Deployment 10 min read Beginner Guide

Cloudflare DNS Setup: Complete Configuration Guide

Master Cloudflare DNS configuration for your is-pro.dev subdomain. Covers record types, proxy settings, SSL/TLS modes, security features, and best practices.

Written by Mayank Baswal

Founder of is-cool-me ยท DNS & Platform Infrastructure

Mayank Baswal maintains the is-cool-me platform and writes technical guides focused on DNS configuration, subdomain infrastructure, SSL troubleshooting, deployment workflows, and platform reliability.

GitHub Profile Contact
Reviewed by is-cool-me Technical Review

Cloudflare DNS Setup: Complete Configuration Guide

Cloudflare powers is-pro.dev's DNS infrastructure, providing fast, secure, and reliable domain management. Understanding how to configure DNS records and Cloudflare's features is essential for getting the most out of your free subdomain. This guide covers everything from basic DNS records to advanced security settings.

Understanding DNS Record Types

When managing your is-pro.dev subdomain, you will primarily work with these record types:

A records map a domain to an IPv4 address. Use these when you want to point your subdomain directly to a server's IP address. For example, pointing to a VPS or dedicated server. A records require four values: name, IPv4 address, TTL, and proxy status.

AAAA records work identically to A records but for IPv6 addresses. Most modern hosting platforms provide both A and AAAA records. Include both for maximum compatibility.

CNAME records map a domain to another domain name. This is the most commonly used record type with is-pro.dev because most hosting platforms (Vercel, Netlify, GitHub Pages) provide a domain to point to. CNAME records cannot coexist with other record types at the same name.

TXT records store text information for domain verification, email authentication (SPF, DKIM, DMARC), and other purposes. They are invisible to website visitors but critical for email deliverability and proving domain ownership.

MX records specify mail servers responsible for receiving email on behalf of your domain. If you plan to use custom email with your subdomain, you will need MX records pointing to your email provider.

Proxy Status: Orange vs Gray Cloud

Every DNS record in Cloudflare has a proxy status toggle:

Proxied (orange cloud): Traffic routes through Cloudflare's CDN and security network. Benefits include DDoS protection, SSL termination, HTTP/2, and caching. Use this for web traffic (HTTP/HTTPS).

DNS only (gray cloud): Traffic goes directly to your origin server. Use this for non-HTTP services like SSH, email servers, or custom applications that do not use web protocols.

For most web hosting setups (Vercel, Netlify, GitHub Pages), enable the orange cloud proxy. This gives you Cloudflare's security and performance benefits.

SSL/TLS Configuration

Cloudflare offers several SSL/TLS encryption modes:

Off: No encryption between visitor and Cloudflare or between Cloudflare and your server. Not recommended.

Flexible: Encrypts traffic between visitor and Cloudflare but not between Cloudflare and your server. Use this only if your origin does not support HTTPS.

Full: Encrypts both legs of the connection. Your origin needs a valid SSL certificate (self-signed works).

Full (Strict): Same as Full but requires a valid, trusted SSL certificate on your origin. This is the recommended setting for is-pro.dev subdomains.

To enable Full (Strict) mode, go to the SSL/TLS tab in your Cloudflare dashboard and select the appropriate mode. Ensure your origin server has HTTPS enabled.

Security Features

DDoS Protection: Cloudflare's network absorbs large DDoS attacks automatically. No configuration needed.

Web Application Firewall: Provides OWASP rulesets and managed rules to protect against common web vulnerabilities. The WAF is highly configurable and can be set to log only, challenge, or block specific threats.

Rate Limiting: Protects your APIs and login pages from brute force attacks. Configure rate limits based on URL pattern and request threshold.

Bot Management: Identifies and mitigates automated traffic. The free plan includes basic bot protection that challenges likely bots.

Caching and Performance

Cloudflare's CDN caches static resources at edge locations worldwide:

  • Enable "Always Online" to serve cached content when your origin is unreachable
  • Set appropriate cache rules for different content types (cache HTML for shorter durations, assets for longer)
  • Use "Cache Reserve" for guaranteed cache hit rates

DNSSEC

DNSSEC adds cryptographic signatures to DNS records, protecting against DNS spoofing and cache poisoning. After enabling DNSSEC in Cloudflare, add the DS record provided by Cloudflare to your domain registrar. This is a one-time setup that provides ongoing protection.

Troubleshooting

DNS changes not taking effect: Cloudflare's DNS propagates within minutes, but your local DNS cache may need to be cleared. Run ipconfig /flushdns (Windows) or sudo dscacheutil -flushcache (macOS).

SSL errors after changing proxy status: If you switch from proxied to DNS-only, SSL certificates must be configured on your origin server. Ensure your origin supports HTTPS.

CNAME flattening issues: CNAME records at the root of a zone (naked domain) require special handling. is-pro.dev uses CNAME flattening to support this. If you encounter issues, use a subdomain instead.

Conclusion

Cloudflare DNS configuration for your is-pro.dev subdomain is powerful yet straightforward. Understand the different record types, use proxy mode for web traffic, configure SSL/TLS properly, and enable security features. With this setup, your subdomain benefits from world-class DNS infrastructure at no cost.