Cloudflare is widely known as a Content Delivery Network (CDN), but it also offers one of the fastest and most secure DNS management systems available. By moving your DNS management to Cloudflare, you can speed up the time it takes for record changes to propagate, secure your website with a Web Application Firewall (WAF), and hide your server’s true IP address from attackers.
This guide explains how to set up Cloudflare DNS, how to switch your nameservers, and how to use the proxy settings correctly.
Most domain registrars provide free DNS hosting, but they often lack performance and advanced features. Cloudflare offers several distinct advantages:
• Speed: Cloudflare is one of the fastest DNS providers globally, meaning your website address resolves quickly for visitors.
• Fast Propagation: Changes to DNS records (like moving to a new host) often take effect in minutes rather than hours or days.
• Security: It provides unmetered DDoS protection and hides your origin server's IP address to prevent direct attacks.
• CNAME Flattening: This feature allows you to use a CNAME record at your root domain (e.g., example.com), which is typically not allowed by standard DNS specifications.
Before switching to Cloudflare, ensure you have a valid SSL certificate installed on your origin server. If you enable the Cloudflare proxy (Orange Cloud) without a certificate on your server, you may encounter "Redirect Loop" errors or "526 Invalid SSL" errors.
To begin, you do not need to transfer your domain registration; you only need to change who manages the DNS records.
1. Create an Account: Sign up on the Cloudflare dashboard.
2. Add Site: Click "Add a Site" and enter your domain name.
3. Select a Plan: Choose the "Free" plan, which is sufficient for most standard DNS and security needs.
4. Review Records: Cloudflare will scan your current DNS records. Verify that all your A, CNAME, and MX records are listed correctly before proceeding.
Cloudflare does not control your domain until you update your nameservers at your current registrar (e.g., GoDaddy, Namecheap).
1. Cloudflare will provide two nameservers, typically looking like ns1.cloudflare.com and ns2.cloudflare.com.
2. Log in to your domain registrar’s admin panel and find the DNS or Nameserver settings.
3. Remove the existing nameservers and replace them with the two provided by Cloudflare.
4. Disable DNSSEC: If you have DNSSEC enabled at your registrar, you must disable it before changing nameservers to avoid connectivity errors.
If you have DNSSEC enabled at your registrar, you MUST disable it and wait for that change to propagate (often 24 hours) before changing your nameservers to Cloudflare. If you don't, your domain will go offline globally because the old cryptographic signatures will not match the new Cloudflare records.
One of the most important features in the Cloudflare dashboard is the Proxy Status toggle next to each DNS record. This determines how traffic flows to your site.
Orange Cloud (Proxied) When the cloud icon is orange, traffic passes through Cloudflare’s network before reaching your server.
• Benefits: Enables caching, SSL encryption, and DDoS protection.
• When to use: Use this for your website traffic, such as your A records (root domain) and CNAME records (www).
Grey Cloud (DNS Only) When the cloud icon is grey, Cloudflare acts only as a phone book. Traffic goes directly to your server without any security filtering or caching.
If you use FTP, SSH, or a VPN to connect to your server, those specific hostnames should remain "Grey Cloud." If they are proxied, your connection software won't be able to find the server.
• When to use: Use this for administrative connections like FTP, SSH, or mail servers (MX records). Proxying these connections can cause them to break.
Propagation The time it takes for DNS changes to spread across the internet. Cloudflare significantly reduces this time compared to standard registrars.
CNAME Flattening A technology that allows a CNAME record to be used at the root domain, enabling you to point your main URL to cloud services like AWS or Heroku.
A Record A DNS record that points a domain name to a specific IPv4 address.
MX Record Mail Exchange records responsible for directing emails. These should generally be set to "DNS Only" (Grey Cloud) to ensure email delivery works correctly.
Using Cloudflare for DNS management improves your website’s speed, security, and reliability without requiring you to change your hosting provider.
To set it up, simply add your site, verify your records, and update your nameservers at your registrar.
Always remember to use the Orange Cloud for website traffic to get security benefits, and the Grey Cloud for email and FTP to prevent connection issues.
DNS quietly determines whether a website exists or vanishes.