From a8bed18ca782d2715e45a266bcb194c759f2f62a Mon Sep 17 00:00:00 2001 From: Rebecca Tamachiro Date: Wed, 15 Jan 2025 17:53:00 +0000 Subject: [PATCH 01/16] Move Proxy status higher and add redirect and placeholder pages --- public/_redirects | 1 + .../proxy-status/additional-options.mdx | 7 +++++++ .../proxied-dns-records.mdx => proxy-status/index.mdx} | 8 +++++--- .../dns/manage-dns-records/proxy-status/limitations.mdx | 6 ++++++ 4 files changed, 19 insertions(+), 3 deletions(-) create mode 100644 src/content/docs/dns/manage-dns-records/proxy-status/additional-options.mdx rename src/content/docs/dns/manage-dns-records/{reference/proxied-dns-records.mdx => proxy-status/index.mdx} (89%) create mode 100644 src/content/docs/dns/manage-dns-records/proxy-status/limitations.mdx diff --git a/public/_redirects b/public/_redirects index 933967c4f5440f6..f573ab6ed97b6ea 100644 --- a/public/_redirects +++ b/public/_redirects @@ -352,6 +352,7 @@ /dns/foundation-dns/graphql-analytics/ /dns/additional-options/analytics/ 301 /dns/manage-dns-records/how-to/dns-load-balancing/ /dns/manage-dns-records/how-to/round-robin-dns/ 301 /dns/manage-dns-records/how-to/create-root-domain/ /dns/manage-dns-records/how-to/create-zone-apex/ 301 +/dns/manage-dns-records/reference/proxied-dns-records/ /dns/manage-dns-records/proxy-status/ 301 /dns/reference/troubleshooting/ /dns/reference/recommended-third-party-tools/ 301 /dns/zone-setups/partial-setup/convert-partial-to-full/ /dns/zone-setups/conversions/convert-partial-to-full/ 301 /dns/zone-setups/partial-setup/convert-partial-to-secondary/ /dns/zone-setups/conversions/convert-partial-to-secondary/ 301 diff --git a/src/content/docs/dns/manage-dns-records/proxy-status/additional-options.mdx b/src/content/docs/dns/manage-dns-records/proxy-status/additional-options.mdx new file mode 100644 index 000000000000000..5b599179f091f9d --- /dev/null +++ b/src/content/docs/dns/manage-dns-records/proxy-status/additional-options.mdx @@ -0,0 +1,7 @@ +--- +pcx_content_type: reference +title: Additional options +sidebar: + order: 2 +--- + diff --git a/src/content/docs/dns/manage-dns-records/reference/proxied-dns-records.mdx b/src/content/docs/dns/manage-dns-records/proxy-status/index.mdx similarity index 89% rename from src/content/docs/dns/manage-dns-records/reference/proxied-dns-records.mdx rename to src/content/docs/dns/manage-dns-records/proxy-status/index.mdx index b574a0bc474edf8..5565b85d2a1aaf0 100644 --- a/src/content/docs/dns/manage-dns-records/reference/proxied-dns-records.mdx +++ b/src/content/docs/dns/manage-dns-records/proxy-status/index.mdx @@ -2,16 +2,18 @@ pcx_content_type: concept title: Proxy status sidebar: - order: 1 - + order: 2 + label: About --- import { Render } from "~/components" -The **Proxy status** of a DNS record affects how Cloudflare treats incoming traffic to that record. Cloudflare recommends enabling our proxy for all `A`, `AAAA`, and `CNAME` records that are used for serving web traffic. +The **Proxy status** of a DNS record affects how Cloudflare treats incoming traffic to that record. Cloudflare recommends enabling our proxy for all [A, AAAA, and CNAME](/dns/manage-dns-records/reference/dns-record-types/#ip-address-resolution) records that are used for serving web traffic. ![Proxy status affects how Cloudflare treats traffic intended for specific DNS records](~/assets/images/dns/proxy-status-screenshot.png) +## How proxying works + *** ## Proxied records diff --git a/src/content/docs/dns/manage-dns-records/proxy-status/limitations.mdx b/src/content/docs/dns/manage-dns-records/proxy-status/limitations.mdx new file mode 100644 index 000000000000000..e165ea301d52d43 --- /dev/null +++ b/src/content/docs/dns/manage-dns-records/proxy-status/limitations.mdx @@ -0,0 +1,6 @@ +--- +pcx_content_type: reference +title: Limitations +sidebar: + order: 3 +--- \ No newline at end of file From ebf1e20e087baa357578494dfcebd89bac995a6f Mon Sep 17 00:00:00 2001 From: Rebecca Tamachiro Date: Fri, 17 Jan 2025 17:06:13 +0000 Subject: [PATCH 02/16] Rename pages and add cf-configuration as per Abby suggestion --- .../proxy-status/about-proxying.mdx | 21 +++++++++ .../proxy-status/additional-options.mdx | 7 --- .../proxy-status/cloudflare-configuration.mdx | 9 ++++ .../proxy-status/index copy.mdx | 46 +++++++++++++++++++ .../manage-dns-records/proxy-status/index.mdx | 41 ++--------------- .../proxy-status/limitations.mdx | 6 ++- .../proxy-status/proxied-records.mdx | 46 +++++++++++++++++++ 7 files changed, 131 insertions(+), 45 deletions(-) create mode 100644 src/content/docs/dns/manage-dns-records/proxy-status/about-proxying.mdx delete mode 100644 src/content/docs/dns/manage-dns-records/proxy-status/additional-options.mdx create mode 100644 src/content/docs/dns/manage-dns-records/proxy-status/cloudflare-configuration.mdx create mode 100644 src/content/docs/dns/manage-dns-records/proxy-status/index copy.mdx create mode 100644 src/content/docs/dns/manage-dns-records/proxy-status/proxied-records.mdx diff --git a/src/content/docs/dns/manage-dns-records/proxy-status/about-proxying.mdx b/src/content/docs/dns/manage-dns-records/proxy-status/about-proxying.mdx new file mode 100644 index 000000000000000..c7ae01929302ab3 --- /dev/null +++ b/src/content/docs/dns/manage-dns-records/proxy-status/about-proxying.mdx @@ -0,0 +1,21 @@ +--- +pcx_content_type: concept +title: How proxying works (TBD) +sidebar: + order: 2 + label: About +--- + +import { Render } from "~/components"; + +The **Proxy status** of a DNS record affects how Cloudflare treats incoming traffic to that record. Cloudflare recommends enabling our proxy for all [A, AAAA, and CNAME](/dns/manage-dns-records/reference/dns-record-types/#ip-address-resolution) records that are used for serving web traffic. + +![Proxy status affects how Cloudflare treats traffic intended for specific DNS records](~/assets/images/dns/proxy-status-screenshot.png) + + + +## DNS-only records + +When an `A`, `AAAA`, or `CNAME` record is **DNS-only** — also known as being gray-clouded — DNS queries for these will resolve to the record's normal IP address. + +In addition to potentially exposing your origin IP addresses to bad actors and [DDoS attacks](https://www.cloudflare.com/learning/ddos/what-is-a-ddos-attack/), leaving your records as **DNS-only** means that Cloudflare cannot [optimize, cache, and protect](/fundamentals/concepts/how-cloudflare-works/) requests to your application or provide analytics on those requests. diff --git a/src/content/docs/dns/manage-dns-records/proxy-status/additional-options.mdx b/src/content/docs/dns/manage-dns-records/proxy-status/additional-options.mdx deleted file mode 100644 index 5b599179f091f9d..000000000000000 --- a/src/content/docs/dns/manage-dns-records/proxy-status/additional-options.mdx +++ /dev/null @@ -1,7 +0,0 @@ ---- -pcx_content_type: reference -title: Additional options -sidebar: - order: 2 ---- - diff --git a/src/content/docs/dns/manage-dns-records/proxy-status/cloudflare-configuration.mdx b/src/content/docs/dns/manage-dns-records/proxy-status/cloudflare-configuration.mdx new file mode 100644 index 000000000000000..22011bd607201e3 --- /dev/null +++ b/src/content/docs/dns/manage-dns-records/proxy-status/cloudflare-configuration.mdx @@ -0,0 +1,9 @@ +--- +pcx_content_type: reference +title: Products that require proxied records +sidebar: + order: 3 + label: Cloudflare configuration +--- + +List of other Cloudflare products that depend on records being proxied. \ No newline at end of file diff --git a/src/content/docs/dns/manage-dns-records/proxy-status/index copy.mdx b/src/content/docs/dns/manage-dns-records/proxy-status/index copy.mdx new file mode 100644 index 000000000000000..00743e38de0f8de --- /dev/null +++ b/src/content/docs/dns/manage-dns-records/proxy-status/index copy.mdx @@ -0,0 +1,46 @@ +--- +pcx_content_type: concept +title: Previous page (delete after) +sidebar: + order: 15 + label: Ref - delete after + hidden: true +--- + +import { Render } from "~/components"; + +The **Proxy status** of a DNS record affects how Cloudflare treats incoming traffic to that record. Cloudflare recommends enabling our proxy for all [A, AAAA, and CNAME](/dns/manage-dns-records/reference/dns-record-types/#ip-address-resolution) records that are used for serving web traffic. + +![Proxy status affects how Cloudflare treats traffic intended for specific DNS records](~/assets/images/dns/proxy-status-screenshot.png) + +## How proxying works + +*** + +## Proxied records + + + + + +### Protocol optimization + +For proxied records, if your domain has [HTTP/2 or HTTP/3 enabled](/speed/optimization/protocol/), Cloudflare automatically generates corresponding [HTTPS Service (HTTPS) records](/dns/manage-dns-records/reference/dns-record-types/#svcb-and-https) on the fly. HTTPS records allow you to provide a client with information about how it should connect to a server upfront, without the need of an initial plaintext HTTP connection. + +:::note +Both HTTP/2 and HTTP/3 configurations also require that you have an SSL/TLS certificate served by Cloudflare. This means that disabling [Universal SSL](/ssl/edge-certificates/universal-ssl/), for example, could impact this behavior. +::: + +### Limitations + + + +*** + +## DNS-only records + +When an `A`, `AAAA`, or `CNAME` record is **DNS-only** — also known as being gray-clouded — DNS queries for these will resolve to the record's normal IP address. + + + +In