diff --git a/public/_redirects b/public/_redirects
index a32569646afbf21..c908414ac18ed37 100644
--- a/public/_redirects
+++ b/public/_redirects
@@ -354,6 +354,7 @@
/dns/foundation-dns/graphql-analytics/ /dns/additional-options/analytics/ 301
/dns/manage-dns-records/how-to/dns-load-balancing/ /dns/manage-dns-records/how-to/round-robin-dns/ 301
/dns/manage-dns-records/how-to/create-root-domain/ /dns/manage-dns-records/how-to/create-zone-apex/ 301
+/dns/manage-dns-records/reference/proxied-dns-records/ /dns/proxy-status/ 301
/dns/reference/troubleshooting/ /dns/reference/recommended-third-party-tools/ 301
/dns/zone-setups/partial-setup/convert-partial-to-full/ /dns/zone-setups/conversions/convert-partial-to-full/ 301
/dns/zone-setups/partial-setup/convert-partial-to-secondary/ /dns/zone-setups/conversions/convert-partial-to-secondary/ 301
diff --git a/src/content/changelogs/rules.yaml b/src/content/changelogs/rules.yaml
index 1b55e3f79a5100b..d2739947822ef4b 100644
--- a/src/content/changelogs/rules.yaml
+++ b/src/content/changelogs/rules.yaml
@@ -37,7 +37,7 @@ entries:
- publish_date: "2024-09-20"
title: Automatic DNS Validation for Cloudflare Rules
description: |-
- The Cloudflare dashboard now automatically validates [DNS records](/dns/manage-dns-records/reference/proxied-dns-records/) and [Cloudflare for SaaS custom hostnames](/cloudflare-for-platforms/cloudflare-for-saas/domain-support/) for rules targeting specific hostnames or URLs. To prevent misconfigured rules and ensure smoother deployments, you will get proactive warnings for missing or misconfigured DNS records and custom hostnames.
+ The Cloudflare dashboard now automatically validates [DNS records](/dns/proxy-status/) and [Cloudflare for SaaS custom hostnames](/cloudflare-for-platforms/cloudflare-for-saas/domain-support/) for rules targeting specific hostnames or URLs. To prevent misconfigured rules and ensure smoother deployments, you will get proactive warnings for missing or misconfigured DNS records and custom hostnames.
- publish_date: "2024-09-17"
title: Compression Rules available to all plans with Zstandard support
diff --git a/src/content/changelogs/trace.yaml b/src/content/changelogs/trace.yaml
index 7fc81ea203b7dc8..77839bccd333208 100644
--- a/src/content/changelogs/trace.yaml
+++ b/src/content/changelogs/trace.yaml
@@ -18,4 +18,4 @@ entries:
- publish_date: "2024-03-12"
title: Cloudflare Trace now supports grey-clouded hostnames
description: |-
- Even if the hostname is [not proxied by Cloudflare](/dns/manage-dns-records/reference/proxied-dns-records/#dns-only-records), Cloudflare Trace will now return all the configurations that Cloudflare would have applied to the request.
+ Even if the hostname is [not proxied by Cloudflare](/dns/proxy-status/#dns-only-records), Cloudflare Trace will now return all the configurations that Cloudflare would have applied to the request.
diff --git a/src/content/docs/byoip/service-bindings/magic-transit-with-cdn.mdx b/src/content/docs/byoip/service-bindings/magic-transit-with-cdn.mdx
index b8f4cfcb89b941f..db9da2a508b5e99 100644
--- a/src/content/docs/byoip/service-bindings/magic-transit-with-cdn.mdx
+++ b/src/content/docs/byoip/service-bindings/magic-transit-with-cdn.mdx
@@ -123,7 +123,7 @@ You can periodically check the service binding status using the [List Service Bi
## 3. Create address maps
-Once you have configured your IPs to have CDN service, you can use address maps to specify which IPs should be used by Cloudflare in DNS responses when a record is proxied.
+Once you have configured your IPs to have CDN service, you can use address maps to specify which IPs should be used by Cloudflare in DNS responses when a record is proxied.
You can choose between two different scopes:
diff --git a/src/content/docs/cache/concepts/default-cache-behavior.mdx b/src/content/docs/cache/concepts/default-cache-behavior.mdx
index 76a61b23c70adcb..6e3699e10951132 100644
--- a/src/content/docs/cache/concepts/default-cache-behavior.mdx
+++ b/src/content/docs/cache/concepts/default-cache-behavior.mdx
@@ -59,7 +59,7 @@ Cloudflare’s CDN provides several cache customization options:
-If you require a larger upload, group requests smaller than the upload thresholds or upload the full resource through an [unproxied (grey-clouded) DNS record](/dns/manage-dns-records/reference/proxied-dns-records/).
+If you require a larger upload, group requests smaller than the upload thresholds or upload the full resource through an [unproxied (grey-clouded) DNS record](/dns/proxy-status/).
### Cacheable size limits
diff --git a/src/content/docs/cache/get-started.mdx b/src/content/docs/cache/get-started.mdx
index 7f6950a3ed4c9e4..cbb83d9550a4f2b 100644
--- a/src/content/docs/cache/get-started.mdx
+++ b/src/content/docs/cache/get-started.mdx
@@ -22,7 +22,7 @@ Cloudflare caches static content based on the following factors:
* Origin headers that indicate dynamic content
* Cache rules that bypass cache on cookie
-Cloudflare only caches resources within the Cloudflare data center that serve the request. Cloudflare does not cache off-site or third-party resources, such as Facebook or Flickr, or content hosted on [unproxied (grey-clouded)](/dns/manage-dns-records/reference/proxied-dns-records/) DNS records.
+Cloudflare only caches resources within the Cloudflare data center that serve the request. Cloudflare does not cache off-site or third-party resources, such as Facebook or Flickr, or content hosted on [unproxied (grey-clouded)](/dns/proxy-status/) DNS records.
## Learn the basics
diff --git a/src/content/docs/cache/how-to/cache-rules/index.mdx b/src/content/docs/cache/how-to/cache-rules/index.mdx
index a3fdffbedf5b3ce..e2b94c790ab8b44 100644
--- a/src/content/docs/cache/how-to/cache-rules/index.mdx
+++ b/src/content/docs/cache/how-to/cache-rules/index.mdx
@@ -11,7 +11,7 @@ Cache Rules can be created in the [dashboard](/cache/how-to/cache-rules/create-d
:::note[Notes]
-Cache Rules require that you [proxy the DNS records](/dns/manage-dns-records/reference/proxied-dns-records/) of your domain (or subdomain) through Cloudflare.
+Cache Rules require that you [proxy the DNS records](/dns/proxy-status/) of your domain (or subdomain) through Cloudflare.
Rules can be versioned. Refer to the [Version Management](/version-management/) documentation for more information.
diff --git a/src/content/docs/cache/how-to/purge-cache/purge-by-tags.mdx b/src/content/docs/cache/how-to/purge-cache/purge-by-tags.mdx
index 96a17365440ffba..ea23e715114e1da 100644
--- a/src/content/docs/cache/how-to/purge-cache/purge-by-tags.mdx
+++ b/src/content/docs/cache/how-to/purge-cache/purge-by-tags.mdx
@@ -11,7 +11,7 @@ Cache-tag purging makes multi-file purging easier because you can instantly bulk
## General workflow for cache-tags
1. Add tags to the `Cache-Tag` HTTP response header from your origin web server for your web content, such as pages, static assets, etc.
-2. [Ensure your web traffic is proxied](/dns/manage-dns-records/reference/proxied-dns-records/) through Cloudflare.
+2. [Ensure your web traffic is proxied](/dns/proxy-status/) through Cloudflare.
3. Cloudflare associates the tags in the `Cache-Tag` HTTP header with the content being cached.
4. Use specific cache-tags to instantly purge your Cloudflare CDN cache of all content containing that cache-tag from your dashboard or [using our API](/api/resources/cache/methods/purge/).
5. Cloudflare forces a [cache MISS](/cache/concepts/cache-responses/#miss) on content with the purged cache-tag.
diff --git a/src/content/docs/calls/turn/custom-domains.mdx b/src/content/docs/calls/turn/custom-domains.mdx
index f065e3ef87d88fc..4e5709f3b07e66b 100644
--- a/src/content/docs/calls/turn/custom-domains.mdx
+++ b/src/content/docs/calls/turn/custom-domains.mdx
@@ -32,7 +32,7 @@ Any DNS provider, including Cloudflare DNS can be used to set up a CNAME for cus
:::note
-If Cloudflare's authoritative DNS service is used, the record must be set to [DNS-only or "grey cloud" mode](/dns/manage-dns-records/reference/proxied-dns-records/#dns-only-records).\`
+If Cloudflare's authoritative DNS service is used, the record must be set to [DNS-only or "grey cloud" mode](/dns/proxy-status/#dns-only-records).\`
:::
diff --git a/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/saas-customers/how-it-works.mdx b/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/saas-customers/how-it-works.mdx
index 670e6ee4038864f..73214b1b84dd0a7 100644
--- a/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/saas-customers/how-it-works.mdx
+++ b/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/saas-customers/how-it-works.mdx
@@ -20,7 +20,7 @@ To give the SaaS provider permission to route traffic through their zone, any cu
## With O2O
-If you have your own Cloudflare zone (`example.com`) and your zone contains a [proxied DNS record](/dns/manage-dns-records/reference/proxied-dns-records/) matching the custom hostname (`mystore.example.com`) with a **CNAME** target defined by the SaaS Provider, then O2O will be enabled.
+If you have your own Cloudflare zone (`example.com`) and your zone contains a [proxied DNS record](/dns/proxy-status/) matching the custom hostname (`mystore.example.com`) with a **CNAME** target defined by the SaaS Provider, then O2O will be enabled.
diff --git a/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/saas-customers/provider-guides/bigcommerce.mdx b/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/saas-customers/provider-guides/bigcommerce.mdx
index ff8f48b352d331f..c7ac1ce35fe500b 100644
--- a/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/saas-customers/provider-guides/bigcommerce.mdx
+++ b/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/saas-customers/provider-guides/bigcommerce.mdx
@@ -35,7 +35,7 @@ To enable O2O on your account, [create](/dns/manage-dns-records/how-to/create-dn
For more details about a BigCommerce setup, refer to their [support guide](https://support.bigcommerce.com/s/article/Cloudflare-for-Performance-and-Security?language=en_US#orange-to-orange).
-If you cannot activate your domain using [proxied DNS records](/dns/manage-dns-records/reference/proxied-dns-records/), reach out to your account team.
+If you cannot activate your domain using [proxied DNS records](/dns/proxy-status/), reach out to your account team.
:::
diff --git a/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/saas-customers/provider-guides/shopify.mdx b/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/saas-customers/provider-guides/shopify.mdx
index 6b8ef9f83a6be6a..3e830fd201694a0 100644
--- a/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/saas-customers/provider-guides/shopify.mdx
+++ b/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/saas-customers/provider-guides/shopify.mdx
@@ -35,7 +35,7 @@ To enable O2O on your account, [create](/dns/manage-dns-records/how-to/create-dn
For questions about Shopify setup, refer to their [support guide](https://help.shopify.com/en/manual/domains/add-a-domain/connecting-domains/connect-domain-manual).
-If you cannot activate your domain using [proxied DNS records](/dns/manage-dns-records/reference/proxied-dns-records/), reach out to your account team or the [Cloudflare Community](https://community.cloudflare.com).
+If you cannot activate your domain using [proxied DNS records](/dns/proxy-status/), reach out to your account team or the [Cloudflare Community](https://community.cloudflare.com).
:::
diff --git a/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/saas-customers/provider-guides/wpengine.mdx b/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/saas-customers/provider-guides/wpengine.mdx
index f20e3fd1ca094b4..ba9a2822cfafb08 100644
--- a/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/saas-customers/provider-guides/wpengine.mdx
+++ b/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/saas-customers/provider-guides/wpengine.mdx
@@ -35,7 +35,7 @@ To enable O2O for a specific hostname within a Cloudflare zone, [create](/dns/ma
For questions about WP Engine setup, refer to their [support guide](https://wpengine.com/support/wordpress-best-practice-configuring-dns-for-wp-engine/#Point_DNS_Using_CNAME_Flattening).
-If you cannot activate your domain using [proxied DNS records](/dns/manage-dns-records/reference/proxied-dns-records/), reach out to your account team.
+If you cannot activate your domain using [proxied DNS records](/dns/proxy-status/), reach out to your account team.
:::
diff --git a/src/content/docs/cloudflare-one/policies/gateway/egress-policies/dedicated-egress-ips.mdx b/src/content/docs/cloudflare-one/policies/gateway/egress-policies/dedicated-egress-ips.mdx
index d2dd744c2e3f80a..65b365007f2089c 100644
--- a/src/content/docs/cloudflare-one/policies/gateway/egress-policies/dedicated-egress-ips.mdx
+++ b/src/content/docs/cloudflare-one/policies/gateway/egress-policies/dedicated-egress-ips.mdx
@@ -112,9 +112,9 @@ Regardless of egress location, the IP geolocation will match the assigned dedica
To physically egress from a specific location, traffic must be proxied to Cloudflare via IPv4. The end user connects to the nearest Cloudflare data center, but Cloudflare will internally route their traffic to egress from the dedicated location configured in your [egress policies](/cloudflare-one/policies/gateway/egress-policies/). Therefore, the connected data center shown in the user's WARP client preferences may not match their actual egress location.
-We are able to offer better IPv4 performance when users visit domains proxied by Cloudflare (also known as an [orange-clouded](/dns/manage-dns-records/reference/proxied-dns-records/#proxied-records) domain). In this scenario, IPv4 traffic will physically egress from the most performant data center in our network while still appearing to egress from your dedicated location.
+We are able to offer better IPv4 performance when users visit domains proxied by Cloudflare (also known as an [orange-clouded](/dns/proxy-status/) domain). In this scenario, IPv4 traffic will physically egress from the most performant data center in our network while still appearing to egress from your dedicated location.
-For example, assume you have a primary dedicated egress IP in Los Angeles and a secondary dedicated egress IP in New York. A user in Las Vegas would see Las Vegas as their connected data center. If they go to a site not proxied by Cloudflare ([gray-clouded](/dns/manage-dns-records/reference/proxied-dns-records/#dns-only-records)), such as `espn.com`, they will egress from Los Angeles (or whichever city is in the matching egress policy). If they go to an orange-clouded site such as `cloudflare.com`, they will physically egress from Las Vegas but use Los Angeles as their IP geolocation.
+For example, assume you have a primary dedicated egress IP in Los Angeles and a secondary dedicated egress IP in New York. A user in Las Vegas would see Las Vegas as their connected data center. If they go to a site not proxied by Cloudflare ([gray-clouded](/dns/proxy-status/#dns-only-records)), such as `espn.com`, they will egress from Los Angeles (or whichever city is in the matching egress policy). If they go to an orange-clouded site such as `cloudflare.com`, they will physically egress from Las Vegas but use Los Angeles as their IP geolocation.
#### IPv6
diff --git a/src/content/docs/data-localization/how-to/cache.mdx b/src/content/docs/data-localization/how-to/cache.mdx
index e8b1f80787b6fe9..c2b5f6930c2ad13 100644
--- a/src/content/docs/data-localization/how-to/cache.mdx
+++ b/src/content/docs/data-localization/how-to/cache.mdx
@@ -11,7 +11,7 @@ In the following sections, we will give you some details about how to configure
## Regional Services
-To configure Regional Services for hostnames [proxied](/dns/manage-dns-records/reference/proxied-dns-records/) through Cloudflare and ensure that [eligible assets](/cache/concepts/default-cache-behavior/) are cached only in-region, follow these steps for the dashboard or API configuration:
+To configure Regional Services for hostnames [proxied](/dns/proxy-status/) through Cloudflare and ensure that [eligible assets](/cache/concepts/default-cache-behavior/) are cached only in-region, follow these steps for the dashboard or API configuration:
diff --git a/src/content/docs/data-localization/how-to/cloudflare-for-saas.mdx b/src/content/docs/data-localization/how-to/cloudflare-for-saas.mdx
index 86d538c4c7233d5..3228c3f2aba53ed 100644
--- a/src/content/docs/data-localization/how-to/cloudflare-for-saas.mdx
+++ b/src/content/docs/data-localization/how-to/cloudflare-for-saas.mdx
@@ -11,7 +11,7 @@ In the following sections, we will give you some details about how to configure
## Regional Services
-To configure Regional Services for both hostnames [proxied](/dns/manage-dns-records/reference/proxied-dns-records/) through Cloudflare and the fallback origin, follow these steps for the dashboard or API configuration:
+To configure Regional Services for both hostnames [proxied](/dns/proxy-status/) through Cloudflare and the fallback origin, follow these steps for the dashboard or API configuration:
diff --git a/src/content/docs/data-localization/how-to/durable-objects.mdx b/src/content/docs/data-localization/how-to/durable-objects.mdx
index 4fa5889094f6a51..e3b30993416a352 100644
--- a/src/content/docs/data-localization/how-to/durable-objects.mdx
+++ b/src/content/docs/data-localization/how-to/durable-objects.mdx
@@ -10,7 +10,7 @@ In the following sections, we will give you some details about how to configure
## Regional Services
-To configure Regional Services for hostnames [proxied](/dns/manage-dns-records/reference/proxied-dns-records/) through Cloudflare and ensure that processing of a Durable Object (DO) occurs only in-region, follow these steps:
+To configure Regional Services for hostnames [proxied](/dns/proxy-status/) through Cloudflare and ensure that processing of a Durable Object (DO) occurs only in-region, follow these steps:
1. Follow the steps in the Durable Objects [Get Started](/durable-objects/get-started/) guide.
2. [Restrict Durable Objects to a jurisdiction](/durable-objects/reference/data-location/#restrict-durable-objects-to-a-jurisdiction), in order to control where the DO itself runs and persists data, by creating a jurisidictional subnamespace in your Worker’s code.
diff --git a/src/content/docs/data-localization/how-to/load-balancing.mdx b/src/content/docs/data-localization/how-to/load-balancing.mdx
index e82fb2e2b1a8225..595b5be84317e83 100644
--- a/src/content/docs/data-localization/how-to/load-balancing.mdx
+++ b/src/content/docs/data-localization/how-to/load-balancing.mdx
@@ -11,9 +11,9 @@ In the following sections, we will give you some details about how to configure
## Regional Services
-You can load balance traffic at different levels of the networking stack depending on the [proxy mode](/load-balancing/understand-basics/proxy-modes/): Layer 7 (`HTTP/S`) and Layer 4 (`TCP`) are supported; however, `DNS-only` is not supported, as it is not [proxied](/dns/manage-dns-records/reference/proxied-dns-records/).
