.cloudflare.netfor the subdomain you have added and any deeper subdomain records you want to proxy through Cloudflare.
Example CNAME record at authoritative DNS provider
The CNAME record for sub.example.com would be:
sub.example.com CNAME sub.example.com.cdn.cloudflare.net-
Meaning that another DNS provider - not Cloudflare - maintains your Authoritative DNS. ↩