Live Blog
LLive Blog

Cloudflare CNAME Flattening and Proxying

0
Shares
0
0
0
0
0
0
Table of Contents
  1. What is Cloudflare CNAME Flattening?
  2. Where do I turn on Cloudflare Proxying? Should I do orange to orange?
  3. What is 1014: CNAME Cross-User Banned
    1. Solutions to 1014 CNAME Cross-User Banned
      1. Disable Orange to Orange aka Don’t Orange to Orange 🙂
      2. Cloudflare SaaS (SSL/TLS -> Custom Hostnames)
      3. Paid Cloudflare Account + Support Ticket (No longer Supported?)
  4. Changelog

Content Error or Suggest an Edit

Notice a grammatical error or technical inaccuracy? Let us know; we will give you credit!

This was posted somewhere behind a membership wall. So I thought I’d post this to the public.

I think this is correct for the CName Strategy in Cloudflare:

website.site

Type: A, Name: Cloud, IP Content:199.199.199.19, Proxy Status: off, TTL: Auto

sourcedomain.com

Type: CName: Name: website.xyz, Content: destination.domain.com, Proxy Sttus: Off, TTL: Auto

My only question is can we turn on proxy when doing CName Flattening.

What is Cloudflare CNAME Flattening?

Someone had responded by saying this is not CNAME flattening. But it actually is CNAME flattening.

CNAME flattening allows you to create a CNAME record at the root of your domain without violating RFC’s (the rules that govern the Internet). Here at DNS Made Easy, we call these ANAME records… but we’ll get to that in a minute.

Since the source record sourcedomain.com is the apex (@), and you’re using a CNAME record pointing to the destination record destination.domain.com; this is effectively CNAME flattening. Cloudflare will query the destination record cloud.website.site for its IP and return it to anyone who queries the sourcedomain.com

The destination record destination.domain.com can be an A record or a CNAME; it doesn’t matter, as Cloudflare will resolve the record regardless.

With CNAME flattening, Cloudflare finds the IP address that a CNAME points to . This process could involve a single lookup or multiple (if your CNAME points to another CNAME ). Cloudflare then returns the final IP address instead of a CNAME record, helping DNS queries resolve up to 30% faster.

Where do I turn on Cloudflare Proxying? Should I do orange to orange?

Typically, you don’t enable Cloudflare Proxy proxy on the destination record destination.domain.com; typically, the destination DNS record destination.domain.com should only be used for source domains sourcedomain.com that are Cloudflare proxied. This would then stop the 1014 error that I will explain below from occurring and allow you to update the destination DNS record destination.domain.com to a new IP address if you were moving all the source domains sourcedomain.com and sourcedomain2.com etc; to a new server.

What is 1014: CNAME Cross-User Banned

Troubleshooting Cloudflare 1XXX errors · Cloudflare Support docs
The errors described in this document might occur when visiting a website proxied by Cloudflare. For Cloudflare API or dashboard errors, review our …
developers.cloudflare.com

Error 1014: CNAME Cross-User Banned
​​Common cause
By default, Cloudflare prohibits a DNS CNAME record between domains in different Cloudflare accounts. CNAME records are permitted within a domain ( www.example.com CNAME to api.example.com) and across zones within the same user account ( www.example.com CNAME to www.example.net) or using our Cloudflare for SaaS solution.

Cloudflare Apps are not currently supported by Cloudflare for SaaS, therefore any app using a domain configured on our SaaS solution may produce 1014 errors.

​​Resolution
To allow CNAME record resolution to a domain in a different Cloudflare account, the domain owner of the CNAME target must use Cloudflare for SaaS.

You might also run into Error 1014: CNAME Cross-User Banned which basically means that you’re pointing to a destination record destination.domain.com where the domain sourcedomain.com isn’t within your Cloudflare account. It has nothing to do with you being a member of the account the domain sourcedomain.com is located in, you have to have sourcedomain.com added in your account alongside domain.com

Solutions to 1014 CNAME Cross-User Banned

Disable Orange to Orange aka Don’t Orange to Orange 🙂

This is an easy fix, simply disable Cloudflare proxying on your destination record destination.domain.com which actually makes sense as the traffic is actually being passed through the source domain/record sourcedomain.com

Cloudflare SaaS (SSL/TLS -> Custom Hostnames)

As mentioned above, you can use Cloudflare SaaS and utilize Orange to Orange. This will allow you to set up a number of hostnames that can be used without the Cross-User banned error, but it does require some additional leg work.

https://developers.cloudflare.com/cloudflare-for-platforms/cloudflare-for-saas/saas-customers/how-it-works/

You could in the past with a paid account (Biz+) submit a ticket to Cloudflare support to have a domain whitelisted to cross account name flatten. But it’s no longer talked about in favour of Cloudflare SaaS. How would you set up Cloudflare SaaS? Create a custom hostname for each of your servers.

Here’s an article talking about the paid plan.

https://community.cloudflare.com/t/does-paid-plan-solves-cname-cross-user-banned-issue/368925/5

Changelog

  • 02-13-2024 – A complete rewrite to this article as it was hastly put together.

0 Shares:
Share 0
Tweet 0
Share 0
Share 0
Share 0

Jordan Trask

With 20 years of experience in technology spanning Linux, Data Center Infrastructure, and related services and applications, Jordan consults with small, medium, and large organizations tackling technology problems and needs. With 10 years of experience in WordPress, he’s created Managing WP as a means of dumping his brain on the web.

Jordan operates LMT Solutions providing Technology Consulting Services and We Power WP for WordPress Care Plans and Support.