+You can load balance traffic at different levels of the networking stack depending on the [proxy mode](/load-balancing/understand-basics/proxy-modes/): Layer 7 (`HTTP/S`) and Layer 4 (`TCP`) are supported; however, `DNS-only` is not supported, as it is not [proxied](/dns/proxy-status/).
-To configure Regional Services for hostnames [proxied](/dns/manage-dns-records/reference/proxied-dns-records/) through Cloudflare and ensure that the Load Balancer is available only in-region, follow these steps for the dashboard or API configuration:
+To configure Regional Services for hostnames [proxied](/dns/proxy-status/) through Cloudflare and ensure that the Load Balancer is available only in-region, follow these steps for the dashboard or API configuration:
diff --git a/src/content/docs/data-localization/how-to/pages.mdx b/src/content/docs/data-localization/how-to/pages.mdx
index 2771cd7f3c3bb74..ef828a24c51399d 100644
--- a/src/content/docs/data-localization/how-to/pages.mdx
+++ b/src/content/docs/data-localization/how-to/pages.mdx
@@ -11,7 +11,7 @@ In the following sections, we will give you some details about how to configure
## Regional Services
-To configure Regional Services for hostnames [proxied](/dns/manage-dns-records/reference/proxied-dns-records/) through Cloudflare and ensure that processing of a Pages project occurs only in-region, follow these steps for the dashboard or API configuration:
+To configure Regional Services for hostnames [proxied](/dns/proxy-status/) through Cloudflare and ensure that processing of a Pages project occurs only in-region, follow these steps for the dashboard or API configuration:
diff --git a/src/content/docs/data-localization/how-to/r2.mdx b/src/content/docs/data-localization/how-to/r2.mdx
index d6726253b31e5a9..a0857b2e2c2978c 100644
--- a/src/content/docs/data-localization/how-to/r2.mdx
+++ b/src/content/docs/data-localization/how-to/r2.mdx
@@ -12,7 +12,7 @@ In the following sections, we will give you some details about how to configure
## Regional Services
-To configure Regional Services for hostnames [proxied](/dns/manage-dns-records/reference/proxied-dns-records/) through Cloudflare and ensure that processing of requesting objects from a [R2 Bucket](/r2/buckets/) occurs only in-region, follow these steps:
+To configure Regional Services for hostnames [proxied](/dns/proxy-status/) through Cloudflare and ensure that processing of requesting objects from a [R2 Bucket](/r2/buckets/) occurs only in-region, follow these steps:
1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/), and select an account.
2. Go to the **R2** tab.
diff --git a/src/content/docs/data-localization/how-to/workers.mdx b/src/content/docs/data-localization/how-to/workers.mdx
index 9362907b8fb7e4a..01db2776ea79300 100644
--- a/src/content/docs/data-localization/how-to/workers.mdx
+++ b/src/content/docs/data-localization/how-to/workers.mdx
@@ -10,7 +10,7 @@ In the following sections, we will give you some details about how to configure
## Regional Services
-To configure Regional Services for hostnames [proxied](/dns/manage-dns-records/reference/proxied-dns-records/) through Cloudflare and ensure that processing of a Workers project occurs only in-region, follow these steps:
+To configure Regional Services for hostnames [proxied](/dns/proxy-status/) through Cloudflare and ensure that processing of a Workers project occurs only in-region, follow these steps:
1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/), and select an account.
2. Go to the **Workers & Pages** tab.
diff --git a/src/content/docs/dns/additional-options/dns-zone-defaults.mdx b/src/content/docs/dns/additional-options/dns-zone-defaults.mdx
index ac1ba3ed3c228ac..be257d7c1eea4ff 100644
--- a/src/content/docs/dns/additional-options/dns-zone-defaults.mdx
+++ b/src/content/docs/dns/additional-options/dns-zone-defaults.mdx
@@ -32,6 +32,6 @@ For primary zones:
For secondary zones:
-- [Secondary DNS override](/dns/zone-setups/zone-transfers/cloudflare-as-secondary/proxy-traffic/): Enable the options to use Cloudflare [proxy](/dns/manage-dns-records/reference/proxied-dns-records/) and add `CNAME` records at your zone apex.
+- [Secondary DNS override](/dns/zone-setups/zone-transfers/cloudflare-as-secondary/proxy-traffic/): Enable the options to use Cloudflare [proxy](/dns/proxy-status/) and add `CNAME` records at your zone apex.
Multi-provider DNS does not apply as a setting for secondary zones, as this is already a required behavior for this setup. `SOA` record and the `NS` record TTL are defined on your external DNS provider and only transferred into Cloudflare.
diff --git a/src/content/docs/dns/additional-options/index.mdx b/src/content/docs/dns/additional-options/index.mdx
index 859efd2e004be44..c5fb30c17d14853 100644
--- a/src/content/docs/dns/additional-options/index.mdx
+++ b/src/content/docs/dns/additional-options/index.mdx
@@ -2,7 +2,7 @@
pcx_content_type: navigation
title: Additional options
sidebar:
- order: 8
+ order: 12
group:
hideIndex: true
---
diff --git a/src/content/docs/dns/cname-flattening/index.mdx b/src/content/docs/dns/cname-flattening/index.mdx
index 279123e2a01359e..dcdd96e576dce45 100644
--- a/src/content/docs/dns/cname-flattening/index.mdx
+++ b/src/content/docs/dns/cname-flattening/index.mdx
@@ -2,7 +2,7 @@
pcx_content_type: concept
title: CNAME flattening
sidebar:
- order: 7
+ order: 9
label: About
---
diff --git a/src/content/docs/dns/cname-flattening/set-up-cname-flattening.mdx b/src/content/docs/dns/cname-flattening/set-up-cname-flattening.mdx
index 91e839c1b98dd37..f98b1f121445f66 100644
--- a/src/content/docs/dns/cname-flattening/set-up-cname-flattening.mdx
+++ b/src/content/docs/dns/cname-flattening/set-up-cname-flattening.mdx
@@ -25,7 +25,7 @@ CNAME flattening occurs by default for all plans when your domain uses a CNAME r
## For all CNAME records
-For zones on paid plans, you can choose to flatten all CNAME records. This option is useful for DNS-only (unproxied) CNAME records. [Proxied records](/dns/manage-dns-records/reference/proxied-dns-records/#proxied-records) are flattened by default as they return Cloudflare anycast IPs.
+For zones on paid plans, you can choose to flatten all CNAME records. This option is useful for DNS-only (unproxied) CNAME records. [Proxied records](/dns/proxy-status/) are flattened by default as they return Cloudflare anycast IPs.
diff --git a/src/content/docs/dns/dns-firewall/index.mdx b/src/content/docs/dns/dns-firewall/index.mdx
index bf8ea2038e8cd4f..b317368616bf1d3 100644
--- a/src/content/docs/dns/dns-firewall/index.mdx
+++ b/src/content/docs/dns/dns-firewall/index.mdx
@@ -2,7 +2,7 @@
pcx_content_type: overview
title: DNS Firewall
sidebar:
- order: 10
+ order: 15
---
diff --git a/src/content/docs/dns/dnssec/index.mdx b/src/content/docs/dns/dnssec/index.mdx
index 117ca005f7c1dc5..b7926b4e79dbe74 100644
--- a/src/content/docs/dns/dnssec/index.mdx
+++ b/src/content/docs/dns/dnssec/index.mdx
@@ -2,7 +2,7 @@
pcx_content_type: how-to
title: DNSSEC
sidebar:
- order: 6
+ order: 8
---
diff --git a/src/content/docs/dns/get-started.mdx b/src/content/docs/dns/get-started.mdx
index 4c7e4891df76619..5acb783bb2a7231 100644
--- a/src/content/docs/dns/get-started.mdx
+++ b/src/content/docs/dns/get-started.mdx
@@ -33,7 +33,7 @@ The following links introduce important concepts and will guide you through acti
- [Nameservers](/dns/nameservers/): In the context of Cloudflare DNS, nameservers refer to authoritative nameservers. When a nameserver is authoritative for `example.com`, it means that DNS resolvers will consider responses from this nameserver when a user tries to access `example.com`.
-- [Proxy status](/dns/manage-dns-records/reference/proxied-dns-records/): Proxy status affects how Cloudflare treats incoming HTTP/S requests to A, AAAA, and CNAME records. When a record is proxied, Cloudflare responds with [anycast IPs](/fundamentals/concepts/cloudflare-ip-addresses/), which speeds up and protects HTTP/S traffic with our [cache](/cache/)/[CDN](https://www.cloudflare.com/learning/cdn/what-is-a-cdn/), [DDoS protection](/ddos-protection/), [WAF](/waf/), and [more](/products/?product-group=Application+performance%2CApplication+security).
+- [Proxy status](/dns/proxy-status/): Proxy status affects how Cloudflare treats incoming HTTP/S requests to A, AAAA, and CNAME records. When a record is proxied, Cloudflare responds with [anycast IPs](/fundamentals/concepts/cloudflare-ip-addresses/), which speeds up and protects HTTP/S traffic with our [cache](/cache/)/[CDN](https://www.cloudflare.com/learning/cdn/what-is-a-cdn/), [DDoS protection](/ddos-protection/), [WAF](/waf/), and [more](/products/?product-group=Application+performance%2CApplication+security).
## Further reading
diff --git a/src/content/docs/dns/manage-dns-records/how-to/batch-record-changes.mdx b/src/content/docs/dns/manage-dns-records/how-to/batch-record-changes.mdx
index d3cdb9fcf8b39ee..ff41eb69474980d 100644
--- a/src/content/docs/dns/manage-dns-records/how-to/batch-record-changes.mdx
+++ b/src/content/docs/dns/manage-dns-records/how-to/batch-record-changes.mdx
@@ -30,7 +30,7 @@ The number of records that you can operate with in one action depends on your zo
### Edit proxy status in bulk
-`A`,`AAAA`, and `CNAME` records can be [proxied](/dns/manage-dns-records/reference/proxied-dns-records/). The **Proxy status** of a DNS record affects [how Cloudflare responds to DNS queries](/fundamentals/concepts/how-cloudflare-works/) to that record.
+`A`,`AAAA`, and `CNAME` records can be [proxied](/dns/proxy-status/). The **Proxy status** of a DNS record affects [how Cloudflare responds to DNS queries](/fundamentals/concepts/how-cloudflare-works/) to that record.
diff --git a/src/content/docs/dns/manage-dns-records/how-to/create-dns-records.mdx b/src/content/docs/dns/manage-dns-records/how-to/create-dns-records.mdx
index b4b743a0564bd97..ad1b029cd9918c9 100644
--- a/src/content/docs/dns/manage-dns-records/how-to/create-dns-records.mdx
+++ b/src/content/docs/dns/manage-dns-records/how-to/create-dns-records.mdx
@@ -26,7 +26,7 @@ To create a DNS record in the dashboard:
3. Select **Add record**.
4. Choose a record [**Type**](/dns/manage-dns-records/reference/dns-record-types/).
5. Complete the required fields, which vary per record. Particularly important fields (for some records) include:
- - **Proxy status**: For `A`, `AAAA`, and `CNAME` records, decide whether hostname traffic is proxied through Cloudflare.
+ - **Proxy status**: For `A`, `AAAA`, and `CNAME` records, decide whether hostname traffic is proxied through Cloudflare.
- **TTL**: Short for [_Time to Live_](/dns/manage-dns-records/reference/ttl/), this field controls how long each record is valid and — as a result — how long it takes for record updates to reach your end users.
- **Comment** and **Tag**: [Record attributes](/dns/manage-dns-records/reference/record-attributes/) meant for your reference.
6. Select **Save**.
diff --git a/src/content/docs/dns/manage-dns-records/how-to/import-and-export.mdx b/src/content/docs/dns/manage-dns-records/how-to/import-and-export.mdx
index a169c28ad9bb1c9..8dd3def903ecaae 100644
--- a/src/content/docs/dns/manage-dns-records/how-to/import-and-export.mdx
+++ b/src/content/docs/dns/manage-dns-records/how-to/import-and-export.mdx
@@ -31,7 +31,7 @@ To import a zone file using the dashboard:
2. Go to **DNS** > **Records**.
3. Select **Import and Export**.
4. For **Import DNS records**, select your [formatted file](#format-your-zone-file).
-5. If you do not want [applicable records](/dns/manage-dns-records/reference/proxied-dns-records/) proxied, unselect **Proxy imported DNS records**.
+5. If you do not want [applicable records](/dns/proxy-status/) proxied, unselect **Proxy imported DNS records**.
@@ -103,7 +103,7 @@ c.cloudflaredocs.com. 1 IN CNAME example.com. ; cf_tags=tag-without-value,cf-pro
#### cf-proxied
-On export, [proxied DNS records](/dns/manage-dns-records/reference/proxied-dns-records/#proxied-records) will present a tag `cf-proxied:true` while DNS-only records will have this tag set to `cf-proxied:false`.
+On export, [proxied DNS records](/dns/proxy-status/) will present a tag `cf-proxied:true` while DNS-only records will have this tag set to `cf-proxied:false`.
When importing zone files, the value in the `cf-proxied` tag will take precedence in determining whether a record should be proxied. This means that:
diff --git a/src/content/docs/dns/manage-dns-records/how-to/round-robin-dns.mdx b/src/content/docs/dns/manage-dns-records/how-to/round-robin-dns.mdx
index fec5935b32e270f..0d95140ca776d16 100644
--- a/src/content/docs/dns/manage-dns-records/how-to/round-robin-dns.mdx
+++ b/src/content/docs/dns/manage-dns-records/how-to/round-robin-dns.mdx
@@ -22,7 +22,7 @@ After [creating an account](/fundamentals/setup/account/create-account/) and [up
| A | `www` | `192.0.2.2` |
| A | `www` | `192.0.2.3` |
-The exact behavior of your DNS routing would depend on the [proxy status](/dns/manage-dns-records/reference/proxied-dns-records/) of each record.
+The exact behavior of your DNS routing would depend on the [proxy status](/dns/proxy-status/) of each record.
### All records unproxied
diff --git a/src/content/docs/dns/manage-dns-records/index.mdx b/src/content/docs/dns/manage-dns-records/index.mdx
index 284b3d391336b23..bb4a6586925e951 100644
--- a/src/content/docs/dns/manage-dns-records/index.mdx
+++ b/src/content/docs/dns/manage-dns-records/index.mdx
@@ -2,7 +2,7 @@
pcx_content_type: navigation
title: DNS records
sidebar:
- order: 5
+ order: 6
---
@@ -16,7 +16,7 @@ Depending on the providers you used to [get your domain name](/fundamentals/setu
## DNS records table
-When managing your records at Cloudflare, besides the common record fields described below, you may also find an option for [Proxy status](/dns/manage-dns-records/reference/proxied-dns-records/) and [CNAME flattening](/dns/cname-flattening/). These are specific features offered by Cloudflare.
+When managing your records at Cloudflare, besides the common record fields described below, you may also find an option for [Proxy status](/dns/proxy-status/) and [CNAME flattening](/dns/cname-flattening/). These are specific features offered by Cloudflare.
- **Type**: Defines the purpose of a record. Different types of record require different information in their corresponding `Content` field.
@@ -36,7 +36,7 @@ DNS management for **example.com**:
In this example, an IP address resolution record of type `A` is indicating that the resources that correspond to the subdomain `blog.example.com` can be reached on the IPv4 address `192.0.2.1`.
-Also, as this record is proxied, Cloudflare automatically defines for how long this information should be cached by DNS resolvers.
+Also, as this record is proxied, Cloudflare automatically defines for how long this information should be cached by DNS resolvers.
diff --git a/src/content/docs/dns/manage-dns-records/reference/dns-record-types.mdx b/src/content/docs/dns/manage-dns-records/reference/dns-record-types.mdx
index 067a0633dd1f098..d0f4a17bab981c7 100644
--- a/src/content/docs/dns/manage-dns-records/reference/dns-record-types.mdx
+++ b/src/content/docs/dns/manage-dns-records/reference/dns-record-types.mdx
@@ -14,7 +14,7 @@ This page provides information about some of the different types of DNS records
## IP address resolution
-At least one **IP address resolution** record is required for each domain on Cloudflare. These records are the only ones you can [proxy](/dns/manage-dns-records/reference/proxied-dns-records/) through Cloudflare.
+At least one **IP address resolution** record is required for each domain on Cloudflare. These records are the only ones you can [proxy](/dns/proxy-status/) through Cloudflare.
### A and AAAA
@@ -38,14 +38,14 @@ These records include the following fields:
* **TTL**: Time to live, which controls how long DNS resolvers should cache a response before revalidating it.
* If the **Proxy Status** is **Proxied**, this value defaults to **Auto**, which is 300 seconds.
* If the **Proxy Status** is **DNS Only**, you can customize the value.
-* **Proxy status**: For more details, refer to [Proxied DNS records](/dns/manage-dns-records/reference/proxied-dns-records/).
+* **Proxy status**: For more details, refer to [Proxied DNS records](/dns/proxy-status/).
#### Example API call
When creating A or AAAA records [using the API](/dns/manage-dns-records/how-to/create-dns-records/#create-dns-records):
* The `content` of the records is an IP address (IPv4 for A or IPv6 for AAAA).
-* The `proxied` field affects the record's [proxy status](/dns/manage-dns-records/reference/proxied-dns-records/).
+* The `proxied` field affects the record's [proxy status](/dns/proxy-status/).
@@ -107,7 +107,7 @@ These records include the following fields:
* **TTL**: Time to live, which controls how long DNS resolvers should cache a response before revalidating it.
* If the **Proxy Status** is **Proxied**, this value defaults to **Auto**, which is 300 seconds.
* If the **Proxy Status** is **DNS Only**, you can customize the value.
-* **Proxy status**: For more details, refer to [Proxied DNS records](/dns/manage-dns-records/reference/proxied-dns-records/).
+* **Proxy status**: For more details, refer to [Proxied DNS records](/dns/proxy-status/).
You can use CNAME records to point to other CNAME records (`www.example2.com` --> `www.example1.com` --> `www.example.com`), but the final record must point to a hostname with a valid IP address (and therefore a valid A or AAAA record) if this hostname is meant to proxy traffic.
@@ -118,7 +118,7 @@ Cloudflare uses a process called CNAME flattening to deliver better performance.
When creating CNAME records [using the API](/dns/manage-dns-records/how-to/create-dns-records/#create-dns-records):
* The `content` of the records is a [fully qualified domain name](https://en.wikipedia.org/wiki/Fully_qualified_domain_name).
