Setup
Subdomain setup relies on a process known as delegation. When, in a parent domain such as example.com
, an NS
record ↗ is created for a subdomain blog.example.com
, this means that DNS management for the subdomain can be done separately, in its own DNS zone.
flowchart TD accTitle: Example of parent zone and subdomains A[<code>example.com</code>] --> B[<code>docs.example.com</code>] A[<code>example.com</code>] --> C[<code>blog.example.com</code>] subgraph Parent domain A end subgraph Subdomains B C end
Available setups
The availability of different setups will depend on both the parent zone setup and the setup used for the child zone. A child zone holds DNS management for a delegated subdomain.
Parent zone | Child zone | Available |
---|---|---|
Full or Secondary | Full | Yes |
Full or Secondary | Secondary | Yes |
Full or Secondary | Partial | No |
Partial | Full | Yes |
Partial | Secondary | Yes |
Partial | Partial* | Yes |
This table assumes zones that are in an active status. For example, if you need to add the parent zone to Cloudflare when its child zone already exists in a partial setup, you can convert the parent zone to partial while it is still in pending status.
How to
Refer to the following guides to learn how to configure a subdomain setup depending on the setup used for the parent zone:
Although the how-to guides in this documentation are focused on both parent domains and subdomains existing in Cloudflare, it is also possible to achieve a subdomain setup in Cloudflare while the parent domain exists in a different DNS provider.
SSL/TLS certificates
If the parent domain’s SSL/TLS certificate explicitly lists the delegated subdomain and is created after the subdomain’s SSL/TLS own certificate, the parent domain’s certificate will take precedence over the subdomain’s certificate.
For instance, if example.com
creates an advanced certificate that directly lists docs.example.com
, visitors to docs.example.com
might see the SSL/TLS certificate for example.com
.
Access applications
To use subdomain setups with Cloudflare Access, note that:
-
If the child zone is in a pending state when you create the Access application, your configuration will not automatically apply when you activate the zone. You must also re-save the Access application once your subdomain setup is active.
-
If you split out a subdomain which already has an Access application, you will also need to re-save the Access application to associate it with the new child zone.