DNS and Domain Services
DNS is the foundation of every Cloudflare deployment. Before Cloudflare can accelerate, cache, or protect your traffic, it must first resolve your domain. This module covers every DNS-related service Cloudflare offers — from authoritative hosting to privacy-focused resolution.
Why DNS Is First
Every Cloudflare feature depends on DNS. You cannot enable CDN, WAF, or Workers unless Cloudflare controls (or proxies) your domain's DNS. Understanding this layer is a prerequisite for everything that follows.
How Cloudflare DNS Fits Together
flowchart TB
subgraph Public["Public Internet"]
USER["End User / Browser"]
end
subgraph Resolver["DNS Resolution"]
STUB["Stub Resolver\n(OS / Browser)"] -->|Query| DOH["1.1.1.1\nDoH / DoT"]
DOH -->|Recursive Lookup| AUTH
end
subgraph CF["Cloudflare DNS Infrastructure"]
AUTH["Authoritative DNS\n(Your Zone)"]
AUTH -->|A / AAAA / CNAME| PROXY{"Proxy Mode?"}
PROXY -->|Orange Cloud ☁️| EDGE["Cloudflare Edge\n(CDN + WAF + DDoS)"]
PROXY -->|Grey Cloud (DNS-Only)| ORIGIN["Your Origin Server"]
end
subgraph Domain["Domain Services"]
REG["Cloudflare Registrar"]
EMAIL["Email Routing"]
end
USER --> STUB
EDGE --> ORIGIN
REG -->|Manages| AUTH
AUTH -->|MX Records| EMAIL
style DOH fill:#f6821f,color:#fff,stroke:#e5711e
style AUTH fill:#2563eb,color:#fff,stroke:#1e40af
style EDGE fill:#16a34a,color:#fff,stroke:#15803d
style REG fill:#7c3aed,color:#fff,stroke:#6d28d9
Core Terminology
| Term | What It Is | Analogy |
|---|---|---|
| Authoritative DNS | The server that holds the definitive records for your domain | The official phone book for your company |
| Recursive Resolver | A server that looks up DNS records on behalf of the client | A librarian who finds the book you requested |
| Proxy Mode (Orange Cloud) | Traffic flows through Cloudflare's network (CDN, WAF, DDoS active) | A security guard who inspects packages before delivery |
| DNS-Only (Grey Cloud) | Cloudflare only provides DNS resolution, traffic goes directly to origin | A phone directory that gives you the number directly |
| DoH / DoT | Encrypted DNS queries over HTTPS or TLS | Making a phone call through a secure, encrypted line |
| Zone | A domain and all its DNS records managed as a unit | A filing cabinet for one company's contact records |
What You Will Learn
| Lesson | What It Covers |
|---|---|
| Authoritative DNS | Setting up your zone, record types, proxy mode vs DNS-only, TTL strategy |
| 1.1.1.1 DNS Resolver | Cloudflare's public recursive resolver, DoH, DoT, and privacy guarantees |
| Domain Registrar | Registering and transferring domains at-cost with Cloudflare Registrar |
| Email Routing | Free email forwarding, catch-all addresses, and worker integration |
Prerequisites
- A registered domain name (or willingness to register one through Cloudflare)
- Access to your current registrar's nameserver settings
- Basic understanding of DNS concepts (A records, CNAME, MX records)