-* The `proxied` field affects the record's [proxy status](/dns/manage-dns-records/reference/proxied-dns-records/)
+* The `proxied` field affects the record's [proxy status](/dns/proxy-status/)
@@ -302,7 +302,7 @@ curl "https://api.cloudflare.com/client/v4/zones//dns_records" \
Service Binding (SVCB) and HTTPS Service (HTTPS) records allow you to provide a client with information about how it should connect to a server upfront, without the need of an initial plaintext HTTP connection.
-If your domain has [HTTP/2 or HTTP/3 enabled](/speed/optimization/protocol/) and [proxied DNS records](/dns/manage-dns-records/reference/proxied-dns-records/), Cloudflare automatically generates HTTPS records on the fly, to advertise to clients how they should connect to your server.
+If your domain has [HTTP/2 or HTTP/3 enabled](/speed/optimization/protocol/) and [proxied DNS records](/dns/proxy-status/), Cloudflare automatically generates HTTPS records on the fly, to advertise to clients how they should connect to your server.
For more details and context, refer to the [announcement blog post](https://blog.cloudflare.com/speeding-up-https-and-http-3-negotiation-with-dns/) and [RFC 9460](https://www.rfc-editor.org/rfc/rfc9460.html).
diff --git a/src/content/docs/dns/manage-dns-records/reference/proxied-dns-records.mdx b/src/content/docs/dns/manage-dns-records/reference/proxied-dns-records.mdx
deleted file mode 100644
index b574a0bc474edf8..000000000000000
--- a/src/content/docs/dns/manage-dns-records/reference/proxied-dns-records.mdx
+++ /dev/null
@@ -1,43 +0,0 @@
----
-pcx_content_type: concept
-title: Proxy status
-sidebar:
- order: 1
-
----
-
-import { Render } from "~/components"
-
-The **Proxy status** of a DNS record affects how Cloudflare treats incoming traffic to that record. Cloudflare recommends enabling our proxy for all `A`, `AAAA`, and `CNAME` records that are used for serving web traffic.
-
-
-
-***
-
-## Proxied records
-
-
-
-
-
-### Protocol optimization
-
-For proxied records, if your domain has [HTTP/2 or HTTP/3 enabled](/speed/optimization/protocol/), Cloudflare automatically generates corresponding [HTTPS Service (HTTPS) records](/dns/manage-dns-records/reference/dns-record-types/#svcb-and-https) on the fly. HTTPS records allow you to provide a client with information about how it should connect to a server upfront, without the need of an initial plaintext HTTP connection.
-
-:::note
-Both HTTP/2 and HTTP/3 configurations also require that you have an SSL/TLS certificate served by Cloudflare. This means that disabling [Universal SSL](/ssl/edge-certificates/universal-ssl/), for example, could impact this behavior.
-:::
-
-### Limitations
-
-
-
-***
-
-## DNS-only records
-
-When an `A`, `AAAA`, or `CNAME` record is **DNS-only** — also known as being gray-clouded — DNS queries for these will resolve to the record's normal IP address.
-
-
-
-In addition to potentially exposing your origin IP addresses to bad actors and [DDoS attacks](https://www.cloudflare.com/learning/ddos/what-is-a-ddos-attack/), leaving your records as **DNS-only** means that Cloudflare cannot [optimize, cache, and protect](/fundamentals/concepts/how-cloudflare-works/) requests to your application or provide analytics on those requests.
diff --git a/src/content/docs/dns/manage-dns-records/reference/ttl.mdx b/src/content/docs/dns/manage-dns-records/reference/ttl.mdx
index da3ff41128b576a..b7f0589bd85d8e9 100644
--- a/src/content/docs/dns/manage-dns-records/reference/ttl.mdx
+++ b/src/content/docs/dns/manage-dns-records/reference/ttl.mdx
@@ -6,22 +6,20 @@ sidebar:
---
+import { GlossaryTooltip } from "~/components";
+
**Time to Live (TTL)** is a field on [DNS records](/dns/manage-dns-records/how-to/create-dns-records/) that controls how long each record is cached and — as a result — how long it takes for record updates to reach your end users.
Longer TTLs speed up [DNS lookups](https://www.cloudflare.com/learning/dns/what-is-dns/) by increasing the chance of cached results, but a longer TTL also means that updates to your records take longer to go into effect.
## Proxied records
-By default, all [proxied records](/dns/manage-dns-records/reference/proxied-dns-records/) have a TTL of **Auto**, which is set to 300 seconds.
+By default, all proxied records have a TTL of **Auto**, which is set to 300 seconds. This value cannot be edited.
-Since only [IP resolution records](/dns/manage-dns-records/reference/dns-record-types/#ip-address-resolution) can be proxied, this setting ensures that queries to your domain name resolve fairly quickly. This setting also means that any changes to proxied `A`, `AAAA`, or `CNAME` records will take place within five minutes or less.
+Since only [records used for IP address resolution](/dns/manage-dns-records/reference/dns-record-types/#ip-address-resolution) can be proxied, this setting ensures that potential changes to the assigned [anycast IP address](/fundamentals/concepts/cloudflare-ip-addresses/) will take effect quickly, as recursive resolvers will not cache them for longer than 300 seconds (five minutes).
:::note
-
-
It may take longer than 5 minutes for you to actually experience record changes, as your local DNS cache may take longer to update.
-
-
:::
## Unproxied records
diff --git a/src/content/docs/dns/manage-dns-records/reference/vendor-specific-records.mdx b/src/content/docs/dns/manage-dns-records/reference/vendor-specific-records.mdx
index 18b72458507f29c..6bd9e032083d4aa 100644
--- a/src/content/docs/dns/manage-dns-records/reference/vendor-specific-records.mdx
+++ b/src/content/docs/dns/manage-dns-records/reference/vendor-specific-records.mdx
@@ -151,7 +151,7 @@ Refer to Rackspace CloudFiles's documentation to [get a `CNAME` value](https://d
:::caution
-The `CNAME` record needs to be [DNS-only (unproxied)](/dns/manage-dns-records/reference/proxied-dns-records/#dns-only-records) since rackcdn.com is
+The `CNAME` record needs to be [DNS-only (unproxied)](/dns/proxy-status/#dns-only-records) since rackcdn.com is
not compatible with Cloudflare.
:::
@@ -180,7 +180,7 @@ Then, set up your Squarespace DNS records:
1. Get your Squarespace DNS information by following [these instructions](https://support.squarespace.com/hc/articles/213469948).
2. In Cloudflare, [add those records](/dns/manage-dns-records/how-to/create-dns-records/):
- * All `A` records should be [Proxied](/dns/manage-dns-records/reference/proxied-dns-records/)
+ * All `A` records should be [Proxied](/dns/proxy-status/)
* The `CNAME` record for `www` should also be **Proxied**.
* The `CNAME` record for `verify.squarespace.com` should be **DNS-only**.
3. If set up properly, your Squarespace DNS Settings page will now indicate that your 'Settings contain problems.' **This is the expected behavior**.
@@ -205,7 +205,7 @@ Refer to Unbounce's documentation to [get a `CNAME` value](https://documentation
:::caution
-If Cloudflare is activated via one of our hosting partners, your `CNAME` record should be [DNS-only (unproxied)](/dns/manage-dns-records/reference/proxied-dns-records/#dns-only-records).
+If Cloudflare is activated via one of our hosting partners, your `CNAME` record should be [DNS-only (unproxied)](/dns/proxy-status/#dns-only-records).
:::
### Vercel
@@ -223,7 +223,7 @@ This is because Wix [does not support](https://support.wix.com/en/article/reques
If you want to manage your DNS through Cloudflare or you bought a domain through [Cloudflare Registrar](/registrar/), you can connect that domain to Wix through [domain pointing](https://support.wix.com/en/article/connecting-a-domain-to-wix-using-the-pointing-method).
-This method means your website is using Cloudflare for DNS only, so all your DNS records should be [DNS-only (unproxied)](/dns/manage-dns-records/reference/proxied-dns-records/#dns-only-records).
+This method means your website is using Cloudflare for DNS only, so all your DNS records should be [DNS-only (unproxied)](/dns/proxy-status/#dns-only-records).
### WPEngine
diff --git a/src/content/docs/dns/manage-dns-records/reference/wildcard-dns-records.mdx b/src/content/docs/dns/manage-dns-records/reference/wildcard-dns-records.mdx
index 0fa4686e87ea217..edd54965684af8a 100644
--- a/src/content/docs/dns/manage-dns-records/reference/wildcard-dns-records.mdx
+++ b/src/content/docs/dns/manage-dns-records/reference/wildcard-dns-records.mdx
@@ -12,7 +12,7 @@ Normal DNS records map a domain name to one or multiple IP addresses or other as
Wildcard DNS records allow you to have a many-to-many mapping, for example if you had hundreds or thousands of subdomains you wanted to point to the same resources. Wildcard records are used as the response for all subdomains that are not specifically covered by another DNS record.
-Within Cloudflare, wildcard DNS records can be either [proxied or DNS-only](/dns/manage-dns-records/reference/proxied-dns-records/).
+Within Cloudflare, wildcard DNS records can be either [proxied or DNS-only](/dns/proxy-status/).
## Create a Wildcard record
diff --git a/src/content/docs/dns/manage-dns-records/troubleshooting/cname-domain-verification.mdx b/src/content/docs/dns/manage-dns-records/troubleshooting/cname-domain-verification.mdx
index 2c38f38d4e0147b..62990963dd634a5 100644
--- a/src/content/docs/dns/manage-dns-records/troubleshooting/cname-domain-verification.mdx
+++ b/src/content/docs/dns/manage-dns-records/troubleshooting/cname-domain-verification.mdx
@@ -17,7 +17,7 @@ Consider the following sections if this is not working correctly for you.
You may find issues if you have one of the following:
-* The `CNAME` record you created for domain verification is set to [**Proxied**](/dns/manage-dns-records/reference/proxied-dns-records/).
+* The `CNAME` record you created for domain verification is set to [**Proxied**](/dns/proxy-status/).
* The `CNAME` record is correctly set to DNS only (not proxied), but your zone has [**Flatten all CNAMEs**](/dns/cname-flattening/set-up-cname-flattening/#for-all-cname-records) option enabled.
## Solution
diff --git a/src/content/docs/dns/manage-dns-records/troubleshooting/exposed-ip-address.mdx b/src/content/docs/dns/manage-dns-records/troubleshooting/exposed-ip-address.mdx
index 249c59b1b07d1a9..8e3e7ddfdec9bb0 100644
--- a/src/content/docs/dns/manage-dns-records/troubleshooting/exposed-ip-address.mdx
+++ b/src/content/docs/dns/manage-dns-records/troubleshooting/exposed-ip-address.mdx
@@ -7,7 +7,7 @@ sidebar:
---
-When your DNS records are [proxied](/dns/manage-dns-records/reference/proxied-dns-records/), Cloudflare speeds up and protects your site.
+When your DNS records are [proxied](/dns/proxy-status/), Cloudflare speeds up and protects your site.
A `dig` query against your proxied apex domain returns a Cloudflare IP address. This way, your origin server’s IP address remains concealed from the public. Remember that orange cloud benefits only apply to HTTP traffic.
@@ -25,7 +25,7 @@ If you receive the following warning:
`This record is exposing your origin server’s IP address. To hide your origin IP address, and increase your server security, click on the grey cloud to change it to orange.`
-Cloudflare recommends [proxying](/dns/manage-dns-records/reference/proxied-dns-records/) the record so that any `dig` query against that record returns a Cloudflare IP address and your origin server IP address remains concealed from the public.
+Cloudflare recommends [proxying](/dns/proxy-status/) the record so that any `dig` query against that record returns a Cloudflare IP address and your origin server IP address remains concealed from the public.
To take advantage of Cloudflare’s performance and security benefits, we recommend you proxy DNS records that handle HTTP traffic, including `A`, `AAAA`, and `CNAME` records.
diff --git a/src/content/docs/dns/proxy-status/index.mdx b/src/content/docs/dns/proxy-status/index.mdx
new file mode 100644
index 000000000000000..91643df18072929
--- /dev/null
+++ b/src/content/docs/dns/proxy-status/index.mdx
@@ -0,0 +1,98 @@
+---
+pcx_content_type: concept
+title: Proxy status
+sidebar:
+ order: 7
+ label: Overview
+ group:
+ label: Proxy status
+---
+
+import { Render, Example, Details, GlossaryTooltip } from "~/components";
+
+While your [DNS records](/dns/manage-dns-records/) make your website or application available to visitors and other web services, the **Proxy status** of a DNS record defines how Cloudflare treats incoming DNS queries for that record.
+
+The records you can proxy through Cloudflare are [records used for IP address resolution](/dns/manage-dns-records/reference/dns-record-types/#ip-address-resolution) — meaning A, AAAA, or CNAME records.
+
+Cloudflare recommends setting to proxied all A, AAAA, and CNAME records that are used for serving web traffic. For example, CNAME records being used to verify your domain for a third-party service should not be proxied.
+
+:::note
+Proxying is on by default when you onboard a domain via the dashboard.
+:::
+
+### Benefits
+
+When you set a DNS record to **Proxied** (also known as orange-clouded), Cloudflare can:
+
+- Protect your origin server from [DDoS attacks](https://www.cloudflare.com/learning/ddos/what-is-a-ddos-attack/).
+- [Optimize, cache, and protect](/fundamentals/setup/manage-domains/connect-your-domain/#domain-configurations) all requests to your application.
+- Apply your configurations for a variety of Cloudflare products.
+
+:::caution
+When you [add a domain](/fundamentals/setup/manage-domains/add-site/) to Cloudflare, Cloudflare protection will be in a [pending state](/dns/zone-setups/reference/domain-status/) until we can verify ownership. This could take up to 24 hours to complete. Refer to [Limitations](/dns/proxy-status/limitations/#pending-domains) for further guidance.
+:::
+
+### Example
+
+
+
+This means that:
+
+- A DNS query to the proxied record `blog.example.com` will be answered with a Cloudflare [anycast IP address](/fundamentals/concepts/cloudflare-ip-addresses/) instead of `192.0.2.1`. This ensures that HTTP/HTTPS requests for this name will be sent to Cloudflare's network and can be proxied, which allows the [benefits listed above](#benefits).
+- A DNS query to the DNS-only record `shop.example.com` will be answered with the actual origin IP address, `192.0.2.2`. In addition to exposing your origin IP address and not benefitting from several features, Cloudflare cannot provide HTTP/HTTPS analytics on those requests (only DNS analytics).
+
+For further context, refer to [How Cloudflare works](/fundamentals/concepts/how-cloudflare-works/).
+
+---
+
+## Proxied records
+
+The sections below describe specific behaviors and expected outcomes when you have DNS records set to proxied. There may also be some [limitations](/dns/proxy-status/limitations/) in specific scenarios.
+
+### Predefined time to live
+
+By default, all proxied records have a time to live (TTL) of **Auto**, which is set to 300 seconds. This value cannot be edited.
+
+Since only [records used for IP address resolution](/dns/manage-dns-records/reference/dns-record-types/#ip-address-resolution) can be proxied, this setting ensures that potential changes to the assigned [anycast IP address](/fundamentals/concepts/cloudflare-ip-addresses/) will take effect quickly, as recursive resolvers will not cache them for longer than 300 seconds (five minutes).
+
+:::note
+It may take longer than five minutes for you to actually experience record changes, as your local DNS cache may take longer to update.
+:::
+
+### Mix proxied and unproxied
+
+If you have multiple A or AAAA records on the same name and at least one of them is proxied, Cloudflare will treat all A or AAAA records on this name as being proxied.
+
+
+
+
+DNS management for **example.com**:
+
+| Type | Name | Content | Proxy status | TTL |
+| ---- | ------- | ------------ | ------------ | ------ |
+| A | `blog` | `192.0.2.1` | Proxied | Auto |
+| A | `blog` | `192.0.2.5` | DNS only | Auto |
+
+In this example, all traffic intended for `blog.example.com` will be treated as if both records were **Proxied**.
+
+
+
+
+
+### Protocol optimization
+
+For proxied records, if your domain has [HTTP/2 or HTTP/3 enabled](/speed/optimization/protocol/), Cloudflare automatically generates corresponding [HTTPS Service (HTTPS) records](/dns/manage-dns-records/reference/dns-record-types/#svcb-and-https) on the fly. HTTPS records allow you to provide a client with information about how it should connect to a server upfront, without the need of an initial plaintext HTTP connection.
+
+:::note
+Both HTTP/2 and HTTP/3 configurations also require that you have an SSL/TLS certificate served by Cloudflare. This means that disabling [Universal SSL](/ssl/edge-certificates/universal-ssl/), for example, could impact this behavior.
+:::
+
+---
+
+## DNS-only records
+
+When an A, AAAA, or CNAME record is **DNS-only** — also known as being gray-clouded — DNS queries for these will resolve to the record's origin IP address, as described in the [example](#example).
+
+In addition to potentially exposing your origin IP addresses to bad actors and [DDoS attacks](https://www.cloudflare.com/learning/ddos/what-is-a-ddos-attack/), leaving your records as **DNS-only** means that Cloudflare cannot [optimize, cache, and protect](/fundamentals/concepts/how-cloudflare-works/) requests to your application or provide analytics on those requests.
+
+
\ No newline at end of file
diff --git a/src/content/docs/dns/proxy-status/limitations.mdx b/src/content/docs/dns/proxy-status/limitations.mdx
new file mode 100644
index 000000000000000..17b67848b9e687e
--- /dev/null
+++ b/src/content/docs/dns/proxy-status/limitations.mdx
@@ -0,0 +1,39 @@
+---
+pcx_content_type: concept
+title: Proxying limitations
+sidebar:
+ order: 2
+ label: Limitations
+---
+
+import { Render, GlossaryTooltip } from "~/components";
+
+This page describes expected limitations when proxying DNS records. For further information about proxying, refer to [How Cloudflare works](/fundamentals/concepts/how-cloudflare-works/).
+
+## Proxy eligibility
+
+Only A, AAAA, and CNAME DNS records that serve HTTP or HTTPS traffic can be proxied. Other record types cannot be proxied.
+
+If you encounter a CNAME record that you cannot proxy — usually associated with another CDN provider — a proxied version of that record will cause connectivity errors. Cloudflare is purposely preventing that record from being proxied to protect you from a misconfiguration.
+
+### Pre-signed DNSSEC
+
+If you use Cloudflare as your [secondary DNS provider](/dns/zone-setups/zone-transfers/cloudflare-as-secondary/) and leverage [Secondary DNS Overrides](/dns/zone-setups/zone-transfers/cloudflare-as-secondary/proxy-traffic/) to set records to proxied, note that opting for [Pre-signed DNSSEC](/dns/zone-setups/zone-transfers/cloudflare-as-secondary/dnssec-for-secondary/) will cause Cloudflare to treat your records as DNS-only.
