Convert secondary setup to full setup

If you initially set up incoming zone transfers (Cloudflare as secondary), you can later convert your zone to use a full setup.

Meaning you have one or more subdomains (sub.example.com) added to Cloudflare as their own zone, separate from your apex domain (example.com). ↩

Follow the steps below to achieve this conversion.

1. Stop transferring the zone

Log in to the Cloudflare dashboard ↗ and select your account and zone.
Go to DNS > Settings > DNS Zone Transfers and select Manage linked peers.
Unlink the peer and select Save.

At this point, your zone will be read-only.

Plan for DNSSEC settings. If you were previously using Pre-signed DNSSEC, consider disabling DNSSEC before starting the conversion.
Make sure the proxy statuses of your DNS records are consistently set:
- If you have Secondary DNS override, confirm each record has the appropriate setting (Proxied or DNS only).
- If Secondary DNS override is disabled, make sure all of your DNS records are listed as DNS only.
(Optional) For consistency, use the Update DNS Settings endpoint to specify SOA record fields according to your needs. Once Cloudflare automatically generates an SOA record for your zone on full setup, the field overrides will be considered.

Use the Edit Zone endpoint with type set to full to convert the zone type. Existing DNS records will not be affected.
Go to DNS > Records ↗ and take note of your new Cloudflare Nameservers.
At your domain registrar (or parent zone), update your nameservers. Replace the nameservers ending in secondary.cloudflare.com by the ones ending in ns.cloudflare.com.

If Cloudflare will be your only primary DNS provider, remove any other nameservers as well.
Delete the previous SOA record to make sure Cloudflare generates a new one.
(Optional) If Cloudflare was previously not signing your records and you wish to use DNSSEC, follow the steps to Enable DNSSEC.