Cloudflare Docs
DNS
Cloudflare Docs
DNS
Edit this page
Report an issue with this page
Log into the Cloudflare dashboard
Set theme to dark (⇧+D)
  1. Products
  2. DNS
  3. ...
  4. ...
  5. Setup
  6. Parent zone on partial setup

Parent zone on partial setup

When the parent zone is using a partial setup1, the steps to set up your child zone depend on whether the subdomain already exists in the parent domain.

​​ Subdomain does not exist

If you have not yet created a DNS record covering your subdomain in the parent zone:

  1. Add the subdomain to a Cloudflare account as a new zone. It can be the same account where the parent zone exists or a different one.
  2. Complete the configuration accordingly for full or secondary setup.
  3. After creating the DNS records on the child zone, add the Cloudflare nameservers as NS records at your external DNS provider.
  4. Within a short period of time, the child zone should be active.
  1. Add the subdomain to a Cloudflare account as a new zone. It can be the same account where the parent zone exists or a different one.
  2. Select either Business or Enterprise as your zone plan and complete the onboarding flow according to your needs.
  3. On the Overview page, select Convert to CNAME DNS Setup.
  4. Confirm that you have created all the DNS records needed for your child zone.
  5. On DNS > Records, get the Verification TXT Record and add it at your authoritative DNS provider.
Example verification record

A verification record for sub.example.com might be:

TypeNameContent
TXTcloudflare-verify.sub.example.com966215192-518620144

If your authoritative DNS provider automatically appends DNS record name fields with your domain, make sure to only insert cloudflare-verify as the record name. Otherwise, it may result in an incorrect record name, such as cloudflare-verify.sub.example.com.sub.example.com.

After creating the record, you can use this Dig Web Interface link to search (dig) for cloudflare-verify.<YOUR DOMAIN> and validate if it is working.

That record must remain in place for as long as your subdomain is active on the partial setup on Cloudflare.

  1. Within a short period of time, the child zone should be active.
  2. At your authoritative DNS provider, add CNAME records pointing to {your-hostname}.cdn.cloudflare.net for the subdomain you have added and any deeper subdomain records you want to proxy through Cloudflare.
Example CNAME record at authoritative DNS provider

The CNAME record for sub.example.com would be:

sub.example.com CNAME sub.example.com.cdn.cloudflare.net

​​ Subdomain already exists

If you have already created a DNS record covering your subdomain in the parent zone:

  1. Add the subdomain to a Cloudflare account as a new zone. It can be the same account where the parent zone exists or a different one.

  2. Complete the configuration accordingly for full or secondary setup.

  3. In your child zone, re-create all DNS records that relate to your subdomain. This includes all DNS records deeper than the delegated subdomain, meaning that if you are delegating www.example.com, you should also move over records for api.www.example.com.

  1. Make sure that you migrate over any settings (WAF custom rules, Rules, Workers, and more) that might be needed for the child zone.
  2. In the child zone, order an advanced SSL certificate that covers the child subdomain and any deeper subdomains.
  3. Get the Cloudflare nameservers for the subdomain and add them as NS records at your external DNS provider.
  4. Within a short period of time, the child zone should be active.
  5. Within the DNS > Records of the parent zone, delete any A, AAAA, or CNAME records referencing the subdomain or any of its deeper subdomains.

  1. Add the subdomain to a Cloudflare account as a new zone. It can be the same account where the parent zone exists or a different one.

  2. Select either Business or Enterprise as your zone plan and complete the onboarding flow according to your needs.

  3. On the Overview page, select Convert to CNAME DNS Setup.

  4. In your child zone, re-create all DNS records that relate to your subdomain. This includes all DNS records deeper than the subdomain you used to create the zone - if you are creating a zone for www.example.com, you should also move over records for api.www.example.com.

  1. Make sure that you migrate over any settings (WAF custom rules, Rules, Workers, and more) that might be needed for the child zone.
  2. In the child zone, order an advanced SSL certificate that covers the child subdomain and any deeper subdomains.
  3. On DNS > Records, get the Verification TXT Record and add it at your authoritative DNS provider.
Example verification record

A verification record for sub.example.com might be:

TypeNameContent
TXTcloudflare-verify.sub.example.com966215192-518620144

If your authoritative DNS provider automatically appends DNS record name fields with your domain, make sure to only insert cloudflare-verify as the record name. Otherwise, it may result in an incorrect record name, such as cloudflare-verify.sub.example.com.sub.example.com.

After creating the record, you can use this Dig Web Interface link to search (dig) for cloudflare-verify.<YOUR DOMAIN> and validate if it is working.

That record must remain in place for as long as your subdomain is active on the partial setup on Cloudflare.

  1. Within a short period of time, the child zone should be active.
  2. Within the DNS > Records of the parent zone, delete any previous A, AAAA, or CNAME records referencing the subdomain or any of its deeper subdomains.
  3. At your authoritative DNS provider, confirm you have CNAME records pointing to {your-hostname}.cdn.cloudflare.net for the subdomain you have added and any deeper subdomain records you want to proxy through Cloudflare.
Example CNAME record at authoritative DNS provider

The CNAME record for sub.example.com would be:

sub.example.com CNAME sub.example.com.cdn.cloudflare.net

  1. Meaning that another DNS provider - not Cloudflare - maintains your Authoritative DNS. ↩︎