+
+## Ports and protocols
+
+To proxy HTTP/HTTPS traffic on [non-standard ports](/fundamentals/reference/network-ports/) or to proxy a TCP or UDP based application, use [Cloudflare Spectrum](/spectrum/).
+
+## Pending domains
+
+
+
+This means that DNS records — even those set to [proxy traffic through Cloudflare](#proxied-records) — will be [DNS-only](/dns/proxy-status/#dns-only-records) until your zone has been activated and any requests to your DNS records will return your origin server's IP address.
+
+If this warning is still present after 24 hours, refer to [Troubleshooting](/dns/troubleshooting/).
+
+For enhanced security, we recommend rolling your origin IP addresses at your hosting provider after your zone has been activated. This action prevents your origin IPs from being leaked during onboarding.
+
+## Windows authentication
+
+Because Microsoft Integrated Windows Authentication, NTLM, and Kerberos violate HTTP/1.1 specifications, they are not compatible with proxied DNS records.
\ No newline at end of file
diff --git a/src/content/docs/dns/reference/domain-connect.mdx b/src/content/docs/dns/reference/domain-connect.mdx
index d2f5612a3b687e1..a3a27c7edf69ae6 100644
--- a/src/content/docs/dns/reference/domain-connect.mdx
+++ b/src/content/docs/dns/reference/domain-connect.mdx
@@ -54,7 +54,7 @@ Send an email to `domain-connect@cloudflare.com`, including the following inform
1. List of template(s) you want to onboard, with their corresponding GitHub hyperlinks.
2. A logo to be displayed as part of the Domain Connect flow. Preferably in `SVG` format.
-3. The default [proxy status](/dns/manage-dns-records/reference/proxied-dns-records/) you would like Cloudflare to set for `A`, `AAAA`, and `CNAME` records that are part of your template(s). Proxying other record types is not supported.
+3. The default [proxy status](/dns/proxy-status/) you would like Cloudflare to set for `A`, `AAAA`, and `CNAME` records that are part of your template(s). Proxying other record types is not supported.
:::note
diff --git a/src/content/docs/dns/reference/index.mdx b/src/content/docs/dns/reference/index.mdx
index f6532619e768ef7..a70fda65ea847fc 100644
--- a/src/content/docs/dns/reference/index.mdx
+++ b/src/content/docs/dns/reference/index.mdx
@@ -2,7 +2,7 @@
pcx_content_type: navigation
title: Reference
sidebar:
- order: 11
+ order: 16
group:
hideIndex: true
---
diff --git a/src/content/docs/dns/troubleshooting/email-issues.mdx b/src/content/docs/dns/troubleshooting/email-issues.mdx
index 7b2e8289fc32532..8184aa1e7e3d692 100644
--- a/src/content/docs/dns/troubleshooting/email-issues.mdx
+++ b/src/content/docs/dns/troubleshooting/email-issues.mdx
@@ -28,7 +28,7 @@ Also, if `CNAME` records are not returned by the queried nameserver (sometimes n
## Is Cloudflare Spectrum enabled on your account?
-Cloudflare does not proxy traffic on port 25 (SMTP) unless [Cloudflare Spectrum](/spectrum/reference/configuration-options#smtp) is enabled and configured to proxy email traffic across Cloudflare. If you do not have Spectrum enabled, then no email traffic (SMTP) will actually pass through Cloudflare, and we will simply resolve the DNS. This also means that any DNS record used to send email traffic must be DNS-only to bypass the Cloudflare network. Check [Identifying subdomains compatible with Cloudflare's proxy](/dns/manage-dns-records/reference/proxied-dns-records) for more details.
+Cloudflare does not proxy traffic on port 25 (SMTP) unless [Cloudflare Spectrum](/spectrum/reference/configuration-options#smtp) is enabled and configured to proxy email traffic across Cloudflare. If you do not have Spectrum enabled, then no email traffic (SMTP) will actually pass through Cloudflare, and we will simply resolve the DNS. This also means that any DNS record used to send email traffic must be DNS-only to bypass the Cloudflare network. Check [Identifying subdomains compatible with Cloudflare's proxy](/dns/proxy-status/) for more details.
## Contact your mail provider for assistance
@@ -36,7 +36,7 @@ If your email does not work shortly after editing DNS records, contact your mail
## dc-######### subdomain
-The dc-##### subdomain is added to overcome a conflict created when your `SRV` or `MX` record resolves to a domain configured to [proxy](/dns/manage-dns-records/reference/proxied-dns-records) to Cloudflare.
+The dc-##### subdomain is added to overcome a conflict created when your `SRV` or `MX` record resolves to a domain configured to [proxy](/dns/proxy-status/) to Cloudflare.
Therefore, Cloudflare will create a `dc-#####` DNS record that resolves to the origin IP address. The `dc-#####` record ensures that traffic for your `MX` or `SRV` record is not proxied (it directly resolves to your origin IP) while the Cloudflare proxy works for all other traffic.
@@ -62,7 +62,7 @@ Removing the `dc-######` record is only possible via one of these methods:
:::caution
If your mail server resides on the same IP as your web server, your MX
-record will expose your origin IP address.
+record will expose your origin IP address.
:::
***
diff --git a/src/content/docs/dns/troubleshooting/faq.mdx b/src/content/docs/dns/troubleshooting/faq.mdx
index 75def3eddd7f657..537fe113266322a 100644
--- a/src/content/docs/dns/troubleshooting/faq.mdx
+++ b/src/content/docs/dns/troubleshooting/faq.mdx
@@ -198,7 +198,7 @@ Alternatively, you can also:
## What IP should I use for parked domain / redirect-only / originless setup?
-In the case a placeholder address is needed for “originless” setups, use the IPv6 reserved address `100::` or the IPv4 reserved address `192.0.2.0` in your Cloudflare DNS to create a [proxied DNS record](/dns/manage-dns-records/reference/proxied-dns-records/) that can use Cloudflare [Redirect Rules](/rules/url-forwarding/), [Page Rules](/rules/page-rules/), or [Cloudflare Workers](/workers/).
+In the case a placeholder address is needed for “originless” setups, use the IPv6 reserved address `100::` or the IPv4 reserved address `192.0.2.0` in your Cloudflare DNS to create a [proxied DNS record](/dns/proxy-status/) that can use Cloudflare [Redirect Rules](/rules/url-forwarding/), [Page Rules](/rules/page-rules/), or [Cloudflare Workers](/workers/).
---
diff --git a/src/content/docs/dns/zone-setups/conversions/convert-full-to-secondary.mdx b/src/content/docs/dns/zone-setups/conversions/convert-full-to-secondary.mdx
index d5568966b6242c4..29a5597859606ad 100644
--- a/src/content/docs/dns/zone-setups/conversions/convert-full-to-secondary.mdx
+++ b/src/content/docs/dns/zone-setups/conversions/convert-full-to-secondary.mdx
@@ -21,7 +21,7 @@ Follow the steps below to achieve this conversion.
3. At your Cloudflare zone, use the [Update DNS Settings](/api/resources/dns/subresources/settings/methods/edit/) endpoint to enable [secondary DNS overrides](/dns/zone-setups/zone-transfers/cloudflare-as-secondary/proxy-traffic/). Set the value for `secondary_overrides` to `true`.
:::note
- Enabling secondary DNS overrides is necessary in case you have DNS records that you wish to keep proxied.
+ Enabling secondary DNS overrides is necessary in case you have DNS records that you wish to keep proxied.
:::
## 2. Prepare the zone transfers
diff --git a/src/content/docs/dns/zone-setups/conversions/convert-partial-to-full.mdx b/src/content/docs/dns/zone-setups/conversions/convert-partial-to-full.mdx
index 3d0dcf0efaf469f..7c0f845ff1f5f22 100644
--- a/src/content/docs/dns/zone-setups/conversions/convert-partial-to-full.mdx
+++ b/src/content/docs/dns/zone-setups/conversions/convert-partial-to-full.mdx
@@ -49,7 +49,7 @@ In the Cloudflare dashboard:
1. Go to **DNS** > **Settings**.
2. Select **Convert to Primary DNS** (this will not affect how your traffic is proxied).
-3. Import your records into Cloudflare DNS and verify that they have been configured correctly. Usually, you will want to import [unproxied records](/dns/manage-dns-records/reference/proxied-dns-records/).
+3. Import your records into Cloudflare DNS and verify that they have been configured correctly. Usually, you will want to import [unproxied records](/dns/proxy-status/).
## 4. Activate full setup
@@ -67,4 +67,4 @@ Cloudflare recommends that you also [enable DNSSEC](/dns/dnssec/) from **DNS** >
Once all the DNS TTLs expire, all your DNS queries will be answered by the Cloudflare global network.
-Start proxying additional hostnames by enabling the [proxy status](/dns/manage-dns-records/reference/proxied-dns-records/) (also known as orange-clouding) for specific DNS records. Previously proxied subdomains will continue to be proxied without any interruption.
+Start proxying additional hostnames by enabling the [proxy status](/dns/proxy-status/) (also known as orange-clouding) for specific DNS records. Previously proxied subdomains will continue to be proxied without any interruption.
diff --git a/src/content/docs/dns/zone-setups/conversions/convert-secondary-to-full.mdx b/src/content/docs/dns/zone-setups/conversions/convert-secondary-to-full.mdx
index baaa8a79c43fa34..ee4c06090be9cb2 100644
--- a/src/content/docs/dns/zone-setups/conversions/convert-secondary-to-full.mdx
+++ b/src/content/docs/dns/zone-setups/conversions/convert-secondary-to-full.mdx
@@ -22,7 +22,7 @@ Follow the steps below to achieve this conversion.
## 2. Prepare for the conversion
1. Plan for [DNSSEC settings](/dns/zone-setups/zone-transfers/cloudflare-as-secondary/dnssec-for-secondary/). If you were previously using [Pre-signed DNSSEC](/dns/zone-setups/zone-transfers/cloudflare-as-secondary/dnssec-for-secondary/#set-up-pre-signed-dnssec), consider disabling DNSSEC before starting the conversion.
-2. Make sure the [proxy statuses](/dns/manage-dns-records/reference/proxied-dns-records/) of your DNS records are consistently set:
+2. Make sure the [proxy statuses](/dns/proxy-status/) of your DNS records are consistently set:
- If you have [Secondary DNS override](/dns/zone-setups/zone-transfers/cloudflare-as-secondary/proxy-traffic/), confirm each record has the appropriate setting (**Proxied** or **DNS only**).
- If [Secondary DNS override](/dns/zone-setups/zone-transfers/cloudflare-as-secondary/proxy-traffic/) is disabled, make sure all of your DNS records are listed as **DNS only**.
diff --git a/src/content/docs/dns/zone-setups/partial-setup/setup.mdx b/src/content/docs/dns/zone-setups/partial-setup/setup.mdx
index ded168fad124e8a..1ba05f09048ef6f 100644
--- a/src/content/docs/dns/zone-setups/partial-setup/setup.mdx
+++ b/src/content/docs/dns/zone-setups/partial-setup/setup.mdx
@@ -27,7 +27,7 @@ A partial setup is only available to customers on a Business or Enterprise plan.
3. If you are onboarding a new domain to Cloudflare, ignore the instructions to change your nameservers.
4. (Recommended) Plan for SSL/TLS certificates:
- If you are only using [Universal SSL](/ssl/edge-certificates/universal-ssl/) prior to converting your zone, a certificate will be provisioned for your subdomains only after each of the respective DNS records ([step 3](#3-add-dns-records) below) are [proxied](/dns/manage-dns-records/reference/proxied-dns-records/). Refer to [Enable Universal SSL](/ssl/edge-certificates/universal-ssl/enable-universal-ssl/#partial-dns-setup) for details.
+ If you are only using [Universal SSL](/ssl/edge-certificates/universal-ssl/) prior to converting your zone, a certificate will be provisioned for your subdomains only after each of the respective DNS records ([step 3](#3-add-dns-records) below) are [proxied](/dns/proxy-status/). Refer to [Enable Universal SSL](/ssl/edge-certificates/universal-ssl/enable-universal-ssl/#partial-dns-setup) for details.
If your domain is sensitive to downtime, instead of using Universal SSL, consider using an [advanced certificate](/ssl/edge-certificates/advanced-certificate-manager/) with [delegated DCV](/ssl/edge-certificates/changing-dcv-method/methods/delegated-dcv/#setup).
diff --git a/src/content/docs/dns/zone-setups/reference/domain-status.mdx b/src/content/docs/dns/zone-setups/reference/domain-status.mdx
index e70299b86f29ca0..48f6fcc54b7fcb8 100644
--- a/src/content/docs/dns/zone-setups/reference/domain-status.mdx
+++ b/src/content/docs/dns/zone-setups/reference/domain-status.mdx
@@ -51,7 +51,7 @@ If your zone is in **Setup** for over 28 days, it will be automatically [deleted
Your zone status is presented as **Pending Nameserver Update** on the Cloudflare dashboard.
-Cloudflare responds to DNS queries for pending zones on the assigned Cloudflare nameserver IPs, but your zone is still not active and cannot be used to [proxy traffic to Cloudflare](/dns/manage-dns-records/reference/proxied-dns-records/#pending-domains).
+Cloudflare responds to DNS queries for pending zones on the assigned Cloudflare nameserver IPs, but your zone is still not active and cannot be used to [proxy traffic to Cloudflare](/dns/proxy-status/limitations/#pending-domains).
If your domain is on the Free plan, it will be deleted automatically if it is not activated within 28 days. Any pending zone with a paid plan (Pro, Business, Enterprise) will remain pending until the plan is removed, or the domain is activated or [removed from Cloudflare](/fundamentals/setup/manage-domains/remove-domain/).
diff --git a/src/content/docs/dns/zone-setups/zone-transfers/cloudflare-as-primary/setup.mdx b/src/content/docs/dns/zone-setups/zone-transfers/cloudflare-as-primary/setup.mdx
index 187e6b1cb475958..d1610048c685726 100644
--- a/src/content/docs/dns/zone-setups/zone-transfers/cloudflare-as-primary/setup.mdx
+++ b/src/content/docs/dns/zone-setups/zone-transfers/cloudflare-as-primary/setup.mdx
@@ -25,7 +25,7 @@ Depending on the [settings](/dns/cname-flattening/set-up-cname-flattening/) you
### Proxied records
-For each [proxied DNS record](/dns/manage-dns-records/reference/proxied-dns-records/) in your zone, Cloudflare will transfer out two `A` and two `AAAA` records.
+For each [proxied DNS record](/dns/proxy-status/) in your zone, Cloudflare will transfer out two `A` and two `AAAA` records.
These records correspond to the [Cloudflare IP addresses](https://www.cloudflare.com/ips) used for proxying traffic.
diff --git a/src/content/docs/dns/zone-setups/zone-transfers/cloudflare-as-secondary/dnssec-for-secondary.mdx b/src/content/docs/dns/zone-setups/zone-transfers/cloudflare-as-secondary/dnssec-for-secondary.mdx
index b4a6cb5bb731316..8f20b885bc3991b 100644
--- a/src/content/docs/dns/zone-setups/zone-transfers/cloudflare-as-secondary/dnssec-for-secondary.mdx
+++ b/src/content/docs/dns/zone-setups/zone-transfers/cloudflare-as-secondary/dnssec-for-secondary.mdx
@@ -8,7 +8,7 @@ head:
content: DNSSEC for Secondary DNS
---
-import { Render, TabItem, Tabs } from "~/components";
+import { Render, TabItem, Tabs, GlossaryTooltip } from "~/components";
[DNS Security Extensions (DNSSEC)](https://www.cloudflare.com/learning/dns/dns-security/) increase security by adding cryptographic signatures to DNS records. When you use multiple providers and Cloudflare is secondary, you have a few options to enable DNSSEC for records served by Cloudflare.
@@ -82,9 +82,7 @@ If your primary DNS provider uses NSEC3 instead of NSEC, Cloudflare will fail to
2. Enable DNSSEC for your zone at Cloudflare, using either the Dashboard or the API.
:::caution
-
-Pre-signed DNSSEC does not support [Secondary DNS Overrides](/dns/zone-setups/zone-transfers/cloudflare-as-secondary/proxy-traffic/) nor [Load Balancing](/load-balancing/).
-
+Pre-signed DNSSEC does not support [Secondary DNS Overrides](/dns/zone-setups/zone-transfers/cloudflare-as-secondary/proxy-traffic/) nor [Load Balancing](/load-balancing/). Once you enable pre-signed DNSSEC, Cloudflare will treat all your DNS records as DNS-only.
:::
diff --git a/src/content/docs/fundamentals/concepts/how-cloudflare-works.mdx b/src/content/docs/fundamentals/concepts/how-cloudflare-works.mdx
index 9141f4cd566a74c..4f935698e5453d4 100644
--- a/src/content/docs/fundamentals/concepts/how-cloudflare-works.mdx
+++ b/src/content/docs/fundamentals/concepts/how-cloudflare-works.mdx
@@ -18,7 +18,7 @@ To optimize your website or web application, Cloudflare acts as a [DNS provider]
We support a few different [setups](/dns/zone-setups/) for using Cloudflare as a DNS provider. A [full DNS setup](/dns/zone-setups/full-setup/) is the most common, where Cloudflare becomes the primary authoritative DNS provider for your domain, after you [connect your domain to Cloudflare](/fundamentals/setup/manage-domains/connect-your-domain/). This means we respond to DNS queries for your domain, and you [manage its DNS records](/dns/manage-dns-records/how-to/create-dns-records/) via the Cloudflare dashboard or API.
-When Cloudflare receives a DNS query for your domain, our response is determined by the configuration [set in your DNS table](/dns/manage-dns-records/how-to/create-dns-records/), including the value of the record, the record's [proxy eligibility](/dns/manage-dns-records/reference/proxied-dns-records/#proxy-eligibility), and its [proxy status](/dns/manage-dns-records/reference/proxied-dns-records/).
+When Cloudflare receives a DNS query for your domain, our response is determined by the configuration [set in your DNS table](/dns/manage-dns-records/how-to/create-dns-records/), including the value of the record, the record's [proxy eligibility](/dns/proxy-status/limitations/#proxy-eligibility), and its [proxy status](/dns/proxy-status/).
