From d5351a2e0db084e87a2345aca5a29d47685d06c0 Mon Sep 17 00:00:00 2001 From: Rebecca Tamachiro Date: Fri, 24 Oct 2025 15:14:19 +0100 Subject: [PATCH 1/4] Link to dnssec-for-secondary from the setup page --- .../zone-setups/zone-transfers/cloudflare-as-secondary/setup.mdx | 1 + 1 file changed, 1 insertion(+) diff --git a/src/content/docs/dns/zone-setups/zone-transfers/cloudflare-as-secondary/setup.mdx b/src/content/docs/dns/zone-setups/zone-transfers/cloudflare-as-secondary/setup.mdx index 67e3fabd2a96aa9..4d3924e61d1eeae 100644 --- a/src/content/docs/dns/zone-setups/zone-transfers/cloudflare-as-secondary/setup.mdx +++ b/src/content/docs/dns/zone-setups/zone-transfers/cloudflare-as-secondary/setup.mdx @@ -19,6 +19,7 @@ With [incoming zone transfers](/dns/zone-setups/zone-transfers/cloudflare-as-sec ## Before you begin - You should already have a registered domain, set up with your primary DNS provider. +- Review the available options and plan for how you will use [DNSSEC with Cloudflare as secondary](/dns/zone-setups/zone-transfers/cloudflare-as-secondary/dnssec-for-secondary/). - Make sure you have completed the following tasks at your primary DNS provider and at Cloudflare. ### At your primary DNS provider From 09208615d764e94fdc74a5b4f178a7b5a4f1e388 Mon Sep 17 00:00:00 2001 From: Rebecca Tamachiro Date: Fri, 24 Oct 2025 15:25:50 +0100 Subject: [PATCH 2/4] Replace recommendation wait time for DNSSEC with child zone --- src/content/docs/dns/zone-setups/subdomain-setup/dnssec.mdx | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/content/docs/dns/zone-setups/subdomain-setup/dnssec.mdx b/src/content/docs/dns/zone-setups/subdomain-setup/dnssec.mdx index 7d87536cf5ebfdc..baa66f2a6b17159 100644 --- a/src/content/docs/dns/zone-setups/subdomain-setup/dnssec.mdx +++ b/src/content/docs/dns/zone-setups/subdomain-setup/dnssec.mdx @@ -8,13 +8,13 @@ head: content: Enable DNSSEC - subdomain setup --- +import { GlossaryTooltip } from "~/components"; + As opposed to the [normal process](/dns/dnssec/) for enabling DNSSEC, DNSSEC with a subdomain setup requires a few additional steps. ## Requirements -To use DNSSEC for a subdomain setup, DNSSEC must be enabled on the parent zone. - -Ideally, you should also wait 12 to 24 hours after enabling DNSSEC on the parent zone to ensure DNS resolvers provide the same DNS query responses. +To use DNSSEC for a subdomain setup, DNSSEC must be enabled on the parent zone. After enabling DNSSEC on the parent zone, you should wait the minimum TTL value (specified in the [SOA record](https://www.cloudflare.com/learning/dns/dns-records/dns-soa-record/) of the parent zone) to ensure DNS resolvers provide the same DNS query responses. ## Setup From 0a4c5afda4814c8abceff8128133a08536892a47 Mon Sep 17 00:00:00 2001 From: Rebecca Tamachiro Date: Mon, 27 Oct 2025 18:04:31 +0000 Subject: [PATCH 3/4] Create new TS page for debug endpoints and adjust order --- .../troubleshooting/dns-debug-endpoints.mdx | 25 +++++++++++++++++++ .../docs/dns/troubleshooting/dns-issues.mdx | 2 ++ .../dns-probe-finished-nxdomain.mdx | 2 +- .../troubleshooting/dns-probe-possible.mdx | 2 +- .../docs/dns/troubleshooting/email-issues.mdx | 3 ++- 5 files changed, 31 insertions(+), 3 deletions(-) create mode 100644 src/content/docs/dns/troubleshooting/dns-debug-endpoints.mdx diff --git a/src/content/docs/dns/troubleshooting/dns-debug-endpoints.mdx b/src/content/docs/dns/troubleshooting/dns-debug-endpoints.mdx new file mode 100644 index 000000000000000..519313c5c675ebb --- /dev/null +++ b/src/content/docs/dns/troubleshooting/dns-debug-endpoints.mdx @@ -0,0 +1,25 @@ +--- +pcx_content_type: troubleshooting +title: Available debug endpoints +sidebar: + order: 10 + label: Debug endpoints +--- + +The following debug endpoints are available via `dig` or other DNS query