addition to potentially exposing your origin IP addresses to bad actors and [DDoS attacks](https://www.cloudflare.com/learning/ddos/what-is-a-ddos-attack/), leaving your records as **DNS-only** means that Cloudflare cannot [optimize, cache, and protect](/fundamentals/concepts/how-cloudflare-works/) requests to your application or provide analytics on those requests. diff --git a/src/content/docs/dns/manage-dns-records/proxy-status/index.mdx b/src/content/docs/dns/manage-dns-records/proxy-status/index.mdx index 5565b85d2a1aaf0..d5b239c71d5fb3f 100644 --- a/src/content/docs/dns/manage-dns-records/proxy-status/index.mdx +++ b/src/content/docs/dns/manage-dns-records/proxy-status/index.mdx @@ -3,43 +3,10 @@ pcx_content_type: concept title: Proxy status sidebar: order: 2 - label: About + group: + hideIndex: true --- -import { Render } from "~/components" +import { DirectoryListing } from "~/components"; -The **Proxy status** of a DNS record affects how Cloudflare treats incoming traffic to that record. Cloudflare recommends enabling our proxy for all [A, AAAA, and CNAME](/dns/manage-dns-records/reference/dns-record-types/#ip-address-resolution) records that are used for serving web traffic. - -![Proxy status affects how Cloudflare treats traffic intended for specific DNS records](~/assets/images/dns/proxy-status-screenshot.png) - -## How proxying works - -*** - -## Proxied records - - - - - -### Protocol optimization - -For proxied records, if your domain has [HTTP/2 or HTTP/3 enabled](/speed/optimization/protocol/), Cloudflare automatically generates corresponding [HTTPS Service (HTTPS) records](/dns/manage-dns-records/reference/dns-record-types/#svcb-and-https) on the fly. HTTPS records allow you to provide a client with information about how it should connect to a server upfront, without the need of an initial plaintext HTTP connection. - -:::note -Both HTTP/2 and HTTP/3 configurations also require that you have an SSL/TLS certificate served by Cloudflare. This means that disabling [Universal SSL](/ssl/edge-certificates/universal-ssl/), for example, could impact this behavior. -::: - -### Limitations - - - -*** - -## DNS-only records - -When an `A`, `AAAA`, or `CNAME` record is **DNS-only** — also known as being gray-clouded — DNS queries for these will resolve to the record's normal IP address. - - - -In addition to potentially exposing your origin IP addresses to bad actors and [DDoS attacks](https://www.cloudflare.com/learning/ddos/what-is-a-ddos-attack/), leaving your records as **DNS-only** means that Cloudflare cannot [optimize, cache, and protect](/fundamentals/concepts/how-cloudflare-works/) requests to your application or provide analytics on those requests. + diff --git a/src/content/docs/dns/manage-dns-records/proxy-status/limitations.mdx b/src/content/docs/dns/manage-dns-records/proxy-status/limitations.mdx index e165ea301d52d43..ba901b3a84a66be 100644 --- a/src/content/docs/dns/manage-dns-records/proxy-status/limitations.mdx +++ b/src/content/docs/dns/manage-dns-records/proxy-status/limitations.mdx @@ -3,4 +3,8 @@ pcx_content_type: reference title: Limitations sidebar: order: 3 ---- \ No newline at end of file +--- + +import { Render } from "~/components"; + + \ No newline at end of file diff --git a/src/content/docs/dns/manage-dns-records/proxy-status/proxied-records.mdx b/src/content/docs/dns/manage-dns-records/proxy-status/proxied-records.mdx new file mode 100644 index 000000000000000..2753b136c7f8840 --- /dev/null +++ b/src/content/docs/dns/manage-dns-records/proxy-status/proxied-records.mdx @@ -0,0 +1,46 @@ +--- +pcx_content_type: reference +title: Proxied DNS records +sidebar: + order: 2 + label: Proxied records +--- + +import { Render } from "~/components"; + +:::caution[TEMP WIP NOTE] +Not too sure about the name. The idea would be to document any "expected behavior" for proxied records here + +More details of how the DNS record proxy status interacts with other Cloudflare configurations. Besides content below (pulled from previously existing page), things like O2O, BYOIP address maps, etc, could go here. +::: + +## Predefined time to live + + +By default, all [proxied records](/dns/manage-dns-records/reference/proxied-dns-records/) have a TTL of **Auto**, which is set to 300 seconds. + +Since only [IP resolution records](/dns/manage-dns-records/reference/dns-record-types/#ip-address-resolution) can be proxied, this setting ensures that queries to your domain name resolve fairly quickly. This setting also means that any changes to proxied `A`, `AAAA`, or `CNAME` records will take place within five minutes or less. + +:::note + + +It may take longer than 5 minutes for you to actually experience record changes, as your local DNS cache may take longer to update. + + +::: + +## Mix proxied and unproxied + +If you have multiple `A/AAAA` records on the same name and at least one of them is proxied, Cloudflare will treat all `A/AAAA` records on this name as being proxied. + +## CNAME records that cannot be proxied + +If you encounter a `CNAME` record that you cannot proxy — usually associated with another CDN provider — a proxied version of that record will cause connectivity errors. Cloudflare is purposely preventing that record from being proxied to protect you from a misconfiguration. + +## Protocol optimization + +For proxied records, if your domain has [HTTP/2 or HTTP/3 enabled](/speed/optimization/protocol/), Cloudflare automatically generates corresponding [HTTPS Service (HTTPS) records](/dns/manage-dns-records/reference/dns-record-types/#svcb-and-https) on the fly. HTTPS records allow you to provide a client with information about how it should connect to a server upfront, without the need of an initial plaintext HTTP connection. + +:::note +Both HTTP/2 and HTTP/3 configurations also require that you have an SSL/TLS certificate served by Cloudflare. This means that disabling [Universal SSL](/ssl/edge-certificates/universal-ssl/), for example, could impact this behavior. +::: \ No newline at end of file From fbf572cdd8b66cbb24cd9afe906d30e7f2481224 Mon Sep 17 00:00:00 2001 From: Rebecca Tamachiro Date: Mon, 20 Jan 2025 13:59:50 +0000 Subject: [PATCH 03/16] Remove duplicative unproxied CNAME records note --- .../dns/manage-dns-records/proxy-status/proxied-records.mdx | 4 ---- 1 file changed, 4 deletions(-) diff --git a/src/content/docs/dns/manage-dns-records/proxy-status/proxied-records.mdx b/src/content/docs/dns/manage-dns-records/proxy-status/proxied-records.mdx index 2753b136c7f8840..6a7030932801fe6 100644 --- a/src/content/docs/dns/manage-dns-records/proxy-status/proxied-records.mdx +++ b/src/content/docs/dns/manage-dns-records/proxy-status/proxied-records.mdx @@ -33,10 +33,6 @@ It may take longer than 5 minutes for you to actually experience record changes, If you have multiple `A/AAAA` records on the same name and at least one of them is proxied, Cloudflare will treat all `A/AAAA` records on this name as being proxied. -## CNAME records that cannot be proxied - -If you encounter a `CNAME` record that you cannot proxy — usually associated with another CDN provider — a proxied version of that record will cause connectivity errors. Cloudflare is purposely preventing that record from being proxied to protect you from a misconfiguration. - ## Protocol optimization For proxied records, if your domain has [HTTP/2 or HTTP/3 enabled](/speed/optimization/protocol/), Cloudflare automatically generates corresponding [HTTPS Service (HTTPS) records](/dns/manage-dns-records/reference/dns-record-types/#svcb-and-https) on the fly. HTTPS records allow you to provide a client with information about how it should connect to a server upfront, without the need of an initial plaintext HTTP connection. From c6fa4a105075c204f44861c9545c1e61f2b2f693 Mon Sep 17 00:00:00 2001 From: Rebecca Tamachiro Date: Mon, 20 Jan 2025 14:01:01 +0000 Subject: [PATCH 04/16] Remove render component while keeping content in about-proxying --- .../proxy-status/about-proxying.mdx | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/src/content/docs/dns/manage-dns-records/proxy-status/about-proxying.mdx b/src/content/docs/dns/manage-dns-records/proxy-status/about-proxying.mdx index c7ae01929302ab3..c7ed6e0d95c4ff7 100644 --- a/src/content/docs/dns/manage-dns-records/proxy-status/about-proxying.mdx +++ b/src/content/docs/dns/manage-dns-records/proxy-status/about-proxying.mdx @@ -12,7 +12,24 @@ The **Proxy status** of a DNS record affects how Cloudflare treats incoming traf ![Proxy status affects how Cloudflare treats traffic intended for specific DNS records](~/assets/images/dns/proxy-status-screenshot.png) - +When you proxy specific DNS records through Cloudflare - specifically `A`, `AAAA`, or `CNAME` records — DNS queries for these will resolve to Cloudflare anycast IPs instead of their original DNS target. This means that all requests intended for proxied hostnames will go to Cloudflare first and then be forwarded to your origin server. + +```mermaid +flowchart LR +accTitle: Connections with Cloudflare +A[Visitor] <-- Connection --> B[Cloudflare global network] <-- Connection --> C[Origin server] +``` + +