If the [domain's status](/dns/zone-setups/reference/domain-status/) is active and the queried DNS record is set to `proxied`, then Cloudflare responds with an [anycast IP address](/fundamentals/concepts/cloudflare-ip-addresses/), **instead of** the value defined in your DNS table. This effectively re-routes the `HTTP/HTTPS` requests to the Cloudflare network, instead of directly reaching the targeted the [origin server](https://www.cloudflare.com/learning/cdn/glossary/origin-server/).
@@ -26,7 +26,7 @@ In contrast, if the queried DNS record is set to `DNS only`, meaning the proxy i
### How Cloudflare works as a reverse proxy
-All DNS records in your DNS table have a [proxy status](/dns/manage-dns-records/reference/proxied-dns-records/), indicating whether or not `HTTP/HTTPS` traffic for that record will route through Cloudflare on its way between the client and the origin server. If the [domain's status](/dns/zone-setups/reference/domain-status/) is active, all `HTTP/HTTPS` requests for [proxied DNS records](/dns/manage-dns-records/reference/proxied-dns-records/#proxied-records) route through Cloudflare.
+All DNS records in your DNS table have a [proxy status](/dns/proxy-status/), indicating whether or not `HTTP/HTTPS` traffic for that record will route through Cloudflare on its way between the client and the origin server. If the [domain's status](/dns/zone-setups/reference/domain-status/) is active, all `HTTP/HTTPS` requests for [proxied DNS records](/dns/proxy-status/) route through Cloudflare.
As these requests pass through our network, they are processed according to your [configuration](/fundamentals/setup/manage-domains/connect-your-domain/#domain-configurations). Subsequently, legitimate requests are forwarded to the origin server.
@@ -34,7 +34,7 @@ Refer to our [Load Balancing reference architecture](/reference-architecture/arc
:::note
-Proxying is on by default for records that serve `HTTP/HTTPS` traffic (`A`, `AAAA`, and `CNAME` records). To proxy `HTTP/HTTPS` traffic on [non-standard ports](/fundamentals/reference/network-ports/) or to proxy a `TCP-` or `UDP-` based application, use [Cloudflare Spectrum](/spectrum/).
+Proxying is on by default for records that serve `HTTP/HTTPS` traffic (`A`, `AAAA`, and `CNAME` records). To proxy `HTTP/HTTPS` traffic on [non-standard ports](/fundamentals/reference/network-ports/) or to proxy a `TCP-` or `UDP-` based application, use [Cloudflare Spectrum](/spectrum/).
:::
In the Cloudflare dashboard, find out which DNS records are proxied by selecting your domain and navigating to the **DNS records** tab.
diff --git a/src/content/docs/fundamentals/reference/network-ports.mdx b/src/content/docs/fundamentals/reference/network-ports.mdx
index c2748f6392ce6db..8ea582ad02e8cd0 100644
--- a/src/content/docs/fundamentals/reference/network-ports.mdx
+++ b/src/content/docs/fundamentals/reference/network-ports.mdx
@@ -59,7 +59,7 @@ Enterprise customers that want to enable caching on these ports can do so by cre
If traffic for your domain is destined for a different port than the ones listed above, for example you have an SSH server that listens for incoming connections on port 22, either:
-- Change your subdomain to be [gray-clouded](/dns/manage-dns-records/reference/proxied-dns-records/), via your Cloudflare DNS app, to bypass the Cloudflare network and connect directly to your origin.
+- Change your subdomain to be [gray-clouded](/dns/proxy-status/), via your Cloudflare DNS app, to bypass the Cloudflare network and connect directly to your origin.
- Configure a [Spectrum application](/spectrum/get-started/) for the hostname running the server. Spectrum supports all ports. Spectrum for all TCP and UDP ports is only available on the Enterprise plan. If you would like to know more about Cloudflare plans, please reach out to your Cloudflare account team.
## How to block traffic on additional ports
diff --git a/src/content/docs/fundamentals/reference/policies-compliances/content-security-policies.mdx b/src/content/docs/fundamentals/reference/policies-compliances/content-security-policies.mdx
index 1666aecc73a22d3..4c3ddeafe1ae8bf 100644
--- a/src/content/docs/fundamentals/reference/policies-compliances/content-security-policies.mdx
+++ b/src/content/docs/fundamentals/reference/policies-compliances/content-security-policies.mdx
@@ -28,7 +28,7 @@ Cloudflare does not:
If you require the CSP headers to be changed or added, you can change them using some Cloudflare products:
-- If your website is [proxied](/dns/manage-dns-records/reference/proxied-dns-records/) through Cloudflare, you can use a [Response Header Modification rule](/rules/transform/response-header-modification/) to replace or add CSP headers.
+- If your website is [proxied](/dns/proxy-status/) through Cloudflare, you can use a [Response Header Modification rule](/rules/transform/response-header-modification/) to replace or add CSP headers.
- If your website is hosted using [Cloudflare Pages](/pages/), you can set a [`_headers file`](/pages/configuration/headers/) to modify or add CSP headers.
### Product requirements
diff --git a/src/content/docs/fundamentals/security/trace-request/index.mdx b/src/content/docs/fundamentals/security/trace-request/index.mdx
index 899cab0439f4523..b8bcc7c92ab42de 100644
--- a/src/content/docs/fundamentals/security/trace-request/index.mdx
+++ b/src/content/docs/fundamentals/security/trace-request/index.mdx
@@ -14,7 +14,7 @@ import { DirectoryListing, Plan } from "~/components"
-Cloudflare Trace (beta) follows an HTTP/S request through Cloudflare’s reverse proxy to your origin. Use this tool to understand how different Cloudflare configurations interact with an HTTP/S request for one of your hostnames. If the hostname you are testing is not [proxied by Cloudflare](/dns/manage-dns-records/reference/proxied-dns-records/), Cloudflare Trace will still return all the configurations that Cloudflare would have applied to the request.
+Cloudflare Trace (beta) follows an HTTP/S request through Cloudflare’s reverse proxy to your origin. Use this tool to understand how different Cloudflare configurations interact with an HTTP/S request for one of your hostnames. If the hostname you are testing is not [proxied by Cloudflare](/dns/proxy-status/), Cloudflare Trace will still return all the configurations that Cloudflare would have applied to the request.
You can define specific request properties to simulate different conditions for an HTTP/S request. Inactive rules configured in Cloudflare products will not be evaluated.
diff --git a/src/content/docs/fundamentals/setup/manage-domains/connect-your-domain.mdx b/src/content/docs/fundamentals/setup/manage-domains/connect-your-domain.mdx
index eabccb8d347fe08..a503c58c014f8e8 100644
--- a/src/content/docs/fundamentals/setup/manage-domains/connect-your-domain.mdx
+++ b/src/content/docs/fundamentals/setup/manage-domains/connect-your-domain.mdx
@@ -12,14 +12,14 @@ Your domain is always in your control - connecting your domain to Cloudflare doe
:::note
-For a domain purchased through [Cloudflare Registrar](/registrar/), we take care of the connection process on your behalf.
+For a domain purchased through [Cloudflare Registrar](/registrar/), we take care of the connection process on your behalf.
:::
## Domain configurations
When you connect your domain to Cloudflare, a set of default configurations is generated for our [application services](/products/?product-group=Application+performance%2CApplication+security%2CCloudflare+essentials), based on the domain [plan](https://www.cloudflare.com/plans/). These services determine how Cloudflare treats traffic for your domain.
-Your configurations will only affect live traffic (that is, when your domain's status is [**active**](/fundamentals/setup/manage-domains/connect-your-domain/#activating-your-domain) and its traffic is [**proxied**](/dns/manage-dns-records/reference/proxied-dns-records/#proxy-eligibility)). Notably, your configurations can be altered prior to activating or enabling the proxy status on the DNS records for the hostnames you want to proxy.
+Your configurations will only affect live traffic (that is, when your domain's status is [**active**](/fundamentals/setup/manage-domains/connect-your-domain/#activating-your-domain) and its traffic is [**proxied**](/dns/proxy-status/)). Notably, your configurations can be altered prior to activating or enabling the proxy status on the DNS records for the hostnames you want to proxy.
Use the Cloudflare dashboard or [API](/api/) to modify, test, or [version](/version-management/) your configuration.
@@ -27,7 +27,7 @@ Use the Cloudflare dashboard or [API](/api/) to modify, test, or [version](/vers
Some configurations can be set at the account-level (if available in your plan), which can be applied to all domains under your account.
-Account-level configurations are applied to incoming traffic before your domain-level configurations. Refer to [traffic sequence](https://blog.cloudflare.com/traffic-sequence-which-product-runs-first) to learn more.
+Account-level configurations are applied to incoming traffic before your domain-level configurations. Refer to [traffic sequence](https://blog.cloudflare.com/traffic-sequence-which-product-runs-first) to learn more.
:::
## Activating your domain
diff --git a/src/content/docs/learning-paths/get-started-free/onboarding/proxy-dns-records.mdx b/src/content/docs/learning-paths/get-started-free/onboarding/proxy-dns-records.mdx
index baffbd7e0112520..5f4caeec1dc0f19 100644
--- a/src/content/docs/learning-paths/get-started-free/onboarding/proxy-dns-records.mdx
+++ b/src/content/docs/learning-paths/get-started-free/onboarding/proxy-dns-records.mdx
@@ -36,13 +36,13 @@ DNS records are instructions that live in authoritative DNS servers and provide
* [Reverse proxy (definition)](https://www.cloudflare.com/learning/cdn/glossary/reverse-proxy/)
* [How Cloudflare works](/fundamentals/concepts/how-cloudflare-works/)
-* [DNS record proxy status](/dns/manage-dns-records/reference/proxied-dns-records/)
+* [DNS record proxy status](/dns/proxy-status/)
## Prerequisites
-Before proxying your records, review [our guide](/dns/manage-dns-records/reference/proxied-dns-records/) that explains what proxying does and what limitations it has.
+Before proxying your records, review [our guide](/dns/proxy-status/) that explains what proxying does and what limitations it has.
You may also need to [allow Cloudflare IP addresses](/fundamentals/concepts/cloudflare-ip-addresses/) at your origin to prevent requests from being blocked.
diff --git a/src/content/docs/learning-paths/get-started-free/performance/default-improvements.mdx b/src/content/docs/learning-paths/get-started-free/performance/default-improvements.mdx
index f8e77aa54019b06..2666949a833b717 100644
--- a/src/content/docs/learning-paths/get-started-free/performance/default-improvements.mdx
+++ b/src/content/docs/learning-paths/get-started-free/performance/default-improvements.mdx
@@ -19,7 +19,7 @@ When your site is using Cloudflare, your site always benefits from Cloudflare's
## Caching
-When your DNS records are [proxied](/dns/manage-dns-records/reference/proxied-dns-records/) through Cloudflare, Cloudflare caches [certain types of resources](/cache/concepts/default-cache-behavior/#default-cached-file-extensions) automatically (which improves application performance).
+When your DNS records are [proxied](/dns/proxy-status/) through Cloudflare, Cloudflare caches [certain types of resources](/cache/concepts/default-cache-behavior/#default-cached-file-extensions) automatically (which improves application performance).
diff --git a/src/content/docs/learning-paths/get-started-free/security/default-improvements.mdx b/src/content/docs/learning-paths/get-started-free/security/default-improvements.mdx
index 2802c50bbbdb01b..6e2618eacd82743 100644
--- a/src/content/docs/learning-paths/get-started-free/security/default-improvements.mdx
+++ b/src/content/docs/learning-paths/get-started-free/security/default-improvements.mdx
@@ -11,7 +11,7 @@ head:
import { Render } from "~/components"
-When your DNS records are [proxied](/dns/manage-dns-records/reference/proxied-dns-records/) through Cloudflare, Cloudflare provides free and unmetered DDoS protection and other protection measures through the Web Application Firewall (WAF).
+When your DNS records are [proxied](/dns/proxy-status/) through Cloudflare, Cloudflare provides free and unmetered DDoS protection and other protection measures through the Web Application Firewall (WAF).
## DDoS protection
diff --git a/src/content/docs/learning-paths/get-started/performance/default-improvements.mdx b/src/content/docs/learning-paths/get-started/performance/default-improvements.mdx
index b2352cc0384ceb5..3e9c72d08402342 100644
--- a/src/content/docs/learning-paths/get-started/performance/default-improvements.mdx
+++ b/src/content/docs/learning-paths/get-started/performance/default-improvements.mdx
@@ -19,7 +19,7 @@ When your site is using Cloudflare, your site always benefits from Cloudflare's
## Caching
-When your DNS records are [proxied](/dns/manage-dns-records/reference/proxied-dns-records/) through Cloudflare, Cloudflare caches [certain types of resources](/cache/concepts/default-cache-behavior/#default-cached-file-extensions) automatically (which improves application performance).
+When your DNS records are [proxied](/dns/proxy-status/) through Cloudflare, Cloudflare caches [certain types of resources](/cache/concepts/default-cache-behavior/#default-cached-file-extensions) automatically (which improves application performance).
How does caching improve performance?
diff --git a/src/content/docs/learning-paths/get-started/security/default-improvements.mdx b/src/content/docs/learning-paths/get-started/security/default-improvements.mdx
index 2802c50bbbdb01b..6e2618eacd82743 100644
--- a/src/content/docs/learning-paths/get-started/security/default-improvements.mdx
+++ b/src/content/docs/learning-paths/get-started/security/default-improvements.mdx
@@ -11,7 +11,7 @@ head:
import { Render } from "~/components"
-When your DNS records are [proxied](/dns/manage-dns-records/reference/proxied-dns-records/) through Cloudflare, Cloudflare provides free and unmetered DDoS protection and other protection measures through the Web Application Firewall (WAF).
+When your DNS records are [proxied](/dns/proxy-status/) through Cloudflare, Cloudflare provides free and unmetered DDoS protection and other protection measures through the Web Application Firewall (WAF).
## DDoS protection
diff --git a/src/content/docs/learning-paths/mtls/concepts/mtls-cloudflare.mdx b/src/content/docs/learning-paths/mtls/concepts/mtls-cloudflare.mdx
index 6f8008624065acc..d045e13d80ac063 100644
--- a/src/content/docs/learning-paths/mtls/concepts/mtls-cloudflare.mdx
+++ b/src/content/docs/learning-paths/mtls/concepts/mtls-cloudflare.mdx
@@ -6,7 +6,7 @@ sidebar:
label: mTLS with Cloudflare
---
-In this implementation guide we will be focusing on the L7 / Application Layer security for HTTP/S requests targeting [proxied](/dns/manage-dns-records/reference/proxied-dns-records/) hostnames, including the [first connection](/ssl/origin-configuration/ssl-modes/) between client and Cloudflare.
+In this implementation guide we will be focusing on the L7 / Application Layer security for HTTP/S requests targeting [proxied](/dns/proxy-status/) hostnames, including the [first connection](/ssl/origin-configuration/ssl-modes/) between client and Cloudflare.
Some common mTLS use cases are:
diff --git a/src/content/docs/learning-paths/mtls/mtls-app-security/index.mdx b/src/content/docs/learning-paths/mtls/mtls-app-security/index.mdx
index df5bb0b5d6f9d3c..242ec585ef7e9ec 100644
--- a/src/content/docs/learning-paths/mtls/mtls-app-security/index.mdx
+++ b/src/content/docs/learning-paths/mtls/mtls-app-security/index.mdx
@@ -6,7 +6,7 @@ sidebar:
---
:::note
-This implementation requires an active [Zone](/fundamentals/setup/accounts-and-zones/#zones), a valid [Edge Certificate](/ssl/edge-certificates/), and [proxied](/dns/manage-dns-records/reference/proxied-dns-records/) hostname.
+This implementation requires an active [Zone](/fundamentals/setup/accounts-and-zones/#zones), a valid [Edge Certificate](/ssl/edge-certificates/), and [proxied](/dns/proxy-status/) hostname.
API Shield is not required to use mTLS.
diff --git a/src/content/docs/learning-paths/mtls/mtls-workers/index.mdx b/src/content/docs/learning-paths/mtls/mtls-workers/index.mdx
index 9039ed9908a28b5..87c64bfc423e0b0 100644
--- a/src/content/docs/learning-paths/mtls/mtls-workers/index.mdx
+++ b/src/content/docs/learning-paths/mtls/mtls-workers/index.mdx
@@ -9,7 +9,7 @@ sidebar:
Cloudflare Workers runs after the Cloudflare WAF and Cloudflare Access. Review the [Traffic Sequence](https://blog.cloudflare.com/traffic-sequence-which-product-runs-first/) visible on the Cloudflare dashboard.
:::
-[mTLS for Workers](/workers/runtime-apis/bindings/mtls/) can be used for requests made to services that are [not proxied](/dns/manage-dns-records/reference/proxied-dns-records/#dns-only-records) on Cloudflare, or alternatively used to gain visibility into certificate details and optionally add your own programmatic logic for further checks or actions.
+[mTLS for Workers](/workers/runtime-apis/bindings/mtls/) can be used for requests made to services that are [not proxied](/dns/proxy-status/#dns-only-records) on Cloudflare, or alternatively used to gain visibility into certificate details and optionally add your own programmatic logic for further checks or actions.
## Expose mTLS headers
diff --git a/src/content/docs/learning-paths/prevent-ddos-attacks/baseline/proxy-dns-records.mdx b/src/content/docs/learning-paths/prevent-ddos-attacks/baseline/proxy-dns-records.mdx
index d29b88fdfb6dd20..0ec593bade18d0b 100644
--- a/src/content/docs/learning-paths/prevent-ddos-attacks/baseline/proxy-dns-records.mdx
+++ b/src/content/docs/learning-paths/prevent-ddos-attacks/baseline/proxy-dns-records.mdx
@@ -8,7 +8,7 @@ sidebar:
import { Render } from "~/components"
-The first - and often easiest - step of DDoS protection is making sure your DNS records are [proxied](/dns/manage-dns-records/reference/proxied-dns-records/) through Cloudflare.
+The first - and often easiest - step of DDoS protection is making sure your DNS records are [proxied](/dns/proxy-status/) through Cloudflare.
## How it works
diff --git a/src/content/docs/network/grpc-connections.mdx b/src/content/docs/network/grpc-connections.mdx
index 868e6348c192dac..d7697a44f136e30 100644
--- a/src/content/docs/network/grpc-connections.mdx
+++ b/src/content/docs/network/grpc-connections.mdx
@@ -7,7 +7,7 @@ title: gRPC connections
import { FeatureTable, Render } from "~/components"
-Cloudflare offers support for gRPC to protect your APIs on any [proxied gRPC endpoints](/dns/manage-dns-records/reference/proxied-dns-records/). The gRPC protocol helps build efficient APIs with smaller payloads for reduced bandwidth usage, decreased latency, and faster implementations.
