Can I proxy via Cloudflare to my Render app?

I’m trying to have a set-up where I can get my domain proxied via Cloudflare (i.e. they are my nameserver + edge server). Everything seems to be up and running using CNAMEs only (i.e. {foo}.com is CNAME’d to {foo}.onrender.com). But I still get an error under “Custom Domains” in my dashboard:

DNS update needed
Add an ANAME or ALIAS record pointing to {…}.onrender.com
If your DNS provider does not support ANAME or ALIAS records, use an A record pointing to 216.24.57.1

I’m assuming my set-up is correct (it seems to work…) but I wanted to check whether I should be handling this in a different way? I.e. is it okay to use CNAME records instead of ANAME? (Apologies I’m quite an amateur at DNS). Should I just leave everything as-is and ignore this error?

Thanks!

Hi @James_Padolsey,

CNAME records are only valid for non-root domains, like foo.example.com. From the error you’ve pasted, it looks like you’re trying to configure a root domain like example.com, so you cannot use a CNAME record.

One thing to note for setting up Cloudflare is that Render must be able to verify the custom domain by checking that it has a DNS record pointing to Render. Because of that, you should first point the record to Render and get it verified before you point it to Cloudflare.

Thanks Dan.

It seems like Cloudflare does “CNAME flattening” which effectively presents an A record with the resolved IP instead of the CNAME. This does seem to be working for my website – check out abooklikefoo.com – but it’s odd because I still receive errors in my Settings panel. (These persist even when clicking “Refresh”)

I don’t think I’ll be able to direct DNS directly towards Render because that would prevent the entire purpose of Cloudflare, which is to act as an edge-cacher and general security/protection/anti-ddos layer. I’m not sure how other services (e.g. heroku) verify the domain points correctly but they seem to work fluidly with Cloudflare.

Thank you for your help!

I don’t think I’ll be able to direct DNS directly towards Render because that would prevent the entire purpose of Cloudflare

This is totally correct. Render just needs the DNS to be pointed toward Render long enough for us to verify the domain, after which you can point it to Cloudflare. We know this isn’t as smooth of an experience as it could be, and have internally prioritized support for verifying domains using a CDN, but for now this is the workaround that should get you working with both Render and Cloudflare.

Thanks for the clarifications Dan!