+ +This behavior allows Cloudflare to [optimize, cache, and protect](/fundamentals/concepts/how-cloudflare-works/) all requests to your application, as well as protect your origin server from [DDoS attacks](https://www.cloudflare.com/learning/ddos/what-is-a-ddos-attack/). + +Because requests to proxied hostnames go through Cloudflare before reaching your origin server, all requests will appear to be coming from Cloudflare's IP addresses (and could potentially be blocked or rate limited). If you use proxied records, you may need to adjust your server configuration to [allow Cloudflare IPs](/fundamentals/concepts/cloudflare-ip-addresses/). + +Cloudflare anycast IPs used to proxy traffic on your domain are assigned automatically. These IPs might change at any time for operational reasons. +If you need to allowlist Cloudflare IPs on your infrastructure or hosting provider, include the full list of [Cloudflare anycast IPs](https://www.cloudflare.com/ips/). + +As an Enterprise customer, you have the option to get [static IPs](/spectrum/about/static-ip/) or [bring your own IPs (BYOIP)](/byoip/). ## DNS-only records From 0a01634ae4b3a2ccbc0f58263923c8b378fb71b1 Mon Sep 17 00:00:00 2001 From: Rebecca Tamachiro Date: Mon, 20 Jan 2025 14:12:00 +0000 Subject: [PATCH 05/16] Move details about IP addresses to proxied-records --- .../proxy-status/about-proxying.mdx | 9 --------- .../proxy-status/proxied-records.mdx | 16 +++++++++++++++- 2 files changed, 15 insertions(+), 10 deletions(-) diff --git a/src/content/docs/dns/manage-dns-records/proxy-status/about-proxying.mdx b/src/content/docs/dns/manage-dns-records/proxy-status/about-proxying.mdx index c7ed6e0d95c4ff7..7fab4f2f1be59d9 100644 --- a/src/content/docs/dns/manage-dns-records/proxy-status/about-proxying.mdx +++ b/src/content/docs/dns/manage-dns-records/proxy-status/about-proxying.mdx @@ -20,17 +20,8 @@ accTitle: Connections with Cloudflare A[Visitor] <-- Connection --> B[Cloudflare global network] <-- Connection --> C[Origin server] ``` -
- This behavior allows Cloudflare to [optimize, cache, and protect](/fundamentals/concepts/how-cloudflare-works/) all requests to your application, as well as protect your origin server from [DDoS attacks](https://www.cloudflare.com/learning/ddos/what-is-a-ddos-attack/). -Because requests to proxied hostnames go through Cloudflare before reaching your origin server, all requests will appear to be coming from Cloudflare's IP addresses (and could potentially be blocked or rate limited). If you use proxied records, you may need to adjust your server configuration to [allow Cloudflare IPs](/fundamentals/concepts/cloudflare-ip-addresses/). - -Cloudflare anycast IPs used to proxy traffic on your domain are assigned automatically. These IPs might change at any time for operational reasons. -If you need to allowlist Cloudflare IPs on your infrastructure or hosting provider, include the full list of [Cloudflare anycast IPs](https://www.cloudflare.com/ips/). - -As an Enterprise customer, you have the option to get [static IPs](/spectrum/about/static-ip/) or [bring your own IPs (BYOIP)](/byoip/). - ## DNS-only records When an `A`, `AAAA`, or `CNAME` record is **DNS-only** — also known as being gray-clouded — DNS queries for these will resolve to the record's normal IP address. diff --git a/src/content/docs/dns/manage-dns-records/proxy-status/proxied-records.mdx b/src/content/docs/dns/manage-dns-records/proxy-status/proxied-records.mdx index 6a7030932801fe6..1b54d1a9b68b2b5 100644 --- a/src/content/docs/dns/manage-dns-records/proxy-status/proxied-records.mdx +++ b/src/content/docs/dns/manage-dns-records/proxy-status/proxied-records.mdx @@ -39,4 +39,18 @@ For proxied records, if your domain has [HTTP/2 or HTTP/3 enabled](/speed/optimi :::note Both HTTP/2 and HTTP/3 configurations also require that you have an SSL/TLS certificate served by Cloudflare. This means that disabling [Universal SSL](/ssl/edge-certificates/universal-ssl/), for example, could impact this behavior. -::: \ No newline at end of file +::: + +## IP addresses + +:::caution[Note to self] +Consider not going into detail about ingress vs egress here. Maybe a better option would be making note of that while mentioning Address Maps in cloudflare-configuration.mdx +::: + + +Because requests to proxied hostnames go through Cloudflare before reaching your origin server, all requests will appear to be coming from Cloudflare's IP addresses (and could potentially be blocked or rate limited). If you use proxied records, you may need to adjust your server configuration to [allow Cloudflare IPs](/fundamentals/concepts/cloudflare-ip-addresses/). + +Cloudflare anycast IPs used to proxy traffic on your domain are assigned automatically. These IPs might change at any time for operational reasons. +If you need to allowlist Cloudflare IPs on your infrastructure or hosting provider, include the full list of [Cloudflare anycast IPs](https://www.cloudflare.com/ips/). + +As an Enterprise customer, you have the option to get [static IPs](/spectrum/about/static-ip/) or [bring your own IPs (BYOIP)](/byoip/). \ No newline at end of file From 9d91e18f2f5851dab028d55c4e06e7683b094a1a Mon Sep 17 00:00:00 2001 From: Rebecca Tamachiro Date: Mon, 20 Jan 2025 14:13:01 +0000 Subject: [PATCH 06/16] Adjust order so that more complex cf-config comes last --- .../proxy-status/cloudflare-configuration.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/content/docs/dns/manage-dns-records/proxy-status/cloudflare-configuration.mdx b/src/content/docs/dns/manage-dns-records/proxy-status/cloudflare-configuration.mdx index 22011bd607201e3..ab5a687461b6fce 100644 --- a/src/content/docs/dns/manage-dns-records/proxy-status/cloudflare-configuration.mdx +++ b/src/content/docs/dns/manage-dns-records/proxy-status/cloudflare-configuration.mdx @@ -2,7 +2,7 @@ pcx_content_type: reference title: Products that require proxied records sidebar: - order: 3 + order: 4 label: Cloudflare configuration --- From 22b9230cd15ffc5c381b0a75385bb41ed1882026 Mon Sep 17 00:00:00 2001 From: Rebecca Tamachiro Date: Mon, 20 Jan 2025 14:59:06 +0000 Subject: [PATCH 07/16] Move DNS records detail from Fundamentals to about-proxying --- .../proxy-status/about-proxying.mdx | 21 ++++++++++++-- .../concepts/how-cloudflare-works.mdx | 29 ++++--------------- 2 files changed, 24 insertions(+), 26 deletions(-) diff --git a/src/content/docs/dns/manage-dns-records/proxy-status/about-proxying.mdx b/src/content/docs/dns/manage-dns-records/proxy-status/about-proxying.mdx index 7fab4f2f1be59d9..ce2e2f741b3d6c8 100644 --- a/src/content/docs/dns/manage-dns-records/proxy-status/about-proxying.mdx +++ b/src/content/docs/dns/manage-dns-records/proxy-status/about-proxying.mdx @@ -12,7 +12,7 @@ The **Proxy status** of a DNS record affects how Cloudflare treats incoming traf ![Proxy status affects how Cloudflare treats traffic intended for specific DNS records](~/assets/images/dns/proxy-status-screenshot.png) -When you proxy specific DNS records through Cloudflare - specifically `A`, `AAAA`, or `CNAME` records — DNS queries for these will resolve to Cloudflare anycast IPs instead of their original DNS target. This means that all requests intended for proxied hostnames will go to Cloudflare first and then be forwarded to your origin server. +When you proxy specific DNS records through Cloudflare - specifically A, AAAA, or CNAME records — DNS queries for these will resolve to Cloudflare anycast IPs instead of their original DNS target. This means that all requests intended for proxied hostnames will go to Cloudflare first and then be forwarded to your origin server. ```mermaid flowchart LR @@ -24,6 +24,23 @@ This behavior allows Cloudflare to [optimize, cache, and protect](/fundamentals/ ## DNS-only records -When an `A`, `AAAA`, or `CNAME` record is **DNS-only** — also known as being gray-clouded — DNS queries for these will resolve to the record's normal IP address. +When an A, AAAA, or CNAME record is **DNS-only** — also known as being gray-clouded — DNS queries for these will resolve to the record's normal IP address. In addition to potentially exposing your origin IP addresses to bad actors and [DDoS attacks](https://www.cloudflare.com/learning/ddos/what-is-a-ddos-attack/), leaving your records as **DNS-only** means that Cloudflare cannot [optimize, cache, and protect](/fundamentals/concepts/how-cloudflare-works/) requests to your application or provide analytics on those requests. + +## Example DNS table + +| Type | Name | Content | Proxy status | TTL | Actions | +| :--: | :----: | :---------: | :----------: | :----: | ------: | +| `A` | `blog` | `192.0.2.1` | `Proxied` | `Auto` | `Edit` | +| `A` | `shop` | `192.0.2.2` | `DNS only` | `Auto` | `Edit` | + +In the example DNS table above, there are two DNS records. The record with the name `blog` has the proxy on, while the record named `shop` has the proxy off (that is, **DNS only**). + +### Proxied DNS record example + +When the browser initiates a HTTP/HTTPS request to `blog.example.com`, a DNS resolver will convert the hostname into an IP address. Since this domain is using Cloudflare as its Authoritative DNS provider, the DNS query will be routed to Cloudflare; and because the proxy is on, Cloudflare will answer with an anycast IP address. Subsequently, the browser initiates a HTTP/HTTPS request back to Cloudflare. When Cloudflare receives this request, it performs a lookup to find the matching domain and account configuration and processes the request accordingly. Cloudflare forwards it to the configured origin server, which is `192.0.2.1`. + +### DNS only record example + +When the browser initiates a HTTP/HTTPS request to `shop.example.com`, a DNS resolver