+Cloudflare offers support for gRPC to protect your APIs on any [proxied gRPC endpoints](/dns/proxy-status/). The gRPC protocol helps build efficient APIs with smaller payloads for reduced bandwidth usage, decreased latency, and faster implementations.
## Availability
@@ -34,7 +34,7 @@ However, the following products have limited capabilities with gRPC requests:
* HTTP/2 must be advertised over ALPN.
* Use `application/grpc` or `application/grpc+
-Rules features require that you [proxy the DNS records](/dns/manage-dns-records/reference/proxied-dns-records/) of your domain (or subdomain) through Cloudflare.
+Rules features require that you [proxy the DNS records](/dns/proxy-status/) of your domain (or subdomain) through Cloudflare.
---
diff --git a/src/content/docs/rules/page-rules/how-to/override-url-or-ip-address.mdx b/src/content/docs/rules/page-rules/how-to/override-url-or-ip-address.mdx
index 3965c238505a303..c8f32ebd47a6a8f 100644
--- a/src/content/docs/rules/page-rules/how-to/override-url-or-ip-address.mdx
+++ b/src/content/docs/rules/page-rules/how-to/override-url-or-ip-address.mdx
@@ -49,7 +49,7 @@ To configure a resolve override in Page Rules, do the following:
:::caution[Important remarks]
-- Page Rules require a [proxied DNS record](/dns/manage-dns-records/reference/proxied-dns-records) to work. Page Rules will not apply to subdomains that do not exist in DNS or are not being directed to Cloudflare.
+- Page Rules require a [proxied DNS record](/dns/proxy-status/) to work. Page Rules will not apply to subdomains that do not exist in DNS or are not being directed to Cloudflare.
- The _Resolve Override_ setting only allows override of the hostname, not the path. If you need to modify the path also, you will need to either use a [Worker](/workers/runtime-apis/request/#the-cf-property-requestinitcfproperties) or combine the page rule with a [transform rule](/rules/transform/url-rewrite/).
diff --git a/src/content/docs/rules/page-rules/index.mdx b/src/content/docs/rules/page-rules/index.mdx
index 82c4c35109fd03f..4354edfa940ec1d 100644
--- a/src/content/docs/rules/page-rules/index.mdx
+++ b/src/content/docs/rules/page-rules/index.mdx
@@ -24,7 +24,7 @@ It is important to understand a few Page Rules behaviors.
### Page Rules require proxied DNS records
-Page Rules require a [proxied](/dns/manage-dns-records/reference/proxied-dns-records/) DNS record for your page rule to work. Page Rules will not apply to hostnames that do not exist in DNS or are not being directed to Cloudflare.
+Page Rules require a [proxied](/dns/proxy-status/) DNS record for your page rule to work. Page Rules will not apply to hostnames that do not exist in DNS or are not being directed to Cloudflare.
Depending on the record type, you can use different values for the target as a placeholder. Either one of these achieves the same outcome and you only need to create one:
diff --git a/src/content/docs/rules/page-rules/manage.mdx b/src/content/docs/rules/page-rules/manage.mdx
index 74310a6b52a381e..67c91f69ed76e15 100644
--- a/src/content/docs/rules/page-rules/manage.mdx
+++ b/src/content/docs/rules/page-rules/manage.mdx
@@ -43,7 +43,7 @@ You may also want to review the documentation on [wildcard matching](/rules/page
:::note[Notes]
-- Page Rules require a [proxied DNS record](/dns/manage-dns-records/reference/proxied-dns-records) to work. Page Rules will not apply to subdomains that do not exist in DNS or are not being directed to Cloudflare.
+- Page Rules require a [proxied DNS record](/dns/proxy-status/) to work. Page Rules will not apply to subdomains that do not exist in DNS or are not being directed to Cloudflare.
- Cloudflare does not support non-ASCII characters — such as punycode/unicode domain — in Page Rules. Instead, you could URL-encode the string using [Punycode converter](https://www.punycoder.com/).
:::
diff --git a/src/content/docs/security-center/security-insights/index.mdx b/src/content/docs/security-center/security-insights/index.mdx
index 2d7321ef6e99e0f..ada314679b7b7b8 100644
--- a/src/content/docs/security-center/security-insights/index.mdx
+++ b/src/content/docs/security-center/security-insights/index.mdx
@@ -43,7 +43,7 @@ Listed below are the specific insights currently available:
| [Unprotected Cloudflare Tunnels](/cloudflare-one/applications/configure-apps/self-hosted-public-app/#4-connect-your-origin-to-cloudflare) | We detect an application that is served by a Cloudflare Tunnel but not protected by a corresponding Access policy. |
| [Unproxied `A` Records](/dns/manage-dns-records/reference/dns-record-types/#a-and-aaaa) | This DNS record is not proxied by Cloudflare. Cloudflare can not protect this origin because it is exposed to the public Internet. |
| [Unproxied `AAAA` Records](/dns/manage-dns-records/reference/dns-record-types/#a-and-aaaa) | This DNS record is not proxied by Cloudflare. Cloudflare can not protect this origin because it is exposed to the public Internet. |
-| [Unproxied `CNAME` Records](/dns/manage-dns-records/reference/proxied-dns-records/#dns-only-records) | This DNS record is not proxied by Cloudflare. Cloudflare can not protect this origin because it is exposed to the public Internet. |
+| [Unproxied `CNAME` Records](/dns/proxy-status/#dns-only-records) | This DNS record is not proxied by Cloudflare. Cloudflare can not protect this origin because it is exposed to the public Internet. |
| [Users without MFA](/fundamentals/setup/account/account-security/2fa/) | We detect that a Cloudflare administrative user has not enabled multifactor authentication. |
| [Zones without WAF Managed Rules](/waf/managed-rules/) | We detect that this domain does not have the WAF's Managed Rules enabled. You are at risk from zero-day and other common vulnerabilities.
| [No Turnstile enabled](/turnstile/) | We detect that there is no Turnstile widget configured on the account.
diff --git a/src/content/docs/speed/optimization/other/signed-exchanges/enable-signed-exchange.mdx b/src/content/docs/speed/optimization/other/signed-exchanges/enable-signed-exchange.mdx
index 506f1dfddb90809..c74223da1ad133d 100644
--- a/src/content/docs/speed/optimization/other/signed-exchanges/enable-signed-exchange.mdx
+++ b/src/content/docs/speed/optimization/other/signed-exchanges/enable-signed-exchange.mdx
@@ -17,7 +17,7 @@ Before enabling Cloudflare Automatic Signed Exchange, refer to the following req
* Read the [SXGs caveats](/speed/optimization/other/signed-exchanges/signed-exchanges-caveats/) to check requirements regarding request and response headers.
* SXGs are available for zones with a Pro or higher plan. SXGs are also available for zones on a Free plan with an APO subscription.
-* SXGs only work with zones that have their nameservers managed by Cloudflare. Refer to [Change your nameservers](/dns/zone-setups/full-setup/setup/) to learn how to change your domain nameservers to Cloudflare. You will also have to confirm that Cloudflare is [proxying your traffic](/dns/manage-dns-records/reference/proxied-dns-records/).
+* SXGs only work with zones that have their nameservers managed by Cloudflare. Refer to [Change your nameservers](/dns/zone-setups/full-setup/setup/) to learn how to change your domain nameservers to Cloudflare. You will also have to confirm that Cloudflare is [proxying your traffic](/dns/proxy-status/).
* Zone certificates need to be managed by Cloudflare.
:::note
diff --git a/src/content/docs/ssl/edge-certificates/additional-options/http-strict-transport-security.mdx b/src/content/docs/ssl/edge-certificates/additional-options/http-strict-transport-security.mdx
index d325a26cdd4b20e..1fc89a0390777c1 100644
--- a/src/content/docs/ssl/edge-certificates/additional-options/http-strict-transport-security.mdx
+++ b/src/content/docs/ssl/edge-certificates/additional-options/http-strict-transport-security.mdx
@@ -35,7 +35,7 @@ In order for HSTS to work as expected, you need to:
Once you enabled HSTS, avoid the following actions to ensure visitors can still access your site:
-- Changing your DNS records from [Proxied to DNS only](/dns/manage-dns-records/reference/proxied-dns-records/)
+- Changing your DNS records from [Proxied to DNS only](/dns/proxy-status/)
- [Pausing Cloudflare](/fundamentals/setup/manage-domains/pause-cloudflare/) on your site
- Pointing your nameservers away from Cloudflare
- Redirecting HTTPS to HTTP
diff --git a/src/content/docs/ssl/edge-certificates/changing-dcv-method/methods/http.mdx b/src/content/docs/ssl/edge-certificates/changing-dcv-method/methods/http.mdx
index db36222c0b4cb38..4d569c1b2815aae 100644
--- a/src/content/docs/ssl/edge-certificates/changing-dcv-method/methods/http.mdx
+++ b/src/content/docs/ssl/edge-certificates/changing-dcv-method/methods/http.mdx
@@ -25,7 +25,7 @@ If you encounter issues with HTTP DCV, refer to the [troubleshooting guide](/ssl
## Limitations
-HTTP DCV is only available for [proxied domains](/dns/manage-dns-records/reference/proxied-dns-records/). It is possible to manually add the DCV token to the `.well-known/pki-validation/` directory on your origin web server to pre-validate your certificates.
+HTTP DCV is only available for [proxied domains](/dns/proxy-status/). It is possible to manually add the DCV token to the `.well-known/pki-validation/` directory on your origin web server to pre-validate your certificates.
HTTP DCV validation does not work for wildcard certificates. If you want to use wildcard certificates, use [TXT validation](/ssl/edge-certificates/changing-dcv-method/methods/txt/).
@@ -47,7 +47,7 @@ To make sure your domain does not accidentally block HTTP DCV, review your Cloud
Your HTTP token will be available for the certificate authority as soon as you finish your [partial domain setup](/dns/zone-setups/partial-setup/setup/#3-add-dns-records).
-This means that you need to add a CNAME record to Cloudflare in your authoritative DNS and create [proxied DNS records](/dns/manage-dns-records/reference/proxied-dns-records/) for your hostname within Cloudflare.
+This means that you need to add a CNAME record to Cloudflare in your authoritative DNS and create [proxied DNS records](/dns/proxy-status/) for your hostname within Cloudflare.
This process may involve a few minutes of downtime.
diff --git a/src/content/docs/ssl/edge-certificates/universal-ssl/enable-universal-ssl.mdx b/src/content/docs/ssl/edge-certificates/universal-ssl/enable-universal-ssl.mdx
index 182ddd0e0f2ec5a..f47a2814b4d5f48 100644
--- a/src/content/docs/ssl/edge-certificates/universal-ssl/enable-universal-ssl.mdx
+++ b/src/content/docs/ssl/edge-certificates/universal-ssl/enable-universal-ssl.mdx
@@ -24,7 +24,7 @@ If your website or application is already live and cannot be uncovered while the
* Order an [advanced certificate](/ssl/edge-certificates/advanced-certificate-manager/) before proxying traffic to Cloudflare.
* Upload a [custom certificate](/ssl/edge-certificates/custom-certificates/) prior to migrating and then delete the certificate after your [Universal certificate is active](#verify-your-certificate-is-active).
-* Keep DNS records [**unproxied**](/dns/manage-dns-records/reference/proxied-dns-records) until your [certificate is active](#verify-your-certificate-is-active).
+* Keep DNS records [**unproxied**](/dns/proxy-status/) until your [certificate is active](#verify-your-certificate-is-active).
:::note
If your domain is using a **partial setup**, you will need to add [Domain Control Validation (DCV) records](/ssl/edge-certificates/changing-dcv-method/) to your authoritative DNS.
diff --git a/src/content/docs/ssl/keyless-ssl/configuration/public-dns.mdx b/src/content/docs/ssl/keyless-ssl/configuration/public-dns.mdx
index 8237fd3f309451f..16a618da7c11027 100644
--- a/src/content/docs/ssl/keyless-ssl/configuration/public-dns.mdx
+++ b/src/content/docs/ssl/keyless-ssl/configuration/public-dns.mdx
@@ -12,7 +12,7 @@ import { Render, TabItem, Tabs } from "~/components";
If you cannot use a [Cloudflare Tunnel setup](/ssl/keyless-ssl/configuration/cloudflare-tunnel/), you can also create a public DNS record for your key server.
-This setup option is not ideal as the DNS record cannot be [proxied](/dns/manage-dns-records/reference/proxied-dns-records/) and - as a result - will expose the origin IP address of your key server.
+This setup option is not ideal as the DNS record cannot be [proxied](/dns/proxy-status/) and - as a result - will expose the origin IP address of your key server.
---
diff --git a/src/content/docs/ssl/origin-configuration/authenticated-origin-pull/explanation.mdx b/src/content/docs/ssl/origin-configuration/authenticated-origin-pull/explanation.mdx
index db684b183534095..94b9b6e29b1ccd8 100644
--- a/src/content/docs/ssl/origin-configuration/authenticated-origin-pull/explanation.mdx
+++ b/src/content/docs/ssl/origin-configuration/authenticated-origin-pull/explanation.mdx
@@ -15,7 +15,7 @@ When visitors request content from your domain, Cloudflare first attempts to ser
Authenticated Origin Pulls makes sure that all of these `origin pulls` come from Cloudflare. Put another way, Authenticated Origin Pulls ensures that any HTTPS requests outside of Cloudflare will not receive a response from your origin.
-This block also applies for requests to [unproxied DNS records](/dns/manage-dns-records/reference/proxied-dns-records/#dns-only-records) in Cloudflare.
+This block also applies for requests to [unproxied DNS records](/dns/proxy-status/#dns-only-records) in Cloudflare.
:::caution
diff --git a/src/content/docs/ssl/origin-configuration/origin-ca/troubleshooting.mdx b/src/content/docs/ssl/origin-configuration/origin-ca/troubleshooting.mdx
index c0aa6232c89f68d..bcecfeda1140682 100644
--- a/src/content/docs/ssl/origin-configuration/origin-ca/troubleshooting.mdx
+++ b/src/content/docs/ssl/origin-configuration/origin-ca/troubleshooting.mdx
@@ -20,7 +20,7 @@ This also means that SSL Labs or similar SSL validators are expected to flag the
### Solutions
-- Make sure the [proxy status](/dns/manage-dns-records/reference/proxied-dns-records/) of your DNS records and any [page rules](/rules/page-rules/) (if existing) are set up correctly. If so, you can try to turn proxying off and then on again and wait a few minutes.
+- Make sure the [proxy status](/dns/proxy-status/) of your DNS records and any [page rules](/rules/page-rules/) (if existing) are set up correctly. If so, you can try to turn proxying off and then on again and wait a few minutes.
- If you must have direct connections between clients and your origin server, consider installing a publicly trusted certificate at your origin instead. This process is done outside of Cloudflare, where you should issue the certificate directly from a certificate authority (CA) of your choice. You can still use Full (strict) [encryption mode](/ssl/origin-configuration/ssl-modes/), as long as the CA is listed on the [Cloudflare trust store](https://github.com/cloudflare/cfssl_trust).
## The issuer of this certificate could not be found
diff --git a/src/content/docs/ssl/reference/browser-compatibility.mdx b/src/content/docs/ssl/reference/browser-compatibility.mdx
index 25036fd8553cac4..95baf0f0e388853 100644
--- a/src/content/docs/ssl/reference/browser-compatibility.mdx
+++ b/src/content/docs/ssl/reference/browser-compatibility.mdx
@@ -41,7 +41,7 @@ To support non-SNI requests, you can:
[HTTPS Service (HTTPS) records](/dns/manage-dns-records/reference/dns-record-types/#svcb-and-https) allow you to provide a client with information about how it should connect to a server upfront, without the need of an initial plaintext HTTP connection.
-If your domain has [HTTP/2 or HTTP/3 enabled](/speed/optimization/protocol/) and [proxied DNS records](/dns/manage-dns-records/reference/proxied-dns-records/), Cloudflare automatically generates HTTPS records on the fly, to advertise to clients how they should connect to your server.
+If your domain has [HTTP/2 or HTTP/3 enabled](/speed/optimization/protocol/) and [proxied DNS records](/dns/proxy-status/), Cloudflare automatically generates HTTPS records on the fly, to advertise to clients how they should connect to your server.
:::caution
Both HTTP/2 and HTTP/3 configurations also require that you have an SSL/TLS certificate served by Cloudflare. This means that disabling Universal SSL, for example, could impact this behavior.
diff --git a/src/content/docs/ssl/reference/certificate-and-hostname-priority.mdx b/src/content/docs/ssl/reference/certificate-and-hostname-priority.mdx
index 8f69749d9d62dcb..24b213a936423f1 100644
--- a/src/content/docs/ssl/reference/certificate-and-hostname-priority.mdx
+++ b/src/content/docs/ssl/reference/certificate-and-hostname-priority.mdx
@@ -61,7 +61,7 @@ Cloudflare determines this priority in the following order, assuming each record
1. [New custom hostname](/cloudflare-for-platforms/cloudflare-for-saas/start/getting-started/) (belonging to a SaaS provider)
2. [Legacy custom hostname](/cloudflare-for-platforms/cloudflare-for-saas/reference/versioning/) (belonging to a SaaS provider)
- 3. [DNS](/dns/manage-dns-records/reference/proxied-dns-records/) (belonging to the logical DNS zone)
+ 3. [DNS](/dns/proxy-status/) (belonging to the logical DNS zone)
2. **Wildcard hostname match**:
@@ -82,8 +82,8 @@ Customer1 uses Cloudflare as authoritative DNS for the zone `shop.example.com`.
#### Scenario 2
-A customer has a [proxied](/dns/manage-dns-records/reference/proxied-dns-records/) DNS record for their domain. The customer's zone on Cloudflare is using a Free plan.
+A customer has a [proxied](/dns/proxy-status/) DNS record for their domain. The customer's zone on Cloudflare is using a Free plan.
This customer is also using a SaaS provider that uses Cloudflare for SaaS. The SaaS provider is using a Cloudflare Enterprise plan.
-If the provider is using a wildcard custom hostname, then the original customer's plan limits will take precedence over the provider's plan limits (Cloudflare will treat the zone as a Free zone). To apply the Enterprise limits through Cloudflare for SaaS, the original customer's zone would need to either use a [DNS-only](/dns/manage-dns-records/reference/proxied-dns-records/) record or the SaaS provider would need to use an exact hostname match.
