CIS DNS zone CNAME (partial) setup
A partial or CNAME setup allows you to use reverse proxy while you maintain your primary and authoritative DNS provider.
This configuration is useful when you can't change your authoritative DNS provider and want to proxy only individual subdomains through the global network.
After you complete a partial setup, the actual resolution of your records to CIS depends on the CNAME records added at your authoritative DNS provider. Check your authoritative DNS provider to learn which records are pointing to {your-hostname}.cdn.cloudflare.net
.
The following table shows the recommended setup configurations for a child zone (subdomain).
Parent domain setup | Recommended child subdomain setup |
---|---|
Parent domain on CIS through a Full setup | Full setup only |
Parent domain on CIS through a CNAME setup | CNAME setup only |
The parent domain is not on CIS | Can choose Full or CNAME setup |
Setting up a CNAME zone
To set up a CNAME, take the following steps.
-
Create the
partial
type zone by using the CIS API or CLI.-
To create the
partial
type zone with CIS API:POST
https://{{api}}/v1/{{crn}}/zones
data: { "name": "ibmnetworkdemo.com", "jump_start": false, "type": "partial" }
-
To create the
partial
type zone with CIS CLI:ibmcloud cis domain-add ibmnetworkdemo.com --type partial --output JSON
If you encounter the error message: "Partial zone signup not allowed", contact Support.
-
-
Get the txt record
verification_key
andcname_suffix
from the response:{ "result": { "id": "1df93abfb59849abd3e34fde156a4c21", "name": "ibmnetworkdemo.com", "status": "active", "paused": false, "verification_key": "476754457-428595283", "cname_suffix": "cdn.cloudflare.net", "original_name_servers": [ "ns1.softlayer.com", "ns2.softlayer.com" ], "original_registrar": "everyones internet, ltd. dba s (id: 925)", "original_dnshost": null, "modified_on": "2021-05-07T06:46:19.326826Z", "created_on": "2021-05-07T01:57:53.163247Z", "account": { "id": "b0c53e3f037b8cdc62b5cb373b8c55e6", "name": "57aea3aa-a38e-4760-ada5-a698bca56171" } }, "success": true, "errors": [], "messages": [] }
-
Add the record
cloudflare-verify
to the parent DNS zone indicated by theverification-key
(in this example,ibmnetworkdemo.com
):txt cloudflare-verify.ibmnetworkdemo.com 476754457-428595283
-
After CIS verifies the record, the zone is activated. This process might take several hours.
Verify the CNAME
To verify your CNAME setup, take the following steps.
-
Add an A record in CIS and enable proxy:
www.ibmnetworkdemo.com A 169.48.151.44 true 1
-
Add the CNAME record in the authoritative DNS:
www.ibmnetworkdemo.com www.ibmnetworkdemo.com.cdn.cloudflare.net
The response appears similar to the following example:
check:: dig www.ibmnetworkdemo.com a ; <<>> DiG 9.10.6 <<>> www.ibmnetworkdemo.com a ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13528 ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;www.ibmnetworkdemo.com. IN A ;; ANSWER SECTION: www.ibmnetworkdemo.com. 899 IN CNAME www.ibmnetworkdemo.com.cdn.cloudflare.net. www.ibmnetworkdemo.com.cdn.cloudflare.net. 299 IN A 104.18.8.216 www.ibmnetworkdemo.com.cdn.cloudflare.net. 299 IN A 104.18.9.216