Change your authoritative nameservers (Full setup)
If you want to use Cloudflare as your primary DNS provider and manage your DNS records on Cloudflare, your domain should be using a full setup.
This means that you are using Cloudflare for your authoritative DNS nameservers.
Step 1 — Do you already own a domain?
If you already own a domain and want to use Cloudflare for your authoritative DNS, proceed with this tutorial.
Step 2 — Complete prerequisites
Create an account
If you are onboarding an existing domain to Cloudflare — as opposed to purchasing a new domain through — make sure DNSSEC is disabled at your registrar (where you purchased your domain name). Otherwise, your domain will experience connectivity errors when you change your nameservers.
Why do I have to disable DNSSEC
When your domain has , your DNS provider digitally signs all your DNS records. This action prevents anyone else from issuing false DNS records on your behalf and redirecting traffic intended for your domain.
However, having a single set of signed records also prevents Cloudflare from issuing new DNS records on your behalf (which is part of using Cloudflare for your authoritative nameservers). So if you change your nameservers without disabling DNSSEC, DNSSEC will prevent Cloudflare’s DNS records from resolving properly.
Review DNS records in Cloudflare
When you start using Cloudflare’s nameservers for authoritative DNS, Cloudflare will become your primary DNS provider. This means that your DNS records in Cloudflare need to be accurate for your domain to work properly.
Since this scan is not guaranteed to find all existing DNS records, you need to review your records, paying special attention to the following record types:
Step 3 — Update your nameservers
Once you have added a domain (also known as a zone) to Cloudflare, that domain will receive two assigned authoritative nameservers.
Get nameserver names
On Overview, copy the information from Replace with Cloudflare’s nameservers.
Update your registrar
Disable DNSSEC for your domain.
Remove your existing authoritative nameservers.
- Wait 24 hours while your registrar updates your nameservers. You will receive an email when your site is active on Cloudflare.
Step 4 — Re-enable DNSSEC using Cloudflare
When you updated your nameservers, you should have also disabled DNSSEC at your registrar.