+If the provider is using a wildcard custom hostname, then the original customer's plan limits will take precedence over the provider's plan limits (Cloudflare will treat the zone as a Free zone). To apply the Enterprise limits through Cloudflare for SaaS, the original customer's zone would need to either use a [DNS-only](/dns/proxy-status/) record or the SaaS provider would need to use an exact hostname match.
diff --git a/src/content/docs/ssl/reference/migration-guides/entrust-distrust.mdx b/src/content/docs/ssl/reference/migration-guides/entrust-distrust.mdx
index 365ec5b3cf193e7..aecd0bf5fe1d816 100644
--- a/src/content/docs/ssl/reference/migration-guides/entrust-distrust.mdx
+++ b/src/content/docs/ssl/reference/migration-guides/entrust-distrust.mdx
@@ -31,7 +31,7 @@ This means that Entrust certificates will be issued using SSL.com roots.
Since Cloudflare also [partners with SSL.com](/ssl/reference/certificate-authorities/), you can switch from uploading custom certificates to using Cloudflare's managed certificates. This change brings the following advantages:
* Use [Advanced certificates](/ssl/edge-certificates/advanced-certificate-manager/) to have more control and flexibility while also benefitting from automatic renewals.
-* Enable [Total TLS](/ssl/edge-certificates/additional-options/total-tls/) to automatically issue certificates for your [proxied hostnames](/dns/manage-dns-records/reference/proxied-dns-records/).
+* Enable [Total TLS](/ssl/edge-certificates/additional-options/total-tls/) to automatically issue certificates for your [proxied hostnames](/dns/proxy-status/).
* Use [Delegated DCV](/ssl/edge-certificates/changing-dcv-method/methods/delegated-dcv/) to reduce manual intervention when renewing certificates for [partial (CNAME) setup](/dns/zone-setups/partial-setup/) zones.
* If you are a SaaS provider, extend the benefits of automatic renewals to your customers by specifying SSL.com as the certificate authority when [creating](/api/resources/custom_hostnames/methods/create/) or [editing](/api/resources/custom_hostnames/methods/edit/) your custom hostnames (API only).
diff --git a/src/content/docs/ssl/troubleshooting/general-ssl-errors.mdx b/src/content/docs/ssl/troubleshooting/general-ssl-errors.mdx
index 9d5c72bd02bf423..eff8c957c80ffe3 100644
--- a/src/content/docs/ssl/troubleshooting/general-ssl-errors.mdx
+++ b/src/content/docs/ssl/troubleshooting/general-ssl-errors.mdx
@@ -56,7 +56,7 @@ It is possible for [Cloudflare Support](/support/contacting-cloudflare-support/
- Purchase an [advanced certificate](/ssl/edge-certificates/advanced-certificate-manager) that covers `dev.www.example.com`.
- Upload a [Custom SSL certificate](/ssl/edge-certificates/custom-certificates) that covers `dev.www.example.com`.
- Enable [Total TLS](/ssl/edge-certificates/additional-options/total-tls).
-- If you have a valid certificate for the second level subdomains at your origin web server, change the DNS record for `dev.www` to [DNS Only (grey cloud)](/dns/manage-dns-records/reference/proxied-dns-records/).
+- If you have a valid certificate for the second level subdomains at your origin web server, change the DNS record for `dev.www` to [DNS Only (grey cloud)](/dns/proxy-status/).
---
@@ -83,7 +83,7 @@ Temporarily pausing Cloudflare will allow the HTTPS traffic to be served properl
If your domain is on a [full setup](/dns/zone-setups/full-setup/), review your DNS records.
-Cloudflare SSL/TLS certificates only apply for traffic [proxied through Cloudflare](/dns/manage-dns-records/reference/proxied-dns-records/). If SSL errors only occur for hostnames not proxied to Cloudflare, proxy those hostnames through Cloudflare.
+Cloudflare SSL/TLS certificates only apply for traffic [proxied through Cloudflare](/dns/proxy-status/). If SSL errors only occur for hostnames not proxied to Cloudflare, proxy those hostnames through Cloudflare.
#### Partial DNS setup
@@ -133,7 +133,7 @@ You are getting the error `NET::ERR_CERT_COMMON_NAME_INVALID` in your browser.
### Resolution
- Make sure that you are using a browser that supports [SNI (Server Name Indication)](https://www.cloudflare.com/learning/ssl/what-is-sni/). Refer to [Browser compatibility](/ssl/reference/browser-compatibility/) for more details.
-- Ensure that the hostname you are accessing is set to [proxied (orange cloud)](/dns/manage-dns-records/reference/proxied-dns-records/) in the DNS tab of your Cloudflare Dashboard.
+- Ensure that the hostname you are accessing is set to [proxied (orange cloud)](/dns/proxy-status/) in the DNS tab of your Cloudflare Dashboard.
- If the hostname you are accessing is a second level subdomain (such as `dev.www.example.com`), you'll need to either:
- Purchase an [advanced certificate](/ssl/edge-certificates/advanced-certificate-manager) that covers `dev.www.example.com`.
- Upload a [Custom SSL certificate](/ssl/edge-certificates/custom-certificates) that covers `dev.www.example.com`.
diff --git a/src/content/docs/ssl/troubleshooting/version-cipher-mismatch.mdx b/src/content/docs/ssl/troubleshooting/version-cipher-mismatch.mdx
index e455e01c1d71e70..f912d3f2ac5d523 100644
--- a/src/content/docs/ssl/troubleshooting/version-cipher-mismatch.mdx
+++ b/src/content/docs/ssl/troubleshooting/version-cipher-mismatch.mdx
@@ -70,7 +70,7 @@ If your certificate is still not **Active** after 24 hours, try the various trou
## Proxied DNS records
-Cloudflare Universal and Advanced certificates only cover the domains and subdomains you have [proxied through Cloudflare](/dns/manage-dns-records/reference/proxied-dns-records/).
+Cloudflare Universal and Advanced certificates only cover the domains and subdomains you have [proxied through Cloudflare](/dns/proxy-status/).
If the **Proxy status** of `A`, `AAAA`, or `CNAME` records for a hostname are **DNS-only**, you will need to change it to **Proxied**.
diff --git a/src/content/docs/stream/stream-live/custom-domains.mdx b/src/content/docs/stream/stream-live/custom-domains.mdx
index 6ced808c1bbcc2b..28f5ef6a77237af 100644
--- a/src/content/docs/stream/stream-live/custom-domains.mdx
+++ b/src/content/docs/stream/stream-live/custom-domains.mdx
@@ -17,7 +17,7 @@ With custom ingest domains, you can configure your RTMPS feeds to use an ingest
4. Under **Domain**, add your domain and click **Add domain**.
5. At your DNS provider, add a CNAME record that points to `live.cloudflare.com`. If your DNS provider is Cloudflare, this step is done automatically.
-If you are using Cloudflare for DNS, ensure the [**Proxy status**](/dns/manage-dns-records/reference/proxied-dns-records/) of your ingest domain is **DNS only** (grey-clouded).
+If you are using Cloudflare for DNS, ensure the [**Proxy status**](/dns/proxy-status/) of your ingest domain is **DNS only** (grey-clouded).
## Delete a custom domain
diff --git a/src/content/docs/support/troubleshooting/cloudflare-errors/troubleshooting-cloudflare-5xx-errors.mdx b/src/content/docs/support/troubleshooting/cloudflare-errors/troubleshooting-cloudflare-5xx-errors.mdx
index b38fc050499f35b..141c197704b2fc6 100644
--- a/src/content/docs/support/troubleshooting/cloudflare-errors/troubleshooting-cloudflare-5xx-errors.mdx
+++ b/src/content/docs/support/troubleshooting/cloudflare-errors/troubleshooting-cloudflare-5xx-errors.mdx
@@ -144,7 +144,7 @@ Error 520 occurs when the origin server returns an empty, unknown, or unexpected
:::note
A quick workaround while further investigating 520 errors is to either
-make the record [DNS-only](/dns/manage-dns-records/reference/proxied-dns-records)
+make the record [DNS-only](/dns/proxy-status/)
in the Cloudflare **DNS** app or [temporarily pause Cloudflare](/fundamentals/setup/manage-domains/pause-cloudflare/).
:::
@@ -218,7 +218,7 @@ Error 522 occurs when Cloudflare times out contacting the origin web server. Two
- Packets were dropped at your origin web server.
If you are using [Cloudflare Pages](/pages/), verify that you have a custom domain set up and that your CNAME record is pointed to your [custom Pages domain](/pages/configuration/custom-domains/#add-a-custom-domain).
-If you are using [Workers with a Custom Domain](/workers/configuration/routing/custom-domains/), performing a `fetch` to its own hostname will cause a 522 error. Consider using a [Route](/workers/configuration/routing/) or target another hostname instead.
+If you are using [Workers with a Custom Domain](/workers/configuration/routing/custom-domains/), performing a `fetch` to its own hostname will cause a 522 error. Consider using a [Route](/workers/configuration/routing/) or target another hostname instead.
If none of the above leads to a resolution, request the following information from your hosting provider or site administrator before [contacting Cloudflare support](/support/contacting-cloudflare-support/):
@@ -389,8 +389,8 @@ As a result, a valid SSL certificate is required at the origin.
## Error 530
-An HTTP error 530 is returned when Cloudflare is encountering an issue resolving the origin hostname.
-In this case the body of the response contains an [1XXX error](/support/troubleshooting/cloudflare-errors/troubleshooting-cloudflare-1xxx-errors) code.
+An HTTP error 530 is returned when Cloudflare is encountering an issue resolving the origin hostname.
+In this case the body of the response contains an [1XXX error](/support/troubleshooting/cloudflare-errors/troubleshooting-cloudflare-1xxx-errors) code.
Please refer to the specific [1XXX error](/support/troubleshooting/cloudflare-errors/troubleshooting-cloudflare-1xxx-errors) for troubleshooting information.
---
diff --git a/src/content/docs/support/troubleshooting/http-status-codes/4xx-client-error.mdx b/src/content/docs/support/troubleshooting/http-status-codes/4xx-client-error.mdx
index 9c4107db5741839..dc3bcbaeda43a06 100644
--- a/src/content/docs/support/troubleshooting/http-status-codes/4xx-client-error.mdx
+++ b/src/content/docs/support/troubleshooting/http-status-codes/4xx-client-error.mdx
@@ -229,7 +229,7 @@ The upload limit for the Cloudflare API depends on your plan. If you exceed this
-If you require a larger upload, break up requests into smaller chunks, change your DNS record to [DNS-only](/dns/manage-dns-records/reference/proxied-dns-records/#dns-only-records), or [upgrade your plan](/fundamentals/subscriptions-and-billing/change-plan/).
+If you require a larger upload, break up requests into smaller chunks, change your DNS record to [DNS-only](/dns/proxy-status/#dns-only-records), or [upgrade your plan](/fundamentals/subscriptions-and-billing/change-plan/).
## 414 URI Too Long
diff --git a/src/content/docs/waf/reference/legacy/old-waf-managed-rules/index.mdx b/src/content/docs/waf/reference/legacy/old-waf-managed-rules/index.mdx
index c62a2ba7f7605c8..f2dba1cb5855d07 100644
--- a/src/content/docs/waf/reference/legacy/old-waf-managed-rules/index.mdx
+++ b/src/content/docs/waf/reference/legacy/old-waf-managed-rules/index.mdx
@@ -23,7 +23,7 @@ Examples of [malicious content](https://www.cloudflare.com/learning/security/wha
* Cross-site scripting attacks (XSS)
* SQL injections (SQLi)
-WAF managed rules (previous version) are available to Pro, Business, and Enterprise plans for any [subdomains proxied to Cloudflare](/dns/manage-dns-records/reference/proxied-dns-records/). Control managed rules settings in **Security** > **WAF** > **Managed rules**.
+WAF managed rules (previous version) are available to Pro, Business, and Enterprise plans for any [subdomains proxied to Cloudflare](/dns/proxy-status/). Control managed rules settings in **Security** > **WAF** > **Managed rules**.
Managed rules includes three packages:
diff --git a/src/content/docs/web3/reference/gateway-dns-records.mdx b/src/content/docs/web3/reference/gateway-dns-records.mdx
index 447285196cc795f..cad334867dcd4a4 100644
--- a/src/content/docs/web3/reference/gateway-dns-records.mdx
+++ b/src/content/docs/web3/reference/gateway-dns-records.mdx
@@ -8,8 +8,8 @@ sidebar:
Once you [create a gateway](/web3/how-to/manage-gateways/#create-a-gateway), Cloudflare automatically creates and adds records to your Cloudflare DNS so your gateway can receive and route traffic appropriately:
-* **Ethereum gateways**: Creates a [proxied](/dns/manage-dns-records/reference/proxied-dns-records/) `CNAME` record pointing your hostname to `ethereum.cloudflare.com`.
-* **IPFS gateways**: Creates a [proxied](/dns/manage-dns-records/reference/proxied-dns-records/) `CNAME` record pointing your hostname to `ipfs.cloudflare.com` and a `TXT` record with the value specified for its [DNSLink](/web3/ipfs-gateway/concepts/dnslink/#how-is-it-used-with-cloudflare).
+* **Ethereum gateways**: Creates a [proxied](/dns/proxy-status/) `CNAME` record pointing your hostname to `ethereum.cloudflare.com`.
+* **IPFS gateways**: Creates a [proxied](/dns/proxy-status/) `CNAME` record pointing your hostname to `ipfs.cloudflare.com` and a `TXT` record with the value specified for its [DNSLink](/web3/ipfs-gateway/concepts/dnslink/#how-is-it-used-with-cloudflare).
These records cannot be edited within Cloudflare DNS. To make edits, you will have to [edit the gateway configuration](/web3/how-to/manage-gateways/#edit-a-gateway) itself.
diff --git a/src/content/docs/workers/reference/how-the-cache-works.mdx b/src/content/docs/workers/reference/how-the-cache-works.mdx
index 06e3de539d9a30d..c53ffb3f497f5d2 100644
--- a/src/content/docs/workers/reference/how-the-cache-works.mdx
+++ b/src/content/docs/workers/reference/how-the-cache-works.mdx
@@ -39,7 +39,7 @@ As far as cache is concerned, the asset in the `fetch` request (`https://notexam
Purging the end user URL, `https://example.com/hello`, will not work because that is not the URL that cache sees. You need to confirm in your Worker which URL you are actually fetching, so you can purge the correct asset.
-In the previous example, `https://notexample.com/hello` is not proxied through Cloudflare. If `https://notexample.com/hello` was proxied ([orange-clouded](/dns/manage-dns-records/reference/proxied-dns-records/#proxied-records)) through Cloudflare, then you must own `notexample.com` and purge `https://notexample.com/hello` from the `notexample.com` zone.
+In the previous example, `https://notexample.com/hello` is not proxied through Cloudflare. If `https://notexample.com/hello` was proxied ([orange-clouded](/dns/proxy-status/)) through Cloudflare, then you must own `notexample.com` and purge `https://notexample.com/hello` from the `notexample.com` zone.
To better understand the example, review the following diagram:
diff --git a/src/content/docs/workers/runtime-apis/bindings/mTLS.mdx b/src/content/docs/workers/runtime-apis/bindings/mTLS.mdx
index 57261b9f6c5454b..d9e5146c0ac8adb 100644
--- a/src/content/docs/workers/runtime-apis/bindings/mTLS.mdx
+++ b/src/content/docs/workers/runtime-apis/bindings/mTLS.mdx
@@ -16,7 +16,7 @@ To present a client certificate when communicating with a service, create a mTLS
:::caution
-Currently, mTLS for Workers cannot be used for requests made to a service that is a [proxied zone](/dns/manage-dns-records/reference/proxied-dns-records/) on Cloudflare. If your Worker presents a client certificate to a service proxied by Cloudflare, Cloudflare will return a `520` error.
+Currently, mTLS for Workers cannot be used for requests made to a service that is a [proxied zone](/dns/proxy-status/) on Cloudflare. If your Worker presents a client certificate to a service proxied by Cloudflare, Cloudflare will return a `520` error.
:::
diff --git a/src/content/docs/zaraz/faq.mdx b/src/content/docs/zaraz/faq.mdx
index f04c47b38941aa7..f9d1d723be61bc0 100644
--- a/src/content/docs/zaraz/faq.mdx
+++ b/src/content/docs/zaraz/faq.mdx
@@ -35,7 +35,7 @@ To check if the script is loading correctly, follow these steps:
If Zaraz is not loading, please verify the following:
-- The domain running Zaraz [is proxied by Cloudflare](/dns/manage-dns-records/reference/proxied-dns-records/).
+- The domain running Zaraz [is proxied by Cloudflare](/dns/proxy-status/).
- Auto Injection is enabled in your [Zaraz Settings](/zaraz/reference/settings/#auto-inject-script).
- Your website's HTML is valid and includes `` and `` tags.
- You have at least [one enabled tool](/zaraz/get-started/) configured in Zaraz.
diff --git a/src/content/glossary/dns.yaml b/src/content/glossary/dns.yaml
index dea66cfc8d159ff..c1e134dc8ffb4d4 100644
--- a/src/content/glossary/dns.yaml
+++ b/src/content/glossary/dns.yaml
@@ -76,6 +76,6 @@ entries:
general_definition: |-
the proxy status of a DNS record defines whether requests for your domain will route through Cloudflare (`proxied`) or not (`DNS-only`).
- When a [DNS record is proxied](/dns/manage-dns-records/reference/proxied-dns-records/), requests are processed according to your configurations, and Cloudflare can optimize, cache, and protect your domain. Refer to [How Cloudflare works](/fundamentals/concepts/how-cloudflare-works/) for details.
+ When a [DNS record is proxied](/dns/proxy-status/), requests are processed according to your configurations, and Cloudflare can optimize, cache, and protect your domain. Refer to [How Cloudflare works](/fundamentals/concepts/how-cloudflare-works/) for details.
associated_products:
- Fundamentals
diff --git a/src/content/partials/dns/dns-record-steps.mdx b/src/content/partials/dns/dns-record-steps.mdx
index fa045229f3f8b7d..bc3b41481f44768 100644
--- a/src/content/partials/dns/dns-record-steps.mdx
+++ b/src/content/partials/dns/dns-record-steps.mdx
@@ -14,7 +14,7 @@ import { Tabs, TabItem, Render, GlossaryTooltip } from "~/components";
- To point to an IPv4 address, select `A`, use {props.name} ({props.example}) for the record **Name**, and insert the IPv4 address in the respective field.
- To point to an IPv6 address, select `AAAA`, use {props.name} ({props.example}) for the record **Name**, and insert the IPv6 address in the respective field.
- To point to a [fully qualified domain name (FQDN)](https://en.wikipedia.org/wiki/Fully_qualified_domain_name) (such as `your-site.host.example.com`), select `CNAME`, use {props.name} ({props.example}) for the record **Name**, and insert the fully qualified domain name in the **Target** field.