will convert the hostname into an IP address. Since this domain is using Cloudflare as its Authoritative DNS provider, the DNS query will be routed to Cloudflare; but since the proxy is off (that is, **DNS only**), Cloudflare will answer with `192.0.2.2`. Finally, the browser initiates a HTTP/HTTPS request to the server hosted at `192.0.2.2`. \ No newline at end of file diff --git a/src/content/docs/fundamentals/concepts/how-cloudflare-works.mdx b/src/content/docs/fundamentals/concepts/how-cloudflare-works.mdx index 9141f4cd566a74c..93c31f283fcf974 100644 --- a/src/content/docs/fundamentals/concepts/how-cloudflare-works.mdx +++ b/src/content/docs/fundamentals/concepts/how-cloudflare-works.mdx @@ -20,42 +20,23 @@ We support a few different [setups](/dns/zone-setups/) for using Cloudflare as a When Cloudflare receives a DNS query for your domain, our response is determined by the configuration [set in your DNS table](/dns/manage-dns-records/how-to/create-dns-records/), including the value of the record, the record's [proxy eligibility](/dns/manage-dns-records/reference/proxied-dns-records/#proxy-eligibility), and its [proxy status](/dns/manage-dns-records/reference/proxied-dns-records/). -If the [domain's status](/dns/zone-setups/reference/domain-status/) is active and the queried DNS record is set to `proxied`, then Cloudflare responds with an [anycast IP address](/fundamentals/concepts/cloudflare-ip-addresses/), **instead of** the value defined in your DNS table. This effectively re-routes the `HTTP/HTTPS` requests to the Cloudflare network, instead of directly reaching the targeted the [origin server](https://www.cloudflare.com/learning/cdn/glossary/origin-server/). +If the [domain's status](/dns/zone-setups/reference/domain-status/) is active and the queried DNS record is set to `proxied`, then Cloudflare responds with an [anycast IP address](/fundamentals/concepts/cloudflare-ip-addresses/), **instead of** the value defined in your DNS table. This effectively re-routes the HTTP/HTTPS requests to the Cloudflare network, instead of directly reaching the targeted the [origin server](https://www.cloudflare.com/learning/cdn/glossary/origin-server/). -In contrast, if the queried DNS record is set to `DNS only`, meaning the proxy is off, then Cloudflare responds with the value defined in your DNS table (that is, an IP address or CNAME record). This means `HTTP/HTTPS` requests route directly to the origin server and are not processed or protected by Cloudflare. +In contrast, if the queried DNS record is set to `DNS only`, meaning the proxy is off, then Cloudflare responds with the value defined in your DNS table (that is, an IP address or CNAME record). This means HTTP/HTTPS requests route directly to the origin server and are not processed or protected by Cloudflare. ### How Cloudflare works as a reverse proxy -All DNS records in your DNS table have a [proxy status](/dns/manage-dns-records/reference/proxied-dns-records/), indicating whether or not `HTTP/HTTPS` traffic for that record will route through Cloudflare on its way between the client and the origin server. If the [domain's status](/dns/zone-setups/reference/domain-status/) is active, all `HTTP/HTTPS` requests for [proxied DNS records](/dns/manage-dns-records/reference/proxied-dns-records/#proxied-records) route through Cloudflare. +All DNS records in your DNS table have a [proxy status](/dns/manage-dns-records/reference/proxied-dns-records/), indicating whether or not HTTP/HTTPS traffic for that record will route through Cloudflare on its way between the client and the origin server. If the [domain's status](/dns/zone-setups/reference/domain-status/) is active, all HTTP/HTTPS requests for [proxied DNS records](/dns/manage-dns-records/reference/proxied-dns-records/#proxied-records) route through Cloudflare. As these requests pass through our network, they are processed according to your [configuration](/fundamentals/setup/manage-domains/connect-your-domain/#domain-configurations). Subsequently, legitimate requests are forwarded to the origin server. Refer to our [Load Balancing reference architecture](/reference-architecture/architectures/load-balancing/) to learn more about advanced ways to forward traffic to your origins (or other endpoints), as well as our [CDN reference architecture](/reference-architecture/architectures/cdn/) to learn more about how Cloudflare processes and optimizes your web traffic. -:::note - -Proxying is on by default for records that serve `HTTP/HTTPS` traffic (`A`, `AAAA`, and `CNAME` records). To proxy `HTTP/HTTPS` traffic on [non-standard ports](/fundamentals/reference/network-ports/) or to proxy a `TCP-` or `UDP-` based application, use [Cloudflare Spectrum](/spectrum/). -::: - In the Cloudflare dashboard, find out which DNS records are proxied by selecting your domain and navigating to the **DNS records** tab. -#### Example DNS table - -| Type | Name | Content | Proxy status | TTL | Actions | -| :--: | :----: | :---------: | :----------: | :----: | ------: | -| `A` | `blog` | `192.0.2.1` | `Proxied` | `Auto` | `Edit` | -| `A` | `shop` | `192.0.2.2` | `DNS only` | `Auto` | `Edit` | - -In the example DNS table above, there are two DNS records. The record with the name `blog` has the proxy on, while the record named `shop` has the proxy off (that is, `DNS only`). - -#### Proxied DNS record example - -When the browser initiates a `HTTP/HTTPS` request to `blog.example.com`, a DNS resolver will convert the hostname into an IP address. Since this domain is using Cloudflare as its Authoritative DNS provider, the DNS query will be routed to Cloudflare; and because the proxy is on, Cloudflare will answer with an anycast IP address. Subsequently, the browser initiates a `HTTP/HTTPS` request back to Cloudflare. When Cloudflare receives this request, it performs a lookup to find the matching domain and account configuration and processes the request accordingly. Cloudflare forwards it to the configured origin server, which is `192.0.2.1`. - -#### DNS only record example +#### Protocols, ports, and methods -When the browser initiates a `HTTP/HTTPS` request to `shop.example.com`, a DNS resolver will convert the hostname into an IP address. Since this domain is using Cloudflare as its Authoritative DNS provider, the DNS query will be routed to Cloudflare; but since the proxy is off (that is, `DNS only`), Cloudflare will answer with `192.0.2.2`. Finally, the browser initiates a `HTTP/HTTPS` request to the server hosted at `192.0.2.2`. -#### HTTP methods Cloudflare supports +Proxying is on by default for records that serve HTTP/HTTPS traffic (A, AAAA, and CNAME records). To proxy HTTP/HTTPS traffic on [non-standard ports](/fundamentals/reference/network-ports/) or to proxy a TCP- or UDP- based application, use [Cloudflare Spectrum](/spectrum/). Cloudflare supports all standard HTTP methods, with the exception of `CONNECT`, `TRACE`, and `PURGE`, which are restricted. \ No newline at end of file From 43d0345ef0672f2f6fcf6479bdec398a36154e9e Mon Sep 17 00:00:00 2001 From: Rebecca Tamachiro Date: Thu, 23 Jan 2025 15:13:25 +0000 Subject: [PATCH 08/16] Review about-proxying improving structure and formatting --- .../proxy-status/about-proxying.mdx | 36 ++++++++++++------- 1 file changed, 23 insertions(+), 13 deletions(-) diff --git a/src/content/docs/dns/manage-dns-records/proxy-status/about-proxying.mdx b/src/content/docs/dns/manage-dns-records/proxy-status/about-proxying.mdx index ce2e2f741b3d6c8..355dee280133ea4 100644 --- a/src/content/docs/dns/manage-dns-records/proxy-status/about-proxying.mdx +++ b/src/content/docs/dns/manage-dns-records/proxy-status/about-proxying.mdx @@ -6,13 +6,14 @@ sidebar: label: About --- -import { Render } from "~/components"; +import { Render, Example } from "~/components"; -The **Proxy status** of a DNS record affects how Cloudflare treats incoming traffic to that record. Cloudflare recommends enabling our proxy for all [A, AAAA, and CNAME](/dns/manage-dns-records/reference/dns-record-types/#ip-address-resolution) records that are used for serving web traffic. +The **Proxy status** of a DNS record affects how Cloudflare treats incoming traffic to that record. -![Proxy status affects how Cloudflare treats traffic intended for specific DNS records](~/assets/images/dns/proxy-status-screenshot.png) -When you proxy specific DNS records through Cloudflare - specifically A, AAAA, or CNAME records — DNS queries for these will resolve to Cloudflare anycast IPs instead of their original DNS target. This means that all requests intended for proxied hostnames will go to Cloudflare first and then be forwarded to your origin server. +### Proxied records + +When you proxy DNS records through Cloudflare — specifically [A, AAAA, or CNAME records](/dns/manage-dns-records/reference/dns-record-types/#ip-address-resolution) — Cloudflare responds with an [anycast IP address](/fundamentals/concepts/cloudflare-ip-addresses/) **instead of** the value defined on your [DNS table](/dns/manage-dns-records/#dns-records-table). This means that all requests intended for proxied hostnames will go to Cloudflare first and then be forwarded to your origin server. ```mermaid flowchart LR @@ -22,25 +23,34 @@ A[Visitor] <-- Connection --> B[Cloudflare global network] <-- Connection --> C[ This behavior allows Cloudflare to [optimize, cache, and protect](/fundamentals/concepts/how-cloudflare-works/) all requests to