DNS management for example.com
| Type | Name | Content |
|---|---|---|
| A | * | 192.0.2.1 |
| A | a.b | 192.0.2.5 |
Set up advanced nameservers
Advanced nameservers included with Foundation DNS are an opt-in configuration.
Before opting in for advanced nameservers, consider the following:
-
The advantages that come with Foundation DNS advanced nameservers are currently not available for custom nameservers. Make sure you only use one at a time.
Some behaviors are different from standard Cloudflare nameservers:
- Wildcard records are still supported but, with advanced nameservers, a wildcard record (
*.example.com) will not apply to a subdomain that is an empty non-terminal. An empty non-terminal is a node in the DNS tree that has no records associated with it but has descendants that do, as exemplified below. This behavior is in compliance with RFC 4592 ↗, which defines the role of empty non-terminals in wildcard resolution.
Example
In this example, a.b.example.com is a descendant of b.example.com, and b.example.com is an empty non-terminal. This means that the wildcard *.example.com will not apply to b.example.com.
- Subdomain delegation: once a subdomain is delegated via NS records, Cloudflare will not serve any other records (such as A, TXT, or CNAME) on that subdomain from the parent zone, even if those records exist.
Example
DNS management for example.com
| Type | Name | Content |
|---|---|---|
| NS | www | ns1.externalhost.com |
| NS | www | ns2.externalhost.com |
| TXT | www | "5bb16e6b5a444eedb48ace40c471bcc9" |
| A | www | 192.0.2.1 |
In this example, the TXT record and the A record for www.example.com will not be served.
To enable advanced nameservers on an existing zone:
-
Opt for advanced nameservers on your zone:
- Log in to the Cloudflare dashboard ↗ and select your account and domain.
- Go to DNS > Records.
- In the Cloudflare nameservers card, enable Advanced nameservers.
- After you refresh the page, the card will display the values for your advanced nameservers
NSrecords.
Use the Update DNS Settings endpoint to send a PATCH request like the following:
At least one of the following token permissions is required:Required API token permissions
Zone DNS Settings WriteDNS Write
Update DNS Settings curl "https://api.cloudflare.com/client/v4/zones/$ZONE_ID/dns_settings" \--request PATCH \--header "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \--json '{"foundation_dns": true}'The response body will contain your assigned namservers in the
nameserversobject. You will use these nameservers in the next step. -
Update the authoritative nameservers at your registrar. This step depends on whether you are using Cloudflare Registrar:
-
If you are using Cloudflare Registrar, contact Cloudflare Support to have your nameservers updated.
-
If you are using a different registrar or if your zone is delegated to a parent zone, manually update your nameservers.
-
Was this helpful?
- Resources
- API
- New to Cloudflare?
- Directory
- Sponsorships
- Open Source
- Support
- Help Center
- System Status
- Compliance
- GDPR
- Company
- cloudflare.com
- Our team
- Careers
- © 2025 Cloudflare, Inc.
- Privacy Policy
- Terms of Use
- Report Security Issues
- Trademark