Convert secondary setup to partial setup
If you initially set up incoming zone transfers (Cloudflare as secondary), you can later convert your zone to use a partial setup.
-
Meaning you have one or more subdomains (
sub.example.com) added to Cloudflare as their own zone, separate from your apex domain (
example.com). ↩
Follow the steps below to achieve this conversion.
- Log in to the Cloudflare dashboard ↗ and select your account and zone.
- Go to DNS > Settings > DNS Zone Transfers and select Manage linked peers.
- Unlink the peer and select Save.
At this point, your zone will be read-only.
-
(Optional) If you are also migrating to a new authoritative DNS provider, export a zone file from the previous provider and import it into the new one.
-
At your authoritative DNS provider, create
CNAMErecords pointing to
{your-hostname}.cdn.cloudflare.netfor every hostname you wish to proxy through Cloudflare.
Example CNAME record at authoritative DNS provider
The
CNAMErecord for
www.example.comwould be:
-
At your authoritative DNS provider, remove any previously existing
A,
AAAA, or
CNAMErecords referencing the hostnames you want to proxy through Cloudflare. For these hostnames, leave only the records pointing to
{your-hostname}.cdn.cloudflare.net.
-
Back at your Cloudflare zone, confirm that you have all the
A,
AAAA, or
CNAMEDNS records needed for the hostnames you pointed to
{your-hostname}.cdn.cloudflare.netin the previous step. You can also delete any DNS records that have a different type, as they will no longer resolve once you convert your zone to a partial setup.
-
Use the Edit Zone endpoint with
typeset to
partialto convert the zone type. Existing DNS records will not be affected.
-
On DNS > Records ↗, get the Verification TXT Record and add it at your authoritative DNS provider.
Example verification record
A verification record for
sub.example.commight be:
Type Name Content TXT
cloudflare-verify.sub.example.com
966215192-518620144
If your authoritative DNS provider automatically appends DNS record
namefields with your domain, make sure to only insert
cloudflare-verifyas the record name. Otherwise, it may result in an incorrect record name, such as
cloudflare-verify.sub.example.com.sub.example.com.
After creating the record, you can use this Dig Web Interface link ↗ to search (
dig) for
cloudflare-verify.<YOUR DOMAIN>and validate if it is working.
At your domain registrar (or parent zone), update the nameservers. In a partial (CNAME) setup, only the nameservers of your external DNS provider should be listed.
- Remove any
secondary.cloudflare.comnameservers if you used to have them.
- If you are also migrating to a new authoritative DNS provider, add your new nameservers.