Web Development

Cloudflare DNS & Domain Management — Birdor Cloudflare Tutorial Series (Part 2)

A calm, clear, and developer-friendly guide to DNS and domain management with Cloudflare. This part covers DNS basics, records, proxy modes, security settings, and recommended best practices.

Leeting Yan 4 min read 767 words

Cloudflare DNS is one of the fastest and most reliable DNS services in the world. It’s also one of the easiest to use. Whether you’re hosting a Hugo site, an API, or a full web application, Cloudflare DNS gives you a stable foundation with minimal maintenance.

This tutorial provides a calm, practical walkthrough of managing domains on Cloudflare. If you’re new to DNS, don’t worry — our goal is clarity, not complexity.

1. What Cloudflare DNS Provides

Cloudflare DNS offers:

  • global DNS resolution
  • DNSSEC
  • instant propagation
  • built-in protection against DNS-based attacks
  • simple UI for managing DNS records
  • optional proxying (Cloudflare’s CDN + security)

It is both fast and stable, making it a good default choice for personal projects, startups, and production systems.

2. Adding a Domain to Cloudflare

Step 1: Add your domain

  1. Log in to Cloudflare
  2. Select Add a Site
  3. Enter your domain name (e.g., birdor.com)
  4. Choose the Free plan unless you need premium features

Cloudflare will scan your existing DNS records.

Step 2: Update nameservers

Your domain registrar (e.g., Namecheap, AliCloud, GoDaddy) holds your nameservers.

Cloudflare will provide two nameserver addresses like:

melinda.ns.cloudflare.com
sri.ns.cloudflare.com

Update your registrar’s nameservers to Cloudflare’s.

DNS will now be managed entirely from Cloudflare.

Step 3: Wait for propagation

Usually takes a few minutes, sometimes up to a few hours.
You will receive an email once your domain is active.

3. Understanding DNS Records (Calm and Simple)

Below are the records you will use most often.

3.1 A Record

Maps a domain to an IPv4 address.

Example:

A  example.com → 192.0.2.10

3.2 AAAA Record

Maps a domain to an IPv6 address.

3.3 CNAME Record

Points one domain to another domain.

Example:

CNAME  [www.example.com](http://www.example.com) → example.com

Useful for:

  • Cloudflare Pages custom domains
  • subdomain aliases
  • external services (e.g., Mailgun, Vercel)

3.4 TXT Record

Stores text data.

Used for:

  • domain verification
  • email authentication (SPF, DKIM, DMARC)
  • ownership proof for platforms like GitHub or Google

3.5 MX Record

Controls email routing.
If you run email through a third party, they give these values.

3.6 NS Record

Defines authoritative nameservers for a domain or subdomain.
Most users won’t need to modify these.

4. Orange Cloud vs Grey Cloud (Proxy Modes)

Cloudflare provides a simple toggle per DNS record:

Orange Cloud — Proxy Mode

Cloudflare sits between the user and your server.

You receive:

  • CDN acceleration
  • edge caching
  • web application firewall
  • SSL termination
  • DDoS protection
  • smart routing

Use this for:

  • websites
  • APIs
  • static assets
  • Hugo sites
  • Cloudflare Pages projects

Grey Cloud — DNS Only

Traffic bypasses Cloudflare entirely.

Use this for:

  • mail servers
  • SSH
  • game servers
  • services that do not work behind a reverse proxy

This toggle is unique to Cloudflare and extremely useful.

5. Securing Your Domain

5.1 Enable DNSSEC

Navigate to:

DNS → DNSSEC → Enable

DNSSEC protects against DNS spoofing and MITM attacks.
Cloudflare handles the heavy lifting.

5.2 Enforce HTTPS

Cloudflare → SSL/TLS

Set:

Always Use HTTPS: On
Minimum TLS Version: TLS 1.2
HSTS: Optional (understand implications first)

For Hugo sites deployed via Pages, Cloudflare already serves HTTPS automatically.

5.3 Proxy sensitive endpoints

By turning them orange, Cloudflare hides your origin IP and filters malicious traffic.

Recommended for:

  • /login
  • /api
  • admin dashboards

6. Configuring a Custom Domain for Cloudflare Pages

If deploying Hugo via Cloudflare Pages:

Step 1: Go to your Pages project

Step 2: Add Custom Domain

Step 3: Cloudflare sets DNS automatically

Usually it creates:

CNAME  example.com → <your-project>.pages.dev

SSL is issued instantly.
Propagation is nearly instant when using Cloudflare DNS.

7. Best Practices for DNS Management

7.1 Keep DNS clean and minimal

Avoid unused or legacy records.

7.2 Use CNAME over A records when possible

It’s more flexible and easier to maintain.

7.3 Group TXT records logically

Especially for:

  • SPF
  • DKIM
  • DMARC
  • domain verifications

7.4 Use proxy mode for web traffic

Unless you have a strong reason not to.

7.5 Avoid exposing your origin IP

Proxied (orange cloud) records protect your backend.

7.6 Document your DNS choices

Especially important for multi-person teams.

8. Troubleshooting DNS

8.1 Domain not resolving

Check:

  • Nameservers were updated
  • No conflicting DNS records
  • Record types match your hosting setup

8.2 SSL not active

Ensure:

  • TLS mode is “Full” or “Full (strict)”
  • DNS is proxied (orange)
  • Certificate status is “Active”

8.3 Custom Pages domain not working

Common fix:

  • Ensure CNAME → yourproject.pages.dev
  • Remove A/AAAA duplicates

9. What’s Next

In Part 2, we explored the foundation of Cloudflare domain management:

  • Adding domains
  • Understanding DNS records
  • Proxy vs DNS-only
  • Securing DNS
  • Custom domains for Pages
  • Recommended practices

These skills support everything else in the Cloudflare ecosystem.

Next up:
Cloudflare Tutorial Series — Part 3: Deploying Hugo on Cloudflare Pages

Keep Reading

Follow the engineering thread

Get the next practical Birdor note, or browse the archive for related systems, tooling, and architecture work.

Join newsletter Browse articles