Subdomain delegation allows different individuals, teams, or organizations to manage different subdomains of a site.
DNS delegation is not possible for Cloudflare domains on a CNAME setup.
For instance, consider example.com as a Cloudflare domain with www.example.com managed in Cloudflare’s DNS app and internal.example.com delegated to nameservers outside of Cloudflare. In this example, internal.example.com can now be managed by individuals who do not have access to Cloudflare credentials for the example.com domain.
Cloudflare’s CDN and security services are not applied to delegated subdomains.
Delegate a subdomain
To delegate a subdomain such as internal.example.com, tell DNS resolvers where to find the zone file:
- Log in to the Cloudflare dashboard.
- Click the appropriate Cloudflare account.
- Select the domain that contains the subdomain to be delegated.
- Click the DNS app.
- Create NS records for the subdomain. For example:
internal.example.com NS ns1.externalhost.com
internal.example.com NS ns2.externalhost.com
internal.example.com NS ns3.externalhost.com
A records for the subdomain are only required as glue records for nameservers
They are located in the subdomain of the current zone that is being delegated.
- (Optional) If the delegated nameserver has DNSSEC enabled, add the DS record in the Cloudflare DNS app.