your application, as well as protect your origin server from [DDoS attacks](https://www.cloudflare.com/learning/ddos/what-is-a-ddos-attack/). -## DNS-only records +Cloudflare recommends enabling our proxy for all [A, AAAA, and CNAME](/dns/manage-dns-records/reference/dns-record-types/#ip-address-resolution) records that are used for serving web traffic. Refer to [Proxied DNS records](/dns/manage-dns-records/proxy-status/proxied-records/) for details and expected behavior. + +### DNS-only records -When an A, AAAA, or CNAME record is **DNS-only** — also known as being gray-clouded — DNS queries for these will resolve to the record's normal IP address. +When an A, AAAA, or CNAME record is **DNS-only** (also known as being gray-clouded), DNS queries for this record will resolve to the record's normal IP address. In addition to potentially exposing your origin IP addresses to bad actors and [DDoS attacks](https://www.cloudflare.com/learning/ddos/what-is-a-ddos-attack/), leaving your records as **DNS-only** means that Cloudflare cannot [optimize, cache, and protect](/fundamentals/concepts/how-cloudflare-works/) requests to your application or provide analytics on those requests. -## Example DNS table +--- + +## Detailed explanation + + + +DNS management for **example.com**: -| Type | Name | Content | Proxy status | TTL | Actions | -| :--: | :----: | :---------: | :----------: | :----: | ------: | -| `A` | `blog` | `192.0.2.1` | `Proxied` | `Auto` | `Edit` | -| `A` | `shop` | `192.0.2.2` | `DNS only` | `Auto` | `Edit` | +| Type | Name | Content | Proxy status | TTL | +| :--: | :----: | :---------: | :----------: | :----: | +| A | `blog` | `192.0.2.1` | Proxied | Auto | +| A | `shop` | `192.0.2.2` | DNS only | Auto | + In the example DNS table above, there are two DNS records. The record with the name `blog` has the proxy on, while the record named `shop` has the proxy off (that is, **DNS only**). ### Proxied DNS record example -When the browser initiates a HTTP/HTTPS request to `blog.example.com`, a DNS resolver will convert the hostname into an IP address. Since this domain is using Cloudflare as its Authoritative DNS provider, the DNS query will be routed to Cloudflare; and because the proxy is on, Cloudflare will answer with an anycast IP address. Subsequently, the browser initiates a HTTP/HTTPS request back to Cloudflare. When Cloudflare receives this request, it performs a lookup to find the matching domain and account configuration and processes the request accordingly. Cloudflare forwards it to the configured origin server, which is `192.0.2.1`. +When a browser initiates an HTTP/HTTPS request to `blog.example.com`, a DNS resolver will convert the hostname into an IP address. Since this domain is using Cloudflare as its authoritative DNS provider, the DNS query will be routed to Cloudflare; and because the proxy is on, Cloudflare will answer with an anycast IP address. Subsequently, the browser initiates an HTTP/HTTPS request back to Cloudflare. When Cloudflare receives this request, it performs a lookup to find the matching domain and account configuration and processes the request accordingly. When needed, Cloudflare forwards the request to the configured origin server, which is `192.0.2.1`. ### DNS only record example -When the browser initiates a HTTP/HTTPS request to `shop.example.com`, a DNS resolver will convert the hostname into an IP address. Since this domain is using Cloudflare as its Authoritative DNS provider, the DNS query will be routed to Cloudflare; but since the proxy is off (that is, **DNS only**), Cloudflare will answer with `192.0.2.2`. Finally, the browser initiates a HTTP/HTTPS request to the server hosted at `192.0.2.2`. \ No newline at end of file +When the browser initiates an HTTP/HTTPS request to `shop.example.com`, a DNS resolver will convert the hostname into an IP address. Since this domain is using Cloudflare as its authoritative DNS provider, the DNS query will be routed to Cloudflare; but since the proxy is off (that is, **DNS only**), Cloudflare will answer with `192.0.2.2`. Finally, the browser initiates an HTTP/HTTPS request to the server hosted at `192.0.2.2`. \ No newline at end of file From 883ce647b2f60535238988d520eadef5385afb4d Mon Sep 17 00:00:00 2001 From: Rebecca Tamachiro Date: Mon, 27 Jan 2025 17:44:54 +0000 Subject: [PATCH 09/16] Move detailed example to partials and add back in Fundamentals --- .../proxy-status/about-proxying.mdx | 20 +++++-------------- .../concepts/how-cloudflare-works.mdx | 15 ++++++++++++-- .../partials/dns/proxy-off-example.mdx | 6 ++++++ src/content/partials/dns/proxy-on-example.mdx | 6 ++++++ .../partials/dns/proxy-status-dns-table.mdx | 18 +++++++++++++++++ 5 files changed, 48 insertions(+), 17 deletions(-) create mode 100644 src/content/partials/dns/proxy-off-example.mdx create mode 100644 src/content/partials/dns/proxy-on-example.mdx create mode 100644 src/content/partials/dns/proxy-status-dns-table.mdx diff --git a/src/content/docs/dns/manage-dns-records/proxy-status/about-proxying.mdx b/src/content/docs/dns/manage-dns-records/proxy-status/about-proxying.mdx index 355dee280133ea4..12c293ebaaf386e 100644 --- a/src/content/docs/dns/manage-dns-records/proxy-status/about-proxying.mdx +++ b/src/content/docs/dns/manage-dns-records/proxy-status/about-proxying.mdx @@ -35,22 +35,12 @@ In addition to potentially exposing your origin IP addresses to bad actors and [ ## Detailed explanation - + -DNS management for **example.com**: +### Proxied record example -| Type | Name | Content | Proxy status | TTL | -| :--: | :----: | :---------: | :----------: | :----: | -| A | `blog` | `192.0.2.1` | Proxied | Auto | -| A | `shop` | `192.0.2.2` | DNS only | Auto | - + -In the example DNS table above, there are two DNS records. The record with the name `blog` has the proxy on, while the record named `shop` has the proxy off (that is, **DNS only**). +### DNS-only record example -### Proxied DNS record example - -When a browser initiates an HTTP/HTTPS request to `blog.example.com`, a DNS resolver will convert the hostname into an IP address. Since this domain is using Cloudflare as its authoritative DNS provider, the DNS query will be routed to Cloudflare; and because the proxy is on, Cloudflare will answer with an anycast IP address. Subsequently, the browser initiates an HTTP/HTTPS request back to Cloudflare. When Cloudflare receives this request, it performs a lookup to find the matching domain and account configuration and processes the request accordingly. When needed, Cloudflare forwards the request to the configured origin server, which is `192.0.2.1`. - -### DNS only record example - -When the browser initiates an HTTP/HTTPS request to `shop.example.com`, a DNS resolver will convert the hostname into an IP address. Since this domain is using Cloudflare as its authoritative DNS provider, the DNS query will be routed to Cloudflare; but since the proxy is off (that is, **DNS only**), Cloudflare will answer with `192.0.2.2`. Finally, the browser initiates an HTTP/HTTPS request to the server hosted at `192.0.2.2`. \ No newline at end of file + \ No newline at end of file diff --git a/src/content/docs/fundamentals/concepts/how-cloudflare-works.mdx b/src/content/docs/fundamentals/concepts/how-cloudflare-works.mdx index 93c31f283fcf974..79f91fb4b83ed98 100644 --- a/src/content/docs/fundamentals/concepts/how-cloudflare-works.mdx +++ b/src/content/docs/fundamentals/concepts/how-cloudflare-works.mdx @@ -6,7 +6,7 @@ sidebar: --- -import { GlossaryTooltip } from "~/components" +import { GlossaryTooltip, Render } from "~/components" The [Cloudflare global network](https://www.cloudflare.com/network/) can improve the security, performance, reliability, and privacy of anything connected to the Internet, such as your website, SaaS application, or corporate network. @@ -34,8 +34,19 @@ Refer to our [Load Balancing reference architecture](/reference-architecture/arc In the Cloudflare dashboard, find out which DNS records are proxied by selecting your domain and navigating to the **DNS records** tab. -#### Protocols, ports, and methods +#### Example DNS table + + + +#### Proxied record example + + +#### DNS-only record example + + + +#### Protocols, ports, and methods Proxying is on by default for records that serve HTTP/HTTPS traffic (A, AAAA, and CNAME records). To proxy HTTP/HTTPS traffic on [non-standard ports](/fundamentals/reference/network-ports/) or to proxy a TCP- or UDP- based application, use [Cloudflare Spectrum](/spectrum/). diff --git a/src/content/partials/dns/proxy-off-example.mdx b/src/content/partials/dns/proxy-off-example.mdx new file mode 100644 index 000000000000000..4e7ff2a980b1dc1 --- /dev/null +++ b/src/content/partials/dns/proxy-off-example.mdx @@ -0,0 +1,6 @@ +--- +{} + +--- + +When a browser initiates an HTTP/HTTPS request to `shop.example.com`, a DNS resolver will convert the hostname into an IP address. Since this domain is using Cloudflare as its authoritative DNS provider, the DNS query will be routed to Cloudflare; but since the proxy is off (that is, **DNS only**), Cloudflare will answer with `192.0.2.2`. Finally, the browser initiates an HTTP/HTTPS request to the server hosted at `192.0.2.2`. \ No newline at end of file diff --git a/src/content/partials/dns/proxy-on-example.mdx b/src/content/partials/dns/proxy-on-example.mdx new file mode 100644 index 000000000000000..5e1d75e7e1bd003 --- /dev/null +++ b/src/content/partials/dns/proxy-on-example.mdx @@ -0,0 +1,6 @@ +--- +{} + +--- + +When a browser initiates an HTTP/HTTPS request to `blog.example.com`, a DNS resolver will convert the hostname into an IP address. Since this domain is using Cloudflare as its authoritative DNS provider, the DNS query will be routed to Cloudflare; and because the proxy is on, Cloudflare will answer with an anycast IP address. Subsequently, the browser initiates an HTTP/HTTPS request back to Cloudflare. When Cloudflare receives this request, it performs a lookup to find the matching domain and account configuration and processes the request accordingly. When needed, Cloudflare forwards the request to the configured origin server, which is `192.0.2.1`. \ No newline at end of file diff --git a/src/content/partials/dns/proxy-status-dns-table.mdx b/src/content/partials/dns/proxy-status-dns-table.mdx new file mode 100644 index 000000000000000..e0f7bb7aae90f30 --- /dev/null +++ b/src/content/partials/dns/proxy-status-dns-table.mdx @@ -0,0 +1,18 @@ +--- +{} + +--- + +import { Example } from "~/components"; + + + +DNS management for **example.com**: + +| Type | Name | Content | Proxy status | TTL | +| :--: | :----: | :---------: | :----------: | :----: | +| A | `blog` | `192.0.2.1` | Proxied | Auto | +| A | `shop` | `192.0.2.2` | DNS only | Auto | + + +In the example DNS table above, there are two DNS records. The record with the name `blog` has the proxy on, while the record named `shop` has the proxy off (that is, **DNS only**). \ No newline at end of file From 45b8d013e8eca6f4b31ac51abc426c76c4e1ed84 Mon Sep 17 00:00:00 2001 From: Rebecca Tamachiro Date: Mon, 27 Jan 2025 17:56:31 +0000 Subject: [PATCH 10/16] Delete original page ref and make new folder top-level --- .../proxy-status/index copy.mdx | 46 ------------------- .../proxy-status/about-proxying.mdx | 0 .../proxy-status/cloudflare-configuration.mdx | 0 .../proxy-status/index.mdx | 0 .../proxy-status/limitations.mdx | 0 .../proxy-status/proxied-records.mdx | 0 6 files changed, 46 deletions(-) delete mode 100644 src/content/docs/dns/manage-dns-records/proxy-status/index copy.mdx rename src/content/docs/dns/{manage-dns-records => }/proxy-status/about-proxying.mdx (100%) rename src/content/docs/dns/{manage-dns-records => }/proxy-status/cloudflare-configuration.mdx (100%) rename src/content/docs/dns/{manage-dns-records => }/proxy-status/index.mdx (100%) rename src/content/docs/dns/{manage-dns-records => }/proxy-status/limitations.mdx (100%) rename src/content/docs/dns/{manage-dns-records => }/proxy-status/proxied-records.mdx (100%) diff --git a/src/content/docs/dns/manage-dns-records/proxy-status/index copy.mdx b/src/content/docs/dns/manage-dns-records/proxy-status/index copy.mdx deleted file mode 100644 index 00743e38de0f8de..000000000000000 --- a/src/content/docs/dns/manage-dns-records/proxy-status/index copy.mdx +++ /dev/null @@ -1,46 +0,0 @@ ---- -pcx_content_type: concept -title: Previous page (delete after) -sidebar: - order: 15 - label: Ref - delete after - hidden: true ---- - -import { Render } from "~/components"; - -The **Proxy status** of a DNS record affects how Cloudflare treats incoming traffic to that record. Cloudflare recommends enabling our proxy for all [A, AAAA, and CNAME](/dns/manage-dns-records/reference/dns-record-types/#ip-address-resolution) records that are used for serving web traffic. - -![Proxy status affects how Cloudflare treats traffic intended for specific DNS records](~/assets/images/dns/proxy-status-screenshot.png) - -## How proxying works - -*** - -## Proxied records - - - - - -### Protocol optimization - -For proxied records, if your domain has [HTTP/2 or HTTP/3 enabled](/speed/optimization/protocol/), Cloudflare automatically generates corresponding [HTTPS Service (HTTPS) records](/dns/manage-dns-records/reference/dns-record-types/#svcb-and-https) on the fly. HTTPS records allow you to provide a client with information about how it should connect to a server upfront, without the need of an initial plaintext HTTP connection. - -:::note -Both HTTP/2 and HTTP/3 configurations also require that you have an SSL/TLS certificate served by Cloudflare. This means that disabling [Universal SSL](/ssl/edge-certificates/universal-ssl/), for example, could impact this behavior. -::: - -### Limitations - - - -*** - -## DNS-only records - -When an `A`, `AAAA`, or `CNAME` record is **DNS-only** — also known as being gray-clouded — DNS queries for these will resolve to the record's normal IP address. - - - -In addition to potentially exposing your origin IP addresses to bad actors and [DDoS attacks](https://www.cloudflare.com/learning/ddos/what-is-a-ddos-attack/), leaving your records as **DNS-only** means that Cloudflare cannot [optimize, cache, and protect](/fundamentals/concepts/how-cloudflare-works/) requests to your application or provide analytics on those requests. diff --git a/src/content/docs/dns/manage-dns-records/proxy-status/about-proxying.mdx b/src/content/docs/dns/proxy-status/about-proxying.mdx similarity index 100% rename from src/content/docs/dns/manage-dns-records/proxy-status/about-proxying.mdx rename to src/content/docs/dns/proxy-status/about-proxying.mdx diff --git a/src/content/docs/dns/manage-dns-records/proxy-status/cloudflare-configuration.mdx b/src/content/docs/dns/proxy-status/cloudflare-configuration.mdx similarity index 100% rename from src/content/docs/dns/manage-dns-records/proxy-status/cloudflare-configuration.mdx rename to src/content/docs/dns/proxy-status/cloudflare-configuration.mdx diff --git a/src/content/docs/dns/manage-dns-records/proxy-status/index.mdx b/src/content/docs/dns/proxy-status/index.mdx similarity index 100% rename from src/content/docs/dns/manage-dns-records/proxy-status/index.mdx rename to src/content/docs/dns/proxy-status/index.mdx diff --git a/src/content/docs/dns/manage-dns-records/proxy-status/limitations.mdx b/src/content/docs/dns/proxy-status/limitations.mdx similarity index 100% rename from src/content/docs/dns/manage-dns-records/proxy-status/limitations.mdx rename to src/content/docs/dns/proxy-status/limitations.mdx diff --git a/src/content/docs/dns/manage-dns-records/proxy-status/proxied-records.mdx b/src/content/docs/dns/proxy-status/proxied-records.mdx similarity index 100% rename from src/content/docs/dns/manage-dns-records/proxy-status/proxied-records.mdx rename to src/content/docs/dns/proxy-status/proxied-records.mdx From 92920bb7b645eab3c6546fd5ca44b0c9e6a55e9f Mon Sep 17 00:00:00 2001 From: Rebecca Tamachiro Date: Mon, 27 Jan 2025 18:07:21 +0000 Subject: [PATCH 11/16] Reorder folders with proxying right below DNS records --- src/content/docs/dns/additional-options/index.mdx | 2 +- src/content/docs/dns/cname-flattening/index.mdx | 2 +- src/content/docs/dns/dns-firewall/index.mdx | 2 +- src/content/docs/dns/dnssec/index.mdx | 2 +- src/content/docs/dns/manage-dns-records/index.mdx | 2 +- src/content/docs/dns/proxy-status/index.mdx | 4 ++-- src/content/docs/dns/reference/index.mdx | 2 +- 7 files changed, 8 insertions(+), 8 deletions(-) diff --git a/src/content/docs/dns/additional-options/index.mdx b/src/content/docs/dns/additional-options/index.mdx index 859efd2e004be44..c5fb30c17d14853 100644 --- a/src/content/docs/dns/additional-options/index.mdx +++ b/src/content/docs/dns/additional-options/index.mdx @@ -2,7 +2,7 @@ pcx_content_type: navigation title: Additional options sidebar: - order: 8 + order: 12 group: hideIndex: true --- diff --git a/src/content/docs/dns/cname-flattening/index.mdx b/src/content/docs/dns/cname-flattening/index.mdx index 279123e2a01359e..dcdd96e576dce45 100644 --- a/src/content/docs/dns/cname-flattening/index.mdx +++ b/src/content/docs/dns/cname-flattening/index.mdx @@ -2,7 +2,7 @@ pcx_content_type: concept title: CNAME flattening sidebar: - order: 7 + order: 9 label: About --- diff --git a/src/content/docs/dns/dns-firewall/index.mdx b/src/content/docs/dns/dns-firewall/index.mdx index bf8ea2038e8cd4f..b317368616bf1d3 100644 --- a/src/content/docs/dns/dns-firewall/index.mdx +++ b/src/content/docs/dns/dns-firewall/index.mdx @@ -2,7 +2,7 @@ pcx_content_type: overview title: DNS Firewall sidebar: - order: 10 + order: 15 --- diff --git a/src/content/docs/dns/dnssec/index.mdx b/src/content/docs/dns/dnssec/index.mdx index 117ca005f7c1dc5..b7926b4e79dbe74 100644 --- a/src/content/docs/dns/dnssec/index.mdx +++ b/src/content/docs/dns/dnssec/index.mdx @@ -2,7 +2,7 @@ pcx_content_type: how-to title: DNSSEC sidebar: - order: 6 + order: 8 --- diff --git a/src/content/docs/dns/manage-dns-records/index.mdx b/src/content/docs/dns/manage-dns-records/index.mdx index 284b3d391336b23..ae78fd625c0f02a 100644 --- a/src/content/docs/dns/manage-dns-records/index.mdx +++ b/src/content/docs/dns/manage-dns-records/index.mdx @@ -2,7 +2,7 @@ pcx_content_type: navigation title: DNS records sidebar: - order: 5 + order: 6 --- diff --git a/src/content/docs/dns/proxy-status/index.mdx b/src/content/docs/dns/proxy-status/index.mdx index d5b239c71d5fb3f..157f2426a154e36 100644 --- a/src/content/docs/dns/proxy-status/index.mdx +++ b/src/content/docs/dns/proxy-status/index.mdx @@ -1,8 +1,8 @@ --- pcx_content_type: concept -title: Proxy status +title: Proxying sidebar: - order: 2 + order: 7 group: hideIndex: true --- diff --git a/src/content/docs/dns/reference/index.mdx b/src/content/docs/dns/reference/index.mdx index f6532619e768ef7..a70fda65ea847fc 100644 --- a/src/content/docs/dns/reference/index.mdx +++ b/src/content/docs/dns/reference/index.mdx @@ -2,7 +2,7 @@ pcx_content_type: navigation title: Reference sidebar: - order: 11 + order: 16 group: hideIndex: true --- From 78b7bdea79e38b5e08a7d58a03cbeeae9f36bcf1 Mon Sep 17 00:00:00 2001 From: Rebecca Tamachiro Date: Tue, 28 Jan 2025 10:00:12 +0000 Subject: [PATCH 12/16] Recap records def, adjust titles, and better separate explanation from value --- .../docs/dns/proxy-status/about-proxying.mdx | 35 ++++++++++++------- .../proxy-status/cloudflare-configuration.mdx | 2 +- src/content/docs/dns/proxy-status/index.mdx | 3 +- 3 files changed, 26 insertions(+), 14 deletions(-) diff --git a/src/content/docs/dns/proxy-status/about-proxying.mdx b/src/content/docs/dns/proxy-status/about-proxying.mdx index 12c293ebaaf386e..5a99097a30c246c 100644 --- a/src/content/docs/dns/proxy-status/about-proxying.mdx +++ b/src/content/docs/dns/proxy-status/about-proxying.mdx @@ -1,6 +1,6 @@ --- pcx_content_type: concept -title: How proxying works (TBD) +title: About proxying sidebar: order: 2 label: About @@ -8,32 +8,43 @@ sidebar: import { Render, Example } from "~/components"; -The **Proxy status** of a DNS record affects how Cloudflare treats incoming traffic to that record. +While your [DNS records](/dns/manage-dns-records/) are used to make your website or application available to visitors and other web services, the **Proxy status** of a DNS record is used to define how Cloudflare treats incoming traffic to that record. +The records you can proxy through Cloudflare are [IP address resolution records](/dns/manage-dns-records/reference/dns-record-types/#ip-address-resolution) — meaning A, AAAA, or CNAME records. Cloudflare recommends enabling our proxy for all A, AAAA, and CNAME records that are used for serving web traffic. ### Proxied records -When you proxy DNS records through Cloudflare — specifically [A, AAAA, or CNAME records](/dns/manage-dns-records/reference/dns-record-types/#ip-address-resolution) — Cloudflare responds with an [anycast IP address](/fundamentals/concepts/cloudflare-ip-addresses/) **instead of** the value defined on your [DNS table](/dns/manage-dns-records/#dns-records-table). This means that all requests intended for proxied hostnames will go to Cloudflare first and then be forwarded to your origin server. +When you set a DNS record to **Proxied**, Cloudflare can: -```mermaid -flowchart LR -accTitle: Connections with Cloudflare -A[Visitor] <-- Connection --> B[Cloudflare global network] <-- Connection --> C[Origin server] -``` +- Protect your origin server from [DDoS attacks](https://www.cloudflare.com/learning/ddos/what-is-a-ddos-attack/). +- [Optimize, cache, and protect](/fundamentals/setup/manage-domains/connect-your-domain/#domain-configurations) all requests to your application. +- Apply your configurations for a variety of [Cloudflare products](/dns/proxy-status/cloudflare-configuration/). -This behavior allows Cloudflare to [optimize, cache, and protect](/fundamentals/concepts/how-cloudflare-works/) all requests to your application, as well as protect your origin server from [DDoS attacks](https://www.cloudflare.com/learning/ddos/what-is-a-ddos-attack/). +Apart from that, proxied DNS records have specific predefined fields and expected behavior — refer to [Proxied records](/dns/manage-dns-records/proxy-status/proxied-records/) for details. -Cloudflare recommends enabling our proxy for all [A, AAAA, and CNAME](/dns/manage-dns-records/reference/dns-record-types/#ip-address-resolution) records that are used for serving web traffic. Refer to [Proxied DNS records](/dns/manage-dns-records/proxy-status/proxied-records/) for details and expected behavior. +To understand how Cloudflare responds to requests for proxied records, consider [How proxying works](/dns/proxy-status/about-proxying/#how-proxying-works) below. ### DNS-only records When an A, AAAA, or CNAME record is **DNS-only** (also known as being gray-clouded), DNS queries for this record will resolve to the record's normal IP address. -In addition to potentially exposing your origin IP addresses to bad actors and [DDoS attacks](https://www.cloudflare.com/learning/ddos/what-is-a-ddos-attack/), leaving your records as **DNS-only** means that Cloudflare cannot [optimize, cache, and protect](/fundamentals/concepts/how-cloudflare-works/) requests to your application or provide analytics on those requests. +In addition to potentially exposing your origin IP addresses to bad actors and [DDoS attacks](https://www.cloudflare.com/learning/ddos/what-is-a-ddos-attack/), leaving your records as **DNS-only** means that: + +- Cloudflare cannot [optimize, cache, and protect](/fundamentals/setup/manage-domains/connect-your-domain/#domain-configurations) requests to your domain. +- Cloudflare cannot provide analytics on those requests. +- Your configuration for a variety of [Cloudflare products](/dns/proxy-status/cloudflare-configuration/) will not be applied. --- -## Detailed explanation +## How proxying works + +```mermaid +flowchart LR +accTitle: Connections with Cloudflare +A[Visitor] <-- Connection --> B[Cloudflare global network] <-- Connection --> C[Origin server] +``` + +When you set a DNS record to **Proxied**, Cloudflare responds with an [anycast IP address](/fundamentals/concepts/cloudflare-ip-addresses/) **instead of** the value defined on your [DNS table](/dns/manage-dns-records/#dns-records-table). This means that all requests intended for proxied hostnames will go to Cloudflare first and then be forwarded to your origin server. diff --git a/src/content/docs/dns/proxy-status/cloudflare-configuration.mdx b/src/content/docs/dns/proxy-status/cloudflare-configuration.mdx index ab5a687461b6fce..7a2f4e6e984a0fd 100644 --- a/src/content/docs/dns/proxy-status/cloudflare-configuration.mdx +++ b/src/content/docs/dns/proxy-status/cloudflare-configuration.mdx @@ -1,6 +1,6 @@ --- pcx_content_type: reference -title: Products that require proxied records +title: Products that require proxying sidebar: order: 4 label: Cloudflare configuration diff --git a/src/content/docs/dns/proxy-status/index.mdx b/src/content/docs/dns/proxy-status/index.mdx index 157f2426a154e36..107d37c27a49629 100644 --- a/src/content/docs/dns/proxy-status/index.mdx +++ b/src/content/docs/dns/proxy-status/index.mdx @@ -1,10 +1,11 @@ --- pcx_content_type: concept -title: Proxying +title: Proxy status sidebar: order: 7 group: hideIndex: true + label: Proxying --- import { DirectoryListing } from "~/components"; From 69b9dd9aed8ad226d1797d7517fcf46bdc7d3c2a Mon Sep 17 00:00:00 2001 From: Rebecca Tamachiro Date: Wed, 29 Jan 2025 15:54:09 +0000 Subject: [PATCH 13/16] Review and add intro to proxied-records --- .../docs/dns/proxy-status/proxied-records.mdx | 28 ++++++++++++++----- 1 file changed, 21 insertions(+), 7 deletions(-) diff --git a/src/content/docs/dns/proxy-status/proxied-records.mdx b/src/content/docs/dns/proxy-status/proxied-records.mdx index 1b54d1a9b68b2b5..b4c84c1a906225a 100644 --- a/src/content/docs/dns/proxy-status/proxied-records.mdx +++ b/src/content/docs/dns/proxy-status/proxied-records.mdx @@ -6,7 +6,7 @@ sidebar: label: Proxied records --- -import { Render } from "~/components"; +import { Render, Details, Example, GlossaryTooltip } from "~/components"; :::caution[TEMP WIP NOTE] Not too sure about the name. The idea would be to document any "expected behavior" for proxied records here @@ -14,24 +14,38 @@ Not too sure about the name. The idea would be to document any "expected behavio More details of how the DNS record proxy status interacts with other Cloudflare configurations. Besides content below (pulled from previously existing page), things like O2O, BYOIP address maps, etc, could go here. ::: +The sections below describe specific behaviors and expected outcomes when you have DNS records set to proxied. For further context, refer to [About proxying](/dns/proxy-status/about-proxying/). + ## Predefined time to live -By default, all [proxied records](/dns/manage-dns-records/reference/proxied-dns-records/) have a TTL of **Auto**, which is set to 300 seconds. +By default, all [proxied records](/dns/proxy-status/about-proxying/#proxied-records) have a time to live (TTL) of **Auto**, which is set to 300 seconds. -Since only [IP resolution records](/dns/manage-dns-records/reference/dns-record-types/#ip-address-resolution) can be proxied, this setting ensures that queries to your domain name resolve fairly quickly. This setting also means that any changes to proxied `A`, `AAAA`, or `CNAME` records will take place within five minutes or less. +Since only [IP resolution records](/dns/manage-dns-records/reference/dns-record-types/#ip-address-resolution) can be proxied, this setting ensures that queries to your domain name resolve fairly quickly. This setting also means that any changes to proxied A, AAAA, or CNAME records will take place within five minutes or less. :::note +It may take longer than five minutes for you to actually experience record changes, as your local DNS cache may take longer to update. +::: +## Mix proxied and unproxied -It may take longer than 5 minutes for you to actually experience record changes, as your local DNS cache may take longer to update. +If you have multiple A or AAAA records on the same name and at least one of them is proxied, Cloudflare will treat all A or AAAA records on this name as being proxied. +
