Skip to content
Cloudflare Docs

Changelog

Subscribe to RSS

2025-06-19


Account-level DNS analytics now available via GraphQL Analytics API

Authoritative DNS analytics are now available on the account level via the Cloudflare GraphQL Analytics API.

This allows users to query DNS analytics across multiple zones in their account, by using the accounts filter.

Here is an example to retrieve the most recent DNS queries across all zones in your account that resulted in an NXDOMAIN response over a given time frame. Please replace a30f822fcd7c401984bf85d8f2a5111c with your actual account ID.

GraphQL example for account-level DNS analytics
query GetLatestNXDOMAINResponses {
  viewer {
    accounts(filter: { accountTag: "a30f822fcd7c401984bf85d8f2a5111c" }) {
      dnsAnalyticsAdaptive(
        filter: {
          date_geq: "2025-06-16"
          date_leq: "2025-06-18"
          responseCode: "NXDOMAIN"
        }
        limit: 10000
        orderBy: [datetime_DESC]
      ) {
        zoneTag
        queryName
        responseCode
        queryType
        datetime
      }
    }
  }
}
Run in GraphQL API Explorer

To learn more and get started, refer to the DNS Analytics documentation.

2025-06-16


Internal DNS (beta) now manageable in the Cloudflare dashboard

Participating beta testers can now fully configure Internal DNS directly in the Cloudflare dashboard.

Internal DNS enables customers to:

  • Map internal hostnames to private IPs for services, devices, and applications not exposed to the public Internet

  • Resolve internal DNS queries securely through Cloudflare Gateway

  • Use split-horizon DNS to return different responses based on network context

  • Consolidate internal and public DNS zones within a single management platform

What’s new in this release:

  • Beta participants can now create and manage internal zones and views in the Cloudflare dashboard
Internal DNS UI

To learn more and get started, refer to the Internal DNS documentation.

2025-06-11


NSEC3 support for DNSSEC

Enterprise customers can now select NSEC3 as method for proof of non-existence on their zones.

What's new:

  • NSEC3 support for live-signed zones – For both primary and secondary zones that are configured to be live-signed (also known as "on-the-fly signing"), NSEC3 can now be selected as proof of non-existence.

  • NSEC3 support for pre-signed zones – Secondary zones that are transferred to Cloudflare in a pre-signed setup now also support NSEC3 as proof of non-existence.

For more information and how to enable NSEC3, refer to the NSEC3 documentation.

2025-06-03


Improved onboarding for Shopify merchants

Shopify merchants can now onboard to Orange-to-Orange (O2O) automatically, without needing to contact support or community members.

What's new:

  • Automatic enablement – O2O is available for all mutual Cloudflare and Shopify customers.

  • Branded record display – Merchants see a Shopify logo in DNS records, complete with helpful tooltips.

    Shopify O2O logo

  • Checkout protection – Workers and Snippets are blocked from running on the checkout path to reduce risk and improve security.

For more information, refer to the provider guide.

2025-02-02


Removed unused meta fields from DNS records

Cloudflare is removing five fields from the meta object of DNS records. These fields have been unused for more than a year and are no longer set on new records. This change may take up to four weeks to fully roll out.

The affected fields are:

  • the auto_added boolean
  • the managed_by_apps boolean and corresponding apps_install_id
  • the managed_by_argo_tunnel boolean and corresponding argo_tunnel_id

An example record returned from the API would now look like the following:

Updated API Response
{
  "result": {
    "id": "<ID>",
    "zone_id": "<ZONE_ID>",
    "zone_name": "example.com",
    "name": "www.example.com",
    "type": "A",
    "content": "192.0.2.1",
    "proxiable": true,
    "proxied": false,
    "ttl": 1,
    "locked": false,
    "meta": {
      "auto_added": false,
      "managed_by_apps": false,
      "managed_by_argo_tunnel": false,
      "source": "primary"
    },
    "comment": null,
    "tags": [],
    "created_on": "2025-03-17T20:37:05.368097Z",
    "modified_on": "2025-03-17T20:37:05.368097Z"
  },
  "success": true,
  "errors": [],
  "messages": []
}

For more guidance, refer to Manage DNS records.

2025-01-27

Zone IDs and names on individual DNS records

Records returned by the API will no longer contain the zone_id and zone_name fields. This change may take up to four weeks to fully roll out. The affected fields were deprecated with an End of Life (EOL) date of November 30, 2024.

2024-10-15

Quote validation for TXT records added via dashboard

When creating TXT records via the dashboard you will now find:

  • Field validation errors if double quotes " are added inconsistently.
  • Automatically quoted TXT content upon save if no quotes exist in the record content field.

2024-10-07

API support for per-record CNAME flattening

Paid zones now have the option to flatten specific CNAME records. When using the API, specify the setting cname_flatten as true or false. Refer to the documentation for details.