How To Add Domain To Cloudflare
Step 1 – Disable DNSSEC
Cloudflare cannot provide authoritative DNS resolution for a domain when DNSSEC is enable at your domain registrar. You can re-enable DNSSEC after the domain is Active on Cloudflare, but must configure DNSSEC using Cloudflare’s DNSSEC requirements.
DNSSEC must only be disable for domains on Full setups where Cloudflare’s nameservers will be authoritative.
Possible symptoms of DNSSEC being enable at the registrar include:
- DNS does not resolve after switching to Cloudflare’s nameservers.
- DNS query response status is SERVFAIL.
- The domain remains in a Pending status in the Cloudflare Overview app.
Contact your domain provider if you need assistance to disable DNSSEC. If a DS record exists for the domain, DNSSEC is likely enable. DS records can be check via third-party online tools such as https://mxtoolbox.com/ds.aspx or via a command-line terminal:
dig +short ds cloudflare.com 2371 13 2 32996839A6D808AFE3EB4A795A0E6A7A39A76FC52FF228B22B76F6D6 3826F2B9
Step 2 – Register the domain
There are several domain registration issues that will prevent a domain from being add to Cloudflare:
- Domain uses a new TLD (top-level domain) not yet on the Public Suffix List
- You may see an error similar to the following:
We were unable to identify bad.psl-example as a register domain. Please ensure you are providing the root domain and not any subdomains (e.g., example.com, not subdomain.example.com) (Code: 1099)
Instructions for updating the Public Suffix List exist at https://github.com/publicsuffix/list/wiki/Guidelines.
- Domain is not yet fully register or registration data does not list nameservers
- Contact your domain registrar to update the nameservers in the registration
Below are some possible errors in the Cloudflare dashboard when adding an improperly registered domain via + Add site:
- exampledomain.com is not a registered domain (Code: 1049)
- Failed to lookup registrar and hosting information of exampledomain.com at this time. Please contact Cloudflare Support or try again later. (Code: 1110)
Step 3 – Resolve DNS for root domain
Before a domain can be add to Cloudflare, the domain must return NS records for valid, working nameservers. NS records can be check via third-party online tools such as https://www.whatsmydns.net/#NS/ or via a command-line terminal using a dig command:
dig +short ns cloudflare.com ns3.cloudflare.com. ns4.cloudflare.com. ns5.cloudflare.com. ns6.cloudflare.com. ns7.cloudflare.com.
Additionally, the domain must return a valid SOA record when query. SOA records can be check via third-party online tools such as https://www.whatsmydns.net/#SOA/ or via a command-line terminal:
dig +short soa cloudflare.com ns3.cloudflare.com. dns.cloudflare.com. 2029202248 10000 2400 604800 300
Step 4 – Verify if the domain is ban at Cloudflare
Cloudflare disallows the addition of certain domains on either a permanent or a temporary basis. See the instructions below for removing either type of ban.
Removing a temporary ban
When Cloudflare observes too many attempts to add a domain to Cloudflare, an error is return:
Error with Cloudflare request: [1105] This zone is temporarily banned and cannot be added to Cloudflare at this time, please contact Cloudflare Support.
Before contacting Cloudflare support, wait 3 hours before attempting to re-add the domain to Cloudflare.
Cloudflare support cannot expedite expiration of the temporary ban.
Clearing a permanent ban
File a request with Cloudflare Support if any of the following errors are observe when adding a domain:
- Error: This zone is ban and cannot be add to CloudFlare at this time, please contact CloudFlare Support. (Code: 1097)
- This zone cannot be add to Cloudflare at this time, please contact Cloudflare Support. (Code: 1093)
Error (Code: 1093) or (Code: 1116) can also mean that you included a subdomain (somehost.example.com) instead of the root domain (example.com) when adding the domain to Cloudflare.