How to Set Up Cloudflare DNS for Your Domain

Cloudflare's free plan gives you a globally distributed DNS network, free SSL, basic DDoS protection, and an optional CDN layer, all for no cost. It works alongside your existing hosting provider: Cloudflare handles DNS and edge features, while your server (like HostBible) serves the actual website files. Setup takes about 20 minutes.

What Cloudflare DNS Actually Does

When you add a domain to Cloudflare, you change its nameservers to Cloudflare's. Cloudflare becomes the authoritative DNS provider for your domain, and all DNS queries are answered by Cloudflare's globally distributed network. This results in faster DNS response times worldwide.

Separately, Cloudflare offers a proxy mode (the orange cloud icon in the DNS settings). When a record is proxied, web traffic to that hostname is routed through Cloudflare's edge servers before reaching your origin server. This enables DDoS protection, CDN caching, SSL termination, and hides your origin server's IP from the public. When a record is DNS-only (grey cloud), Cloudflare answers the DNS query but doesn't proxy the traffic.

You can enable or disable proxy mode per record. The typical setup: proxy the A record for your main domain and www (enabling CDN/DDoS protection for your site), but leave mail and other service-specific records as DNS-only.

Step 1: Add Your Domain to Cloudflare

1. Create a free account at cloudflare.com if you don't have one.
2. From your dashboard, click Add a domain.
3. Enter your domain name and click Continue.
4. Select the Free plan.
5. Cloudflare scans your existing DNS records and imports them automatically. Review the imported records carefully before continuing.

The automatic import finds most records but occasionally misses some, particularly less common record types or records at subdomains. Compare against what you have in your current DNS provider and add anything missing.

Step 2: Review and Configure DNS Records

Before changing nameservers, verify Cloudflare has all your records and they're configured correctly:

• A record for @ (bare domain): should point to your server's IP. Set to proxied (orange cloud) if you want CDN/DDoS features.
• A or CNAME for www: set to proxied as well if you want www to go through Cloudflare.
• MX records: must be DNS-only (grey cloud). Proxying MX records breaks email. Cloudflare automatically prevents proxying MX records.
• TXT records (SPF, DKIM, DMARC): DNS-only. These must be visible directly and cannot be proxied.
• CNAME records for subdomains: review whether each should be proxied or DNS-only based on the service it points to.

A record for a mail server hostname (mail.yourdomain.com) must be DNS-only. Proxying it will break email delivery and SMTP connections.

Step 3: Change Your Nameservers

Cloudflare assigns you two unique nameservers (for example, cass.ns.cloudflare.com and uma.ns.cloudflare.com). These are shown on the setup page and in your Cloudflare dashboard under DNS > Nameservers.

Log in to your domain registrar and update the nameservers to the pair Cloudflare has assigned. Each domain gets its own unique pair, don't copy nameservers from another domain's Cloudflare setup.

Propagation typically takes 1 to 4 hours. Cloudflare sends a confirmation email when they detect the change has taken effect. You can verify from the command line:

dig yourdomain.com NS +short

Step 4: Configure SSL Mode

In your Cloudflare dashboard, go to SSL/TLS > Overview and select the encryption mode. The right choice depends on your origin server's SSL configuration:

• Full (strict): recommended for HostBible hosting (which provides free Let's Encrypt SSL). Encrypts traffic between the visitor and Cloudflare, and between Cloudflare and your origin server, with full certificate validation.
• Full: encrypts to origin but doesn't validate the certificate, only use this if you have a self-signed certificate on your origin.
• Flexible: encrypts between visitor and Cloudflare only; connection to your origin is HTTP. Avoid this if possible, it defeats the purpose of SSL and can cause issues with server-side HTTPS redirects.

With Flexible mode and a server-side HTTPS redirect, you'll get a redirect loop: Cloudflare connects to the origin over HTTP, the origin redirects to HTTPS, Cloudflare reconnects over HTTP, and so on. Use Full or Full (strict) to avoid this.

Step 5: Enable HTTPS Redirect

In SSL/TLS > Edge Certificates, enable Always Use HTTPS. This forces all HTTP requests to redirect to HTTPS at Cloudflare's edge, before they reach your origin server. Also consider enabling HSTS if your site is exclusively HTTPS and you want browsers to refuse plain HTTP connections entirely.

Common Issues After Setup

• Email stops working: check that your MX records are grey-cloud (DNS only). Also verify mail-related A records (mail.yourdomain.com) are not proxied.
• Redirect loops: change SSL mode from Flexible to Full or Full (strict). This is the most common cause of infinite redirect loops when using Cloudflare.
• Site shows Cloudflare error page instead of your site: your origin server isn't responding. Confirm your hosting is active and the server IP in your Cloudflare A record is correct. Temporarily disable the proxy (grey cloud) to test the origin directly.
• Cached stale content: Cloudflare caches static assets. If you've updated files and visitors see old content, purge the cache in Caching > Configuration > Purge Cache.
• Can't connect to origin for management: if you need to SSH or access server tools directly, Cloudflare proxying hides your server IP. Use the server's direct IP or temporarily disable proxy mode to access the origin.