Live Blog

Question – DNS CNAME’s, CNAME Flattening, and Cloudflare How does it work?

Content Error or Suggest an Edit

Notice a grammatical error or technical inaccuracy? Let us know; we will give you credit!


This question was on Facebook, and it’s needed a blog post 🙂

This is about CNAME flattening and references this Gridpane KB.

This question is not GP specific so thought to try here instead of the GP forum.

In the example given above, CNAME at the client DNS ultimately points to This makes sense and works. Now I want to set this up for a subdomain.

To get a subdomain ( to point to a GP server, is this the way to set things up?

At client DNS, setup CNAME = subdomain and point it to

Then at, setup A record for “subdomain” and point it to IP address of a GP server.

Then spin up at a GP server?

Something seems off as the “subdomain” would be set for How does one setup DNS (on my end) to point to the actual IP on GP?

In short, access to client DNS is not easy so trying to setup DNS 1 time and update IP on my end as needed.

Any thoughts would be appreciated.


First take out CNAME flattening for the time being, let’s talk about CNAME’s first.

How do CNAME’s work?

A CNAME points a DNS record, such as, to another named-based DNS record, which can be an A or CNAME record, such as

You create a CNAME record on your DNS provider, which can be the same as your Domain Name registration provider who also provides DNS service for free. They have nameservers that hold a zone of with all your records, which are set on as the “nameservers”. The nameservers will simply output the value of the CNAME to, and it’s the responsibility of the resolver (Dig, nslookup, Chrome, etc.) to resolve the

So the resolver (Dig, nslookup, Chrome, etc.) looks up which can be an A record pointing to or another CNAME which points to at which point the resolver (Dig, nslookup, Chrome, etc.) has to again look up of which could be an A record or CNAME record.

CNAME Chaining

When a CNAME points to a CNAME, this is CNAME changing, which can chain up to as many DNS records as you wish. However, there is a cost because each resolution takes time and sometimes software will fail to go through the chain.

APEX Records @

Why are we talking about APEX records (@)? Because you can’t create an APEX record as a CNAME, as it’s against the DNS standard. There’s a good thread on stack overflow if you want to go deeper.

Why can’t a CNAME record be used at the apex (aka root) of a domain? – Server Fault

However, there is a workaround using CNAME Flattening.

CNAME Flattening

On to CNAME Flattening. What is CNAME Flattening?

CNAME flattening speeds up CNAME resolution and allows you to use a CNAME record at your root/apex domain (

With CNAME flattening, Cloudflare finds the IP address that a CNAME points to. This process could involve a single lookup or multiple (if your CNAME points to another CNAME). Cloudflare then returns the final IP address instead of a CNAME record, helping DNS queries resolve up to 30% faster.

For more details on the mechanics of CNAME flattening, review the CNAME flattening diagram and refer to the Cloudflare blog postOpen external link.

As you can see CNAME flattening is important, and Cloudflare supports CNAME Flattening as do other providers in different ways. Why is it important to bring this up? Specifically, it’s important when you’re creating a CNAME and both domain names are set up on Cloudflare.

Cloudflare will flatten CNAME records, which interferes with how CNAME’s typically operate and you need to be aware of this.

Solution #1 (Traditional CNAME)

Let’s map this out in simpler terms.

  • Client domain = – Not on Cloudflare
  • Your domain as the provider = – On Cloudflare

Here’s the setup.

  1. Setup first as an A/CNAME record and make sure it’s not proxied in Cloudflare
  2. Then set as a CNAME to

So will point to whatever points to, and the client will resolve it. The request from the web browser still comes in as to the destination web server. So you will need to make sure that is setup on your webs server correctly.

Solution #2 (CNAME Flattening)

Taking the same data from Solution #1, you can do CNAME flattening at Cloudflare and save some time for your DNS record to resolve.

  • Client domain = – On Cloudflare
  • Your domain as the provider = – On Cloudflare or another DNS provider.

Here’s the setup.

  1. Setup first as an A/CNAME record and make sure it’s proxied in Cloudflare
  2. Then set as a CNAME to and make sure it’s not proxied at Cloudflare.

The above diagram will also work with APEX records, hence why I have the Resolve/Flatten. Depending on what is put in the web browser, if it’s an apex record or sub-domain, it will be resolved and flattened.

Question #2

Yes, will do that! btw, just so I know for future ref, once the cnames are setup to point to a final A record, the server with the actual account will sort out the final route to the destination site correct?

Answer #2

Correct, this is what happens.

Question #3

Also, will subdomain have to match at both DNSs?

And will gain the benefits of CloudFlare if is proxied with the orange cloud? Hoping CF can still block xmlrpc and watch wp-login.php for Fun stuff right?

Answer #3

Do CNAME records need to match to resolve properly?

I’m using CNAME records here instead of subdomains or domains because these are all DNS records at the end of the day. No, you don’t need to match a CNAME’s name to its value, such as (CNAME) -> (A) (CNAME) -> (A) CNAME -> (A)

As you can see, all that matters is that your CNAME’s value is an A record that is already resolved. Although you can chain CNAME’s, it’s a bad idea for multiple reasons which are outside this article. Check out this article

The CNAME record
DNS CNAME records are used to alias or redirect names in DNS. Learn how canonical names work in DNS, and what their restrictions are.

Does a non-proxied DNS record absorb the Cloudflare protection of the DNS record it’s CNAME’d to?

Yes and No.

What happens to A non-proxied DNS record that has a CNAME to a Cloudflare proxied DNS record

The following happens when a non-proxied DNS record has a CNAME to a Cloudflare proxied DNS record.

  1. The web browser resolves the DNS record
    • The record is not proxied and is a CNAME with the value of which is proxied.
    • The web browser resolves to a Cloudflare IP.
  2. The HTTP request from the web browser will be sent to the IP address returned (Cloudflare IP), and the HTTP request will contain a Host header of, which is the name typed into a browser’s address bar.
  3. Cloudflare reads the host header, and a lookup will be done to see if the domain name, not the DNS name, is set up on Cloudflare.

This is where one of two things will happen.

If the domain is set up on Cloudflare, then it will process the request. However, if both domains aren’t in the same account you will get Error 1014 CNAME Cross-User Banned. Which

If the domain is not setup on Cloudflare then you will receive an Error 1001 DNS resolution error because Cloudflare doesn’t know what to do with

    How do I protect a non-proxied DNS record with Cloudflare?

    There are a couple of solutions.

    1. Move the domain name to Cloudflare and use Solution #2 (CNAME Flattening) above.
    2. Use Cloudflare SaaS, which is mentioned below.
    3. Become a Cloudflare Partner and use a Partial DNS Zone, however, be aware that the domain names DNS provider has to support CNAME flattening on the Apex record due to Cloudflare only providing named records for Partial DNS Zone setup and not IPs.
    Using Cloudflare Without Changing your Name Servers – Partial CNAME Zones – Managing WP – All about Managing WordPress
    Can I use Cloudflare without changing name servers? If you’ve ever been in a situation where you wanted to use Cloudflare services for a domain name, but you

    Addressing “Error 1014 CNAME Cross-User Banned” and Cloudflare SaaS

    You could use Cloudflare SaaS to control 100’s of domains with a single Cloudflare configuration.

    Cloudflare for SaaS · Cloudflare for Platforms docs
    Cloudflare for SaaS allows you to extend the security and performance benefits of Cloudflare’s network to your customers via their own custom or …