You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: src/content/docs/dns/manage-dns-records/proxy-status/about-proxying.mdx
+23-13Lines changed: 23 additions & 13 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -6,13 +6,14 @@ sidebar:
6
6
label: About
7
7
---
8
8
9
-
import { Render } from"~/components";
9
+
import { Render, Example } from"~/components";
10
10
11
-
The **Proxy status** of a DNS record affects how Cloudflare treats incoming traffic to that record. Cloudflare recommends enabling our proxy for all [A, AAAA, and CNAME](/dns/manage-dns-records/reference/dns-record-types/#ip-address-resolution) records that are used for serving web traffic.
11
+
The **Proxy status** of a DNS record affects how Cloudflare treats incoming traffic to that record.
12
12
13
-
14
13
15
-
When you proxy specific DNS records through Cloudflare - specifically A, AAAA, or CNAME records — DNS queries for these will resolve to Cloudflare anycast IPs instead of their original DNS target. This means that all requests intended for proxied hostnames will go to Cloudflare first and then be forwarded to your origin server.
14
+
### Proxied records
15
+
16
+
When you proxy DNS records through Cloudflare — specifically [A, AAAA, or CNAME records](/dns/manage-dns-records/reference/dns-record-types/#ip-address-resolution) — Cloudflare responds with an [anycast IP address](/fundamentals/concepts/cloudflare-ip-addresses/)**instead of** the value defined on your [DNS table](/dns/manage-dns-records/#dns-records-table). This means that all requests intended for proxied hostnames will go to Cloudflare first and then be forwarded to your origin server.
This behavior allows Cloudflare to [optimize, cache, and protect](/fundamentals/concepts/how-cloudflare-works/) all requests to your application, as well as protect your origin server from [DDoS attacks](https://www.cloudflare.com/learning/ddos/what-is-a-ddos-attack/).
24
25
25
-
## DNS-only records
26
+
Cloudflare recommends enabling our proxy for all [A, AAAA, and CNAME](/dns/manage-dns-records/reference/dns-record-types/#ip-address-resolution) records that are used for serving web traffic. Refer to [Proxied DNS records](/dns/manage-dns-records/proxy-status/proxied-records/) for details and expected behavior.
27
+
28
+
### DNS-only records
26
29
27
-
When an A, AAAA, or CNAME record is **DNS-only**— also known as being gray-clouded — DNS queries for these will resolve to the record's normal IP address.
30
+
When an A, AAAA, or CNAME record is **DNS-only**(also known as being gray-clouded), DNS queries for this record will resolve to the record's normal IP address.
28
31
29
32
In addition to potentially exposing your origin IP addresses to bad actors and [DDoS attacks](https://www.cloudflare.com/learning/ddos/what-is-a-ddos-attack/), leaving your records as **DNS-only** means that Cloudflare cannot [optimize, cache, and protect](/fundamentals/concepts/how-cloudflare-works/) requests to your application or provide analytics on those requests.
30
33
31
-
## Example DNS table
34
+
---
35
+
36
+
## Detailed explanation
37
+
38
+
<Example>
39
+
40
+
DNS management for **example.com**:
32
41
33
-
| Type | Name | Content | Proxy status | TTL | Actions |
In the example DNS table above, there are two DNS records. The record with the name `blog` has the proxy on, while the record named `shop` has the proxy off (that is, **DNS only**).
39
49
40
50
### Proxied DNS record example
41
51
42
-
When the browser initiates a HTTP/HTTPS request to `blog.example.com`, a DNS resolver will convert the hostname into an IP address. Since this domain is using Cloudflare as its Authoritative DNS provider, the DNS query will be routed to Cloudflare; and because the proxy is on, Cloudflare will answer with an anycast IP address. Subsequently, the browser initiates a HTTP/HTTPS request back to Cloudflare. When Cloudflare receives this request, it performs a lookup to find the matching domain and account configuration and processes the request accordingly. Cloudflare forwards it to the configured origin server, which is `192.0.2.1`.
52
+
When a browser initiates an HTTP/HTTPS request to `blog.example.com`, a DNS resolver will convert the hostname into an IP address. Since this domain is using Cloudflare as its authoritative DNS provider, the DNS query will be routed to Cloudflare; and because the proxy is on, Cloudflare will answer with an anycast IP address. Subsequently, the browser initiates an HTTP/HTTPS request back to Cloudflare. When Cloudflare receives this request, it performs a lookup to find the matching domain and account configuration and processes the request accordingly. When needed, Cloudflare forwards the request to the configured origin server, which is `192.0.2.1`.
43
53
44
54
### DNS only record example
45
55
46
-
When the browser initiates a HTTP/HTTPS request to `shop.example.com`, a DNS resolver will convert the hostname into an IP address. Since this domain is using Cloudflare as its Authoritative DNS provider, the DNS query will be routed to Cloudflare; but since the proxy is off (that is, **DNS only**), Cloudflare will answer with `192.0.2.2`. Finally, the browser initiates a HTTP/HTTPS request to the server hosted at `192.0.2.2`.
56
+
When the browser initiates an HTTP/HTTPS request to `shop.example.com`, a DNS resolver will convert the hostname into an IP address. Since this domain is using Cloudflare as its authoritative DNS provider, the DNS query will be routed to Cloudflare; but since the proxy is off (that is, **DNS only**), Cloudflare will answer with `192.0.2.2`. Finally, the browser initiates an HTTP/HTTPS request to the server hosted at `192.0.2.2`.
0 commit comments