How to Manage DNS Records with Cloudflare

Overview

This article provides a comprehensive walkthrough for managing your domain's DNS records and advanced settings through the Cloudflare integration. By following these steps, you will learn how to route your website traffic, set up email services, and implement DNSSEC to protect your domain from DNS spoofing and man-in-the-middle attacks.

DNS Records Management

The Records page is where you define how your domain traffic is routed to your hosting server, email provider, and other third-party services.

Step-by-Step: Adding or Editing a DNS Record

1. Login to your Client Area account
2. Navigate to Cloud Services > My Products & Services and select your Cloudflare service.
3. Select DNS from the left-hand sidebar and click Records.
4. Click on Add Record button.
5. Configure Fields:
   • Type: Choose the record type (e.g., A for web servers, MX for mail, or CNAME for subdomains).
   • Name: Enter the hostname (use @ for the root domain).
   • Content/IPv4: Enter the destination IP address or target hostname provided by your service provider.
6. Toggle Proxy feature:
   • Proxied: Traffic is protected and accelerated by Cloudflare.
   • DNS Only: Traffic goes directly to your server (required for records like mail).
7. Click Save to apply the changes.

2. DNS Settings (DNSSEC)

The Settings page provides advanced security tools, specifically DNSSEC (Domain Name System Security Extensions), to ensure your visitors are directed to your legitimate website.

Step-by-Step: Enabling DNSSEC

DNSSEC adds a layer of authentication by using cryptographic signatures to verify that DNS records have not been tampered with.

1. Select DNS > Settings from the left-hand sidebar.
2. Click the blue Enable DNSSEC button.
3. Cloudflare will generate the necessary DS (Delegation Signer) record values, including Key Tag, Algorithm, and Digest.
4. DNSSEC Setup:
   • If your domain is a .LY domain, you can check the “How to Set Up DNSSEC for .LY Domains” article.
   • If your domain is a gTLD, you can check the “How to Set Up DNSSEC for gTLD Domains” article.

Before changing your DNS provider in the future, you must disable DNSSEC at the registry first to avoid a complete website outage.