Cloudflare Docs
Dns
Visit DNS on GitHub
Set theme to dark (⇧+D)

Change your authoritative nameservers (Full setup)

If you want to use Cloudflare as your primary DNS provider and manage your DNS records on Cloudflare, your domain should be using a full setup.

This means that you are using Cloudflare for your authoritative DNS nameservers.

Step 1 — Do you already own a domain?

Yes

If you already own a domain and want to use Cloudflare for your authoritative DNS, proceed with this tutorial.

No

If you do not already own a domain name and plan to use Cloudflare for your authoritative DNS, we highly recommend purchasing your domain name through Cloudflare Registrar.

Using Cloudflare Registrar simplifies your setup process by automatically using Cloudflare for authoritative DNS.

Step 2 — Complete prerequisites

Create an account

Before you can complete your domain setup, you need to create an account and add your domain to Cloudflare.

Disable DNSSEC

If you are onboarding an existing domain to Cloudflare — as opposed to purchasing a new domain through Cloudflare Registrar — make sure DNSSEC is disabled at your registrar (where you purchased your domain name). Otherwise, your domain will experience connectivity errors when you change your nameservers.

Why do I have to disable DNSSEC

When your domain has DNSSEC enabled, your DNS provider digitally signs all your DNS records. This action prevents anyone else from issuing false DNS records on your behalf and redirecting traffic intended for your domain.

However, having a single set of signed records also prevents Cloudflare from issuing new DNS records on your behalf (which is part of using Cloudflare for your authoritative nameservers). So if you change your nameservers without disabling DNSSEC, DNSSEC will prevent Cloudflare’s DNS records from resolving properly.

Review DNS records in Cloudflare

When you start using Cloudflare’s nameservers for authoritative DNS, Cloudflare will become your primary DNS provider. This means that your DNS records in Cloudflare need to be accurate for your domain to work properly.

If you added your domain to Cloudflare, Cloudflare automatically scans for common records and adds them to your account’s DNS page.

Since this scan is not guaranteed to find all existing DNS records, you need to review your records, paying special attention to the following record types:

Step 3 — Update your nameservers

Once you have added a domain (also known as a zone) to Cloudflare, that domain will receive two assigned authoritative nameservers.

Get nameserver names

  1. Log in to the Cloudflare dashboard and select your account and domain.

  2. On Overview, copy the information from Replace with Cloudflare’s nameservers.

    Find nameserver names on the Overview page of your domain

Update your registrar

  1. Log in to the admin account for your domain registrar. If you do not know your provider, use ICANN WHOIS.

  2. Disable DNSSEC for your domain.

  3. Remove your existing authoritative nameservers.

  4. Create new authoritative nameservers. If their names are not copied exactly, your DNS will not resolve correctly.

Provider-specific instructions

This is not an exhaustive list of provider-specific instructions, but the following links may be helpful:

  1. Wait 24 hours while your registrar updates your nameservers. You will receive an email when your site is active on Cloudflare.

Verify changes

To check whether you correctly changed your nameservers, you can log in to the Cloudflare dashboard or use a third-party tool.

If you see unexpected results, refer to our troubleshooting information.

Step 4 — Re-enable DNSSEC using Cloudflare

When you updated your nameservers, you should have also disabled DNSSEC at your registrar.

You should now enable DNSSEC within Cloudflare to protect from domain spoofing.