tools. + +```sh +$ dig @ chaos txt myip.cloudflare +short +``` + +```sh +$ dig @ chaos txt id.server +short +``` + +```sh +$ dig @ chaos txt version.bind +short +``` + +```sh +$ dig @ txt whoami.cloudflare.net +short +``` \ No newline at end of file diff --git a/src/content/docs/dns/troubleshooting/dns-issues.mdx b/src/content/docs/dns/troubleshooting/dns-issues.mdx index 3830f24771e0ee5..4e47218eaf6da4c 100644 --- a/src/content/docs/dns/troubleshooting/dns-issues.mdx +++ b/src/content/docs/dns/troubleshooting/dns-issues.mdx @@ -2,6 +2,8 @@ pcx_content_type: troubleshooting source: https://support.cloudflare.com/hc/en-us/articles/217912538-My-DNS-doesn-t-work title: General DNS issues +sidebar: + order: 2 --- diff --git a/src/content/docs/dns/troubleshooting/dns-probe-finished-nxdomain.mdx b/src/content/docs/dns/troubleshooting/dns-probe-finished-nxdomain.mdx index 196f1db37cf342e..bc76fb07f2dfb9d 100644 --- a/src/content/docs/dns/troubleshooting/dns-probe-finished-nxdomain.mdx +++ b/src/content/docs/dns/troubleshooting/dns-probe-finished-nxdomain.mdx @@ -2,7 +2,7 @@ title: DNS_PROBE_FINISHED_NXDOMAIN pcx_content_type: troubleshooting sidebar: - order: 2 + order: 4 head: - tag: title content: Fix DNS_PROBE_FINISHED_NXDOMAIN diff --git a/src/content/docs/dns/troubleshooting/dns-probe-possible.mdx b/src/content/docs/dns/troubleshooting/dns-probe-possible.mdx index 291c084832d4aff..1e095b46f8e5c73 100644 --- a/src/content/docs/dns/troubleshooting/dns-probe-possible.mdx +++ b/src/content/docs/dns/troubleshooting/dns-probe-possible.mdx @@ -2,7 +2,7 @@ title: DNS_PROBE_POSSIBLE pcx_content_type: troubleshooting sidebar: - order: 2 + order: 5 head: - tag: title content: Fix DNS_PROBE_POSSIBLE error diff --git a/src/content/docs/dns/troubleshooting/email-issues.mdx b/src/content/docs/dns/troubleshooting/email-issues.mdx index 2fe04f532b701a4..d6a75acac13361a 100644 --- a/src/content/docs/dns/troubleshooting/email-issues.mdx +++ b/src/content/docs/dns/troubleshooting/email-issues.mdx @@ -5,7 +5,8 @@ title: Email issues head: - tag: title content: Troubleshooting email issues - +sidebar: + order: 6 --- import { Render } from "~/components" From fa43702bcf7601b059450e3ffe1312dcddd64603 Mon Sep 17 00:00:00 2001 From: Rebecca Tamachiro Date: Mon, 27 Oct 2025 18:11:49 +0000 Subject: [PATCH 4/4] Call out nameserver TTL available with Foundation DNS --- src/content/docs/dns/nameservers/nameserver-options.mdx | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/content/docs/dns/nameservers/nameserver-options.mdx b/src/content/docs/dns/nameservers/nameserver-options.mdx index e655db046a4b6f0..f0602d4247bef03 100644 --- a/src/content/docs/dns/nameservers/nameserver-options.mdx +++ b/src/content/docs/dns/nameservers/nameserver-options.mdx @@ -56,6 +56,10 @@ If you choose this option and you also want to use DNSSEC on your zone, make sur For both Cloudflare nameservers (standard or advanced) and custom nameservers, the `NS` record time-to-live (TTL) is controlled by the specific setting on the **DNS Records** page, under **DNS record options**. +:::note[Foundation DNS] +**DNS record options** are part of [Foundation DNS](/dns/foundation-dns/). If you are an Enterprise customer and **Nameserver TTL** is not displayed on your Cloudflare dashboard, reach out to your account team. +::: + The default TTL is 24 hours (or 86,400 seconds), but you have the option to lower this value depending on your needs. For example, shorter TTLs can be useful when you are changing nameservers or migrating a zone. Accepted values range from 30 to 86,400 seconds. This setting can also be configured as a [DNS zone default](/dns/additional-options/dns-zone-defaults/), meaning new zones created in your account will automatically start with the value you define. \ No newline at end of file