Using Cloudflare DNS without CDN or WAF

Cloudflare Managed DNS is an enterprise-grade authoritative DNS service that offers the fastest response time, unparalleled redundancy, and advanced security with built-in DDoS mitigation and DNSSEC.


Is it true what Cloudflare claims?

According to DNSPerf data, the authoritative nameservers provided by Cloudflare is the fastest services in the world. 👏

cf dns benchmark report
As seen on 10:01 am Friday, 12 March 2021 UTC

When you buy a domain name the registrar typically assign a default nameservers which is usually being slow and unreliable. In another case, some hosting provider also offers their nameservers to quickly align all DNS entries but that has the same story.

Why use Cloudflare for DNS only?

Although I do not recommend Cloudflare Free Plan for CDN purpose. But it’s good enough for DNS service.

Especially with free plan and traditional Cloudflare proxy setup, it can make the website slow instead fast. The underlying reason it can be not having direct peering with ISPs, poor routing, poor plan choice and so on.

I recommend using Cloudflare only for the DNS purpose because it is much faster and secure. The account comes with a two-step verification system as well.

Step 1. Login to Cloudflare Account

cloudflare login

Step 2. Pass Two Factor authentication

  • If you are using Two Factor Authentication, complete this step by entering OTP.
cloudflare auth

Step 3. Add a new website

  • Once you are successfully logged in to the Cloudflare Dashboard, click on Add a site button
add a site
  • Enter domain name and click Add site button

Step 4. Choose the Free Plan. It is sufficient.

select free plan

Step 5. Understand Proxy and DNS Sign

  • For all DNS Entries, keep Gray Cloud to have DNS resolution only mode
proxy dns sign

Step 6. Confirm Scanned Entries

  • Cloudflare does its best to scan all previous DNS records, it lists all of them correctly. In rare case, some record might get missed or repeated too many times. We suggest manually verify all of them with previous authoritative nameservers DNS manager. This is important to prevent downtime.
  • Go to each record Proxy Status, change from proxied to DNS resolution only mode.
  • This is the best part of Cloudflare it offers granular control for each records.
dns only mode

Step 7. Update new authoritative nameservers

  • Login to your Domain Registrar, in other words from where you had purchased your domain.
  • Hint: Under DNS section, you can find the option to Update the Nameservers suggested by Cloudflare. If you are unable to find where to update nameservers check this relevant documentation for GoDaddyNamecheapBluehost, similarly you can search on Google or contact the support team.
update nameservers
update cf nameservers
  • Once done, click on Done, check nameservers
done check nameservers
  • You can keep track of nameservers propagation via dnschecker site.
  • Skip CloudFlare onbording suggestions by clicking Done or setup later.
skip suggestions
  • Cloudflare periodically checks whether you have pointed your nameservers to Cloudflare. Clicking multiple times Re-check now won’t speed up the process.
  • Once Nameservers propagation finishes, You will get an e-mail from Cloudflare and you will see a message “Great news! Cloudflare is now protecting your site”.
cloudflare status

You can get DNS Analytics report as well.

basic report
Cloudflare DNS Queries
DNS Queries by Datacenter
DNS Dataceneters Report

Should you use Cloudflare DNS?

Yes, Cloudflare DNS is a reliable general-purpose use case. However, you should NEVER use its services for CNAME Flattening purpose.

I discovered with many Public DNS servers of ISP, the domain was not resolving to a geo-regional IP address as expected.

Testing method

  1. Pointed to using CNAME
  2. It was expected by all DNS server to answer only the regional IP but that didn’t happen.
  3. While any subdomain like www was routing properly but not a naked domain.

Good Case

google dns unknown isp
google dns unknown isp
subdomain works
unknown isp 2

Bad Case

Hathway 1
Hathway 2
Reliance Jio
Reliance Jio another user tested from mob
Reliance Jio user 2

Is Cloudflare DNS Free to use?

Cloudflare’s authoritative DNS services are free of charge and it does not limit DNS queries for a domain on its network.

How to get vanity nameservers with Cloudflare?

cloudflare vanity nameservers

Vanity nameservers such, are premium features available at Cloudflare Business and Enterprise plan.

Shall I use Cloudflare DNS?

The Cloudflare DNS service is reliable for general purpose except for the CNAME Flattening use case.

Want more? 
Imagine getting Tutorials everyday! THAT's FREAKING AWESOME. Subscribe now. 

Leave a Comment

20 thoughts on “Using Cloudflare DNS without CDN or WAF”

  1. What should be the cloudflare cache level? Should I set it to standard or I need to bypass cache?

    Can bunnycdn do cache like cloudflare?

  2. In my CloudFlare account I have my and created with a CNAME that point to URL. All “A” records are deleted.

    I get a warning next to one of them in CloudFlare. There is an “i” that when I hover over it in CloudFlare it says “Another record shares the same name, so we’ve applied CNAME flattening.”

    What am I doing wrong?

    • Trying to enable SSL in for my naked domain ( doesn’t work. I keep getting an error that says it’s not pointing to Bunny, but it is. It’s just that CloudFlare is flattening the naked domain. I don’t understand what I’m doing wrong. I’ve been at it for hours. Thank you!

      • You need to point DNS records as below.

        CNAME – —– – DNS only mode

        CNAME – www —– – DNS only mode

        Then only you can install SSL cert at panel for your Pull Zone.

      • Perfect! I got it working… but my Google page speed score took a 20 point dive. However, my GTmetrix score is great!

        Google is warning me “Eliminate render-blocking resources” and there are a bunch of css and js scripts on the Bunny CDN that it’s referring to. Did I do something wrong?

  3. Hi Gulshan,

    What when I use CF SSL/TLS cert for my site? If I make it a grey cloud [i.e., only using CF DNS] can’t use SSL cert as it becomes invalid.
    Get browser warnings, cannot access site.


    • You cannot use CF TLS while having DNS only mode [Gray Cloud]. If you want to use Cloudflare for DNS only, your origin server must have a valid cert such as Let’s Encrypt/Comodo.