-::: + +DNS management for **example.com**: -## Mix proxied and unproxied +| Type | Name | Content | Proxy status | TTL | +| ---- | ------- | ------------ | ------------ | ------ | +| A | `blog` | `192.0.2.1` | Proxied | Auto | +| A | `blog` | `192.0.2.5` | DNS only | Auto | + +In this example, all traffic intended for `blog.example.com` will be treated as if both records were [proxied](/dns/proxy-status/about-proxying/#proxied-records). + + -If you have multiple `A/AAAA` records on the same name and at least one of them is proxied, Cloudflare will treat all `A/AAAA` records on this name as being proxied. +
## Protocol optimization From 7e66457a16d1ae23c265ec89e7ccba9b1316008f Mon Sep 17 00:00:00 2001 From: Rebecca Tamachiro Date: Wed, 29 Jan 2025 16:41:31 +0000 Subject: [PATCH 14/16] Move IP addresses back to main page and add Aegis --- .../docs/dns/proxy-status/about-proxying.mdx | 13 ++++++++++++- .../docs/dns/proxy-status/proxied-records.mdx | 16 +--------------- 2 files changed, 13 insertions(+), 16 deletions(-) diff --git a/src/content/docs/dns/proxy-status/about-proxying.mdx b/src/content/docs/dns/proxy-status/about-proxying.mdx index 5a99097a30c246c..30e8aa1fdfedb80 100644 --- a/src/content/docs/dns/proxy-status/about-proxying.mdx +++ b/src/content/docs/dns/proxy-status/about-proxying.mdx @@ -54,4 +54,15 @@ When you set a DNS record to **Proxied**, Cloudflare responds with an [anycast I ### DNS-only record example - \ No newline at end of file + + +--- + +## IP addresses + +Because requests to proxied hostnames go through Cloudflare before reaching your origin server, all requests will appear to be coming from Cloudflare's IP addresses (and could potentially be blocked or rate limited). If you use proxied records, you may need to adjust your server configuration to [allow Cloudflare IPs](/fundamentals/concepts/cloudflare-ip-addresses/). + +Cloudflare anycast IPs used to proxy traffic on your domain are assigned automatically. These IPs might change at any time for operational reasons. +If you need to allowlist Cloudflare IPs on your infrastructure or hosting provider, include the full list of [Cloudflare anycast IPs](https://www.cloudflare.com/ips/). + +As an Enterprise customer, you have the option to get [static IPs](/spectrum/about/static-ip/) or [bring your own IPs (BYOIP)](/byoip/). Aegis gives you an option to get dedicated IPs for egress as well. \ No newline at end of file diff --git a/src/content/docs/dns/proxy-status/proxied-records.mdx b/src/content/docs/dns/proxy-status/proxied-records.mdx index b4c84c1a906225a..8d0116d5f353a0b 100644 --- a/src/content/docs/dns/proxy-status/proxied-records.mdx +++ b/src/content/docs/dns/proxy-status/proxied-records.mdx @@ -53,18 +53,4 @@ For proxied records, if your domain has [HTTP/2 or HTTP/3 enabled](/speed/optimi :::note Both HTTP/2 and HTTP/3 configurations also require that you have an SSL/TLS certificate served by Cloudflare. This means that disabling [Universal SSL](/ssl/edge-certificates/universal-ssl/), for example, could impact this behavior. -::: - -## IP addresses - -:::caution[Note to self] -Consider not going into detail about ingress vs egress here. Maybe a better option would be making note of that while mentioning Address Maps in cloudflare-configuration.mdx -::: - - -Because requests to proxied hostnames go through Cloudflare before reaching your origin server, all requests will appear to be coming from Cloudflare's IP addresses (and could potentially be blocked or rate limited). If you use proxied records, you may need to adjust your server configuration to [allow Cloudflare IPs](/fundamentals/concepts/cloudflare-ip-addresses/). - -Cloudflare anycast IPs used to proxy traffic on your domain are assigned automatically. These IPs might change at any time for operational reasons. -If you need to allowlist Cloudflare IPs on your infrastructure or hosting provider, include the full list of [Cloudflare anycast IPs](https://www.cloudflare.com/ips/). - -As an Enterprise customer, you have the option to get [static IPs](/spectrum/about/static-ip/) or [bring your own IPs (BYOIP)](/byoip/). \ No newline at end of file +::: \ No newline at end of file From bea80aff71f9c8b7ae80f28f3aa35f31f12dd9a7 Mon Sep 17 00:00:00 2001 From: Rebecca Tamachiro Date: Wed, 29 Jan 2025 18:36:21 +0000 Subject: [PATCH 15/16] Separate allowlist use case from Static IP and BYOIP --- .../docs/dns/proxy-status/about-proxying.mdx | 22 ++++++++++--------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/src/content/docs/dns/proxy-status/about-proxying.mdx b/src/content/docs/dns/proxy-status/about-proxying.mdx index 30e8aa1fdfedb80..7e1c1fa905f163f 100644 --- a/src/content/docs/dns/proxy-status/about-proxying.mdx +++ b/src/content/docs/dns/proxy-status/about-proxying.mdx @@ -38,12 +38,6 @@ In addition to potentially exposing your origin IP addresses to bad actors and [ ## How proxying works -```mermaid -flowchart LR -accTitle: Connections with Cloudflare -A[Visitor] <-- Connection --> B[Cloudflare global network] <-- Connection --> C[Origin server] -``` - When you set a DNS record to **Proxied**, Cloudflare responds with an [anycast IP address](/fundamentals/concepts/cloudflare-ip-addresses/) **instead of** the value defined on your [DNS table](/dns/manage-dns-records/#dns-records-table). This means that all requests intended for proxied hostnames will go to Cloudflare first and then be forwarded to your origin server. @@ -60,9 +54,17 @@ When you set a DNS record to **Proxied**, Cloudflare responds with an [anycast I ## IP addresses -Because requests to proxied hostnames go through Cloudflare before reaching your origin server, all requests will appear to be coming from Cloudflare's IP addresses (and could potentially be blocked or rate limited). If you use proxied records, you may need to adjust your server configuration to [allow Cloudflare IPs](/fundamentals/concepts/cloudflare-ip-addresses/). +Because requests to proxied records go through Cloudflare before reaching your origin server, traditionally all requests will appear to be coming from Cloudflare's IP addresses and could be blocked or rate limited. Refer to [allow Cloudflare IPs](/fundamentals/concepts/cloudflare-ip-addresses/) to learn how to adjust your server configuration. + +```mermaid +flowchart LR +accTitle: Connections with Cloudflare +A[Client] <-- Connection --> B[Cloudflare global network] <-- Connection --> C[Origin server] +``` + +Cloudflare anycast IPs used to proxy traffic on your domain are assigned automatically and can change at any time for operational reasons. By default, if you need to allowlist Cloudflare IPs on your infrastructure or hosting provider, you should include the full list of [Cloudflare anycast IPs](https://www.cloudflare.com/ips/). -Cloudflare anycast IPs used to proxy traffic on your domain are assigned automatically. These IPs might change at any time for operational reasons. -If you need to allowlist Cloudflare IPs on your infrastructure or hosting provider, include the full list of [Cloudflare anycast IPs](https://www.cloudflare.com/ips/). +Alternatively, if you are an Enterprise customer, you have the following options: -As an Enterprise customer, you have the option to get [static IPs](/spectrum/about/static-ip/) or [bring your own IPs (BYOIP)](/byoip/). Aegis gives you an option to get dedicated IPs for egress as well. \ No newline at end of file +- [Cloudflare Aegis](/aegis/) allows you to get dedicated IPs for the connection between Cloudflare and your origin server, meaning you only have to allowlist a small number of IPs. +- [Static IPs](/byoip/concepts/static-ips/) or [bring your own IPs (BYOIP)](/byoip/) allow you to specify what IPs should be used in the connection between clients and Cloudflare. \ No newline at end of file From d9946bf09ddd1a65aa4e01c40034fbeda2833239 Mon Sep 17 00:00:00 2001 From: Rebecca Tamachiro Date: Fri, 31 Jan 2025 14:30:31 +0000 Subject: [PATCH 16/16] Mention proxying on by dafault as per Abby's suggestion --- src/content/docs/dns/proxy-status/about-proxying.mdx | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/content/docs/dns/proxy-status/about-proxying.mdx b/src/content/docs/dns/proxy-status/about-proxying.mdx index 7e1c1fa905f163f..30e8488645cbcc7 100644 --- a/src/content/docs/dns/proxy-status/about-proxying.mdx +++ b/src/content/docs/dns/proxy-status/about-proxying.mdx @@ -10,7 +10,9 @@ import { Render, Example } from "~/components"; While your [DNS records](/dns/manage-dns-records/) are used to make your website or application available to visitors and other web services, the **Proxy status** of a DNS record is used to define how Cloudflare treats incoming traffic to that record. -The records you can proxy through Cloudflare are [IP address resolution records](/dns/manage-dns-records/reference/dns-record-types/#ip-address-resolution) — meaning A, AAAA, or CNAME records. Cloudflare recommends enabling our proxy for all A, AAAA, and CNAME records that are used for serving web traffic. +The records you can proxy through Cloudflare are [IP address resolution records](/dns/manage-dns-records/reference/dns-record-types/#ip-address-resolution) — meaning A, AAAA, or CNAME records. + +Proxying is on by default (for the applicable records) when you onboard a domain via the dashboard. Cloudflare recommends setting to proxied all A, AAAA, and CNAME records that are used for serving web traffic. ### Proxied records