-4. Specify the **Proxy status** and **TTL** according to your needs.
+4. Specify the **Proxy status** and **TTL** according to your needs.
5. Select **Save** to confirm.
diff --git a/src/content/partials/dns/limitations.mdx b/src/content/partials/dns/limitations.mdx
index a5c874d97dcd64c..809ed8f2f2cde0b 100644
--- a/src/content/partials/dns/limitations.mdx
+++ b/src/content/partials/dns/limitations.mdx
@@ -11,6 +11,10 @@ Only `A`, `AAAA`, and `CNAME` DNS records that serve `HTTP` or `HTTPS` traffic c
If you encounter a `CNAME` record that you cannot proxy — usually associated with another CDN provider — a proxied version of that record will cause connectivity errors. Cloudflare is purposely preventing that record from being proxied to protect you from a misconfiguration.
+#### Secondary DNS zones with pre-signed DNSSEC
+
+If you use Cloudflare as your [secondary DNS provider](/dns/concepts/#dns-setups) and leverage [Secondary DNS Overrides](/dns/zone-setups/zone-transfers/cloudflare-as-secondary/proxy-traffic/) to set records to proxied, note that opting for [Pre-signed DNSSEC](/dns/zone-setups/zone-transfers/cloudflare-as-secondary/dnssec-for-secondary/) will cause Cloudflare to treat your records as **DNS only**.
+
#### Ports and protocols
To proxy `HTTP/HTTPS` traffic on [non-standard ports](/fundamentals/reference/network-ports/) or to proxy a `TCP-` or `UDP-` based application, use [Cloudflare Spectrum](/spectrum/).
@@ -19,7 +23,7 @@ To proxy `HTTP/HTTPS` traffic on [non-standard ports](/fundamentals/reference/ne
-This means that DNS records — even those set to [proxy traffic through Cloudflare](#proxied-records) — will be [DNS-only](/dns/manage-dns-records/reference/proxied-dns-records/#dns-only-records) until your zone has been activated and any requests to your DNS records will return your origin server's IP address.
+This means that DNS records — even those set to [proxy traffic through Cloudflare](#proxied-records) — will be [DNS-only](/dns/proxy-status/#dns-only-records) until your zone has been activated and any requests to your DNS records will return your origin server's IP address.
If this warning is still present after 24 hours, refer to [Troubleshooting](/dns/troubleshooting/).
diff --git a/src/content/partials/dns/partial-setup-definition.mdx b/src/content/partials/dns/partial-setup-definition.mdx
index d473a7309a3e660..482343f136401e4 100644
--- a/src/content/partials/dns/partial-setup-definition.mdx
+++ b/src/content/partials/dns/partial-setup-definition.mdx
@@ -7,4 +7,4 @@ import { GlossaryTooltip } from "~/components"
A partial (CNAME) setup allows you to use [Cloudflare's reverse proxy](/fundamentals/concepts/how-cloudflare-works/) while maintaining your primary and authoritative DNS provider.
-Use this option to proxy only individual subdomains through Cloudflare when you cannot change your authoritative DNS provider. You will be able to create A, AAAA, and CNAME records, which are the DNS record types that can be [proxied](/dns/manage-dns-records/reference/proxied-dns-records/).
+Use this option to proxy only individual subdomains through Cloudflare when you cannot change your authoritative DNS provider. You will be able to create A, AAAA, and CNAME records, which are the DNS record types that can be [proxied](/dns/proxy-status/).
diff --git a/src/content/partials/dns/proxy-status-dns-table.mdx b/src/content/partials/dns/proxy-status-dns-table.mdx
new file mode 100644
index 000000000000000..0b4963cdcc84218
--- /dev/null
+++ b/src/content/partials/dns/proxy-status-dns-table.mdx
@@ -0,0 +1,18 @@
+---
+{}
+
+---
+
+import { Example } from "~/components";
+
+
+
+DNS management for **example.com**:
+
+| Type | Name | Content | Proxy status | TTL |
+| :--: | :----: | :---------: | :----------: | :----: |
+| A | `blog` | `192.0.2.1` | Proxied | Auto |
+| A | `shop` | `192.0.2.2` | DNS only | Auto |
+
+
+In the example DNS table above, there are two DNS records. The record with the name `blog` has proxy on, while the record named `shop` has the proxy off (that is, **DNS only**).
\ No newline at end of file
diff --git a/src/content/partials/dns/third-party-caveat.mdx b/src/content/partials/dns/third-party-caveat.mdx
index 507579e624f6bbb..32f0740937afdaf 100644
--- a/src/content/partials/dns/third-party-caveat.mdx
+++ b/src/content/partials/dns/third-party-caveat.mdx
@@ -8,7 +8,7 @@ import { Markdown } from "~/components"
:::note
-When you [add records to Cloudflare DNS](/dns/manage-dns-records/how-to/create-dns-records/), those records should be [DNS-only (unproxied)](/dns/manage-dns-records/reference/proxied-dns-records/#dns-only-records) until {props.one} verifies your domain. Then, you can switch your DNS records to **Proxied**.
+When you [add records to Cloudflare DNS](/dns/manage-dns-records/how-to/create-dns-records/), those records should be [DNS-only (unproxied)](/dns/proxy-status/#dns-only-records) until {props.one} verifies your domain. Then, you can switch your DNS records to **Proxied**.
:::
diff --git a/src/content/partials/fundamentals/add-site.mdx b/src/content/partials/fundamentals/add-site.mdx
index 465dfc471018b75..d0b09fdfa223d13 100644
--- a/src/content/partials/fundamentals/add-site.mdx
+++ b/src/content/partials/fundamentals/add-site.mdx
@@ -23,5 +23,5 @@ import { GlossaryTooltip, Render } from "~/components";
2. If you find any missing records, [manually add](/dns/manage-dns-records/how-to/create-dns-records/) those records.
- 3. Depending on your site setup, you may want to adjust the [proxy status](/dns/manage-dns-records/reference/proxied-dns-records/) for certain `A`, `AAAA`, or `CNAME` records.
+ 3. Depending on your site setup, you may want to adjust the [proxy status](/dns/proxy-status/) for certain `A`, `AAAA`, or `CNAME` records.
4. Select **Continue**.
diff --git a/src/content/partials/fundamentals/allow-cloudflare-ips.mdx b/src/content/partials/fundamentals/allow-cloudflare-ips.mdx
index 2e0888a498ceb3d..297237f50f8ece9 100644
--- a/src/content/partials/fundamentals/allow-cloudflare-ips.mdx
+++ b/src/content/partials/fundamentals/allow-cloudflare-ips.mdx
@@ -5,7 +5,7 @@
import { GlossaryTooltip } from "~/components"
-All traffic to [proxied DNS records](/dns/manage-dns-records/reference/proxied-dns-records/) passes through Cloudflare before reaching your origin server. This means that your origin server will stop receiving traffic from individual visitor IP addresses and instead receive traffic from [Cloudflare IP addresses](https://www.cloudflare.com/ips), which are shared by all proxied hostnames.
+All traffic to [proxied DNS records](/dns/proxy-status/) passes through Cloudflare before reaching your origin server. This means that your origin server will stop receiving traffic from individual visitor IP addresses and instead receive traffic from [Cloudflare IP addresses](https://www.cloudflare.com/ips), which are shared by all proxied hostnames.
This setup can cause issues if your origin server blocks or rate limits connections from Cloudflare IP addresses. Because all visitor traffic will appear to come from Cloudflare IP addresses, blocking these IPs — even accidentally — will prevent visitor traffic from reaching your application.
diff --git a/src/content/partials/fundamentals/minimize-downtime.mdx b/src/content/partials/fundamentals/minimize-downtime.mdx
index f256ce9b03f10eb..d368f7fab8d5839 100644
--- a/src/content/partials/fundamentals/minimize-downtime.mdx
+++ b/src/content/partials/fundamentals/minimize-downtime.mdx
@@ -10,7 +10,7 @@ Before activating your domain on Cloudflare (exact steps depend on your [DNS set
### Start with unproxied records
-With a new domain, make sure all of your DNS records have a [proxy status](/dns/manage-dns-records/reference/proxied-dns-records/) of **DNS-only**.
+With a new domain, make sure all of your DNS records have a [proxy status](/dns/proxy-status/) of **DNS-only**.
This setting prevents Cloudflare from proxying your traffic before you have an active edge certificate or before you have allowed Cloudflare IP addresses.
@@ -45,4 +45,4 @@ If you experience issues, you should make sure that you have [allowed Cloudflare
## Update proxy status
-Once you have verified that your SSL/TLS edge certificate is active and you have allowed Cloudflare IP addresses, change the [proxy status](/dns/manage-dns-records/reference/proxied-dns-records/) of appropriate DNS records to **Proxied**.
+Once you have verified that your SSL/TLS edge certificate is active and you have allowed Cloudflare IP addresses, change the [proxy status](/dns/proxy-status/) of appropriate DNS records to **Proxied**.
diff --git a/src/content/partials/fundamentals/origin-secure-dns.mdx b/src/content/partials/fundamentals/origin-secure-dns.mdx
index 99c84ef789dab45..2cec91c0b7f01c5 100644
--- a/src/content/partials/fundamentals/origin-secure-dns.mdx
+++ b/src/content/partials/fundamentals/origin-secure-dns.mdx
@@ -7,7 +7,7 @@ When you secure origin connections, it prevents attackers from discovering and o
* **DNS**:
- 1. **Proxy records** (when possible): Set up [proxied (orange-clouded) DNS records](/dns/manage-dns-records/reference/proxied-dns-records/) to hide your origin IP addresses and provide DDoS protection. As part of this, you should [allow Cloudflare IP addresses](/fundamentals/concepts/cloudflare-ip-addresses/) at your origin to prevent requests from being blocked.
+ 1. **Proxy records** (when possible): Set up [proxied (orange-clouded) DNS records](/dns/proxy-status/) to hide your origin IP addresses and provide DDoS protection. As part of this, you should [allow Cloudflare IP addresses](/fundamentals/concepts/cloudflare-ip-addresses/) at your origin to prevent requests from being blocked.
2. **Review DNS-only records**: Audit existing **DNS-only** records (`SPF`, `TXT`, and more) to make sure they do not contain origin IP information.
3. **Evaluate mail infrastructure**: If possible, do not host a mail service on the same server as the web resource you want to protect, since emails sent to non-existent addresses get bounced back to the attacker and reveal the mail server IP.
4. **Rotate origin IPs**: Once [onboarded](/dns/zone-setups/full-setup/setup/#verify-changes), rotate your origin IPs, as DNS records are in the public domain. Historical records are kept and would contain IP addresses prior to joining Cloudflare.
diff --git a/src/content/partials/fundamentals/proxy-status-effects.mdx b/src/content/partials/fundamentals/proxy-status-effects.mdx
index 1595c9cd75b6c12..d669e4b26dd3386 100644
--- a/src/content/partials/fundamentals/proxy-status-effects.mdx
+++ b/src/content/partials/fundamentals/proxy-status-effects.mdx
@@ -11,7 +11,7 @@ Without Cloudflare, DNS lookups for your application's URL return the IP address
| ------------- | ------------------- |
| `example.com` | `192.0.2.1` |
-When using Cloudflare with [unproxied DNS records](/dns/manage-dns-records/reference/proxied-dns-records/), DNS lookups for unproxied domains or subdomains also return your origin's IP address.
+When using Cloudflare with [unproxied DNS records](/dns/proxy-status/), DNS lookups for unproxied domains or subdomains also return your origin's IP address.
Another way of thinking about this concept is that visitors directly connect with your origin server.
@@ -23,7 +23,7 @@ Another way of thinking about this concept is that visitors directly connect wit
### With Cloudflare
-With Cloudflare — meaning your domain or subdomain is using [proxied DNS records](/dns/manage-dns-records/reference/proxied-dns-records/) — DNS lookups for your application's URL will resolve to [Cloudflare anycast IPs](https://www.cloudflare.com/ips/) instead of their original DNS target.
+With Cloudflare — meaning your domain or subdomain is using [proxied DNS records](/dns/proxy-status/) — DNS lookups for your application's URL will resolve to [Cloudflare anycast IPs](https://www.cloudflare.com/ips/) instead of their original DNS target.
| URL | Returned IP address |
| ------------- | ------------------- |
diff --git a/src/content/partials/rules/page-rule-proxied-dns-warning.mdx b/src/content/partials/rules/page-rule-proxied-dns-warning.mdx
index 41373c8da729c04..47ff5da246f0206 100644
--- a/src/content/partials/rules/page-rule-proxied-dns-warning.mdx
+++ b/src/content/partials/rules/page-rule-proxied-dns-warning.mdx
@@ -5,5 +5,5 @@
:::caution
-Page Rules require a [proxied DNS record](/dns/manage-dns-records/reference/proxied-dns-records) to work. Page Rules will not apply to subdomains that do not exist in DNS or are not being directed to Cloudflare.
+Page Rules require a [proxied DNS record](/dns/proxy-status/) to work. Page Rules will not apply to subdomains that do not exist in DNS or are not being directed to Cloudflare.
:::
diff --git a/src/content/partials/rules/rules-requirements.mdx b/src/content/partials/rules/rules-requirements.mdx
index 5ca150401452e41..cb45ddcee4a2e06 100644
--- a/src/content/partials/rules/rules-requirements.mdx
+++ b/src/content/partials/rules/rules-requirements.mdx
@@ -7,5 +7,5 @@ import { Markdown } from "~/components"
:::note
-{props.one} that you [proxy the DNS records](/dns/manage-dns-records/reference/proxied-dns-records/) of your domain (or subdomain) through Cloudflare.
+{props.one} that you [proxy the DNS records](/dns/proxy-status/) of your domain (or subdomain) through Cloudflare.
:::
diff --git a/src/content/partials/rules/url-forwarding/requires-proxied-site.mdx b/src/content/partials/rules/url-forwarding/requires-proxied-site.mdx
index 8ae824c2a6dc115..4c634db7a7b3b82 100644
--- a/src/content/partials/rules/url-forwarding/requires-proxied-site.mdx
+++ b/src/content/partials/rules/url-forwarding/requires-proxied-site.mdx
@@ -7,5 +7,5 @@ import { Markdown } from "~/components"
:::note
-{props.one} require that the incoming traffic for the hostname referenced in visitors' requests is [proxied by Cloudflare](/dns/manage-dns-records/reference/proxied-dns-records/).
+{props.one} require that the incoming traffic for the hostname referenced in visitors' requests is [proxied by Cloudflare](/dns/proxy-status/).
:::
diff --git a/src/content/partials/ssl/keyless-upload-preamble.mdx b/src/content/partials/ssl/keyless-upload-preamble.mdx
index a341e4574c68c63..1c57296ce980ad0 100644
--- a/src/content/partials/ssl/keyless-upload-preamble.mdx
+++ b/src/content/partials/ssl/keyless-upload-preamble.mdx
@@ -5,6 +5,6 @@
Before your key servers can be configured, you must next upload the corresponding SSL certificates to Cloudflare’s edge. During TLS termination, Cloudflare will present these certificates to connecting browsers and then (for non-resumed sessions) communicate with the specified key server to complete the handshake.
-Upload certificates to Cloudflare with only SANs that you wish to use with Cloudflare Keyless SSL. All Keyless SSL hostnames must be [proxied](/dns/manage-dns-records/reference/proxied-dns-records/).
+Upload certificates to Cloudflare with only SANs that you wish to use with Cloudflare Keyless SSL. All Keyless SSL hostnames must be [proxied](/dns/proxy-status/).
You will have to upload each certificate used with Keyless SSL.
diff --git a/src/content/partials/ssl/partial-zone-acm-dcv-nonwildcard.mdx b/src/content/partials/ssl/partial-zone-acm-dcv-nonwildcard.mdx
index ab6cc548629f98f..c846307e0e27a35 100644
--- a/src/content/partials/ssl/partial-zone-acm-dcv-nonwildcard.mdx
+++ b/src/content/partials/ssl/partial-zone-acm-dcv-nonwildcard.mdx
@@ -3,7 +3,7 @@
---
-If every hostname on a non-wildcard certificate is [proxying traffic](/dns/manage-dns-records/reference/proxied-dns-records/) through Cloudflare, Cloudflare can automatically complete DCV on your behalf.
+If every hostname on a non-wildcard certificate is [proxying traffic](/dns/proxy-status/) through Cloudflare, Cloudflare can automatically complete DCV on your behalf.
This applies to customers using [Universal](/ssl/edge-certificates/universal-ssl/) or [Advanced certificates](/ssl/edge-certificates/advanced-certificate-manager/).
diff --git a/src/content/partials/ssl/universal-ssl-enable-full.mdx b/src/content/partials/ssl/universal-ssl-enable-full.mdx
index 785a4187eb2614b..984b92c2fbbce9e 100644
--- a/src/content/partials/ssl/universal-ssl-enable-full.mdx
+++ b/src/content/partials/ssl/universal-ssl-enable-full.mdx
@@ -5,7 +5,7 @@
For domains on a [full setup](/dns/zone-setups/full-setup/)[^1], your domain should **automatically** receive its Universal SSL certificate within **15 minutes to 24 hours** of domain activation[^2].
-This certificate will cover your zone apex (`example.com`) and all first-level subdomains (`subdomain.example.com`), and is provisioned even if your records are DNS only. However, the certificate will only be presented if your domain or subdomains are [proxied](/dns/manage-dns-records/reference/proxied-dns-records/).
+This certificate will cover your zone apex (`example.com`) and all first-level subdomains (`subdomain.example.com`), and is provisioned even if your records are DNS only. However, the certificate will only be presented if your domain or subdomains are [proxied](/dns/proxy-status/).
[^1]: The most common Cloudflare setup that involves changing your authoritative nameservers.
diff --git a/src/content/partials/web3/post-creation-steps.mdx b/src/content/partials/web3/post-creation-steps.mdx
index 87c76671d4317d0..d74e8413a7a6db0 100644
--- a/src/content/partials/web3/post-creation-steps.mdx
+++ b/src/content/partials/web3/post-creation-steps.mdx
@@ -6,5 +6,5 @@
When you create a gateway, Cloudflare automatically:
* Creates and adds [records to your Cloudflare DNS](/web3/reference/gateway-dns-records/) so your gateway can receive and route traffic appropriately.
-* [Proxies](/dns/manage-dns-records/reference/proxied-dns-records/) traffic to that hostname.
+* [Proxies](/dns/proxy-status/) traffic to that hostname.
* Issues an SSL/TLS certificate to cover the specified hostname.