← route

LSN 03/10 NAMESERVERS 10 MIN TIER FREE

Putting your domain on Cloudflare

The onboarding flow, the nameserver change, what propagation actually is, and the shape of the dashboard.

Before this: 02 Getting a domain

The mechanic that makes Cloudflare work is nameserver delegation. Once you point your domain to Cloudflare’s nameservers, every DNS lookup for that domain goes to Cloudflare, and from there Cloudflare takes over the request path described in lesson 1.

This lesson walks through that switch.

The onboarding flow

From the Cloudflare dashboard, click Add a site, type the bare domain (yoursite.com, no www, no https://), and pick the free plan when prompted. Cloudflare immediately scans the domain’s existing DNS at its current authoritative nameservers and presents the records it found.

This is the moment to check carefully.

Look at the import list and confirm that every existing record is there: A records for @ and www, the MX records for your mail provider, any TXT records (SPF, DKIM, DMARC, Google verification, etc.), any CNAMEs you actually depend on. Cloudflare’s scan is best-effort; some less common records can be missed. If anything is absent, add it manually before continuing. Doing this after the cutover is fine but messier, because mail in particular can bounce while you scramble.

When the record list looks complete, Cloudflare assigns you a pair of nameservers, something like elinor.ns.cloudflare.com and hank.ns.cloudflare.com. The names are randomly generated; they are just labels.

The nameserver change

Log into your registrar. Find the Nameservers section (sometimes labeled “DNS” or “Custom DNS”). Replace the existing nameservers with the Cloudflare pair. Save.

This is the only step that actually moves the domain to Cloudflare. The DNS records you saw in the dashboard are sitting waiting; they only come into effect once the world starts asking Cloudflare instead of the previous DNS provider.

What propagation really is

The phrase “wait for DNS to propagate” gets used loosely. What is actually happening:

Every DNS record has a TTL (time to live), measured in seconds. Resolvers around the world cache records up to the TTL. When you change nameservers at the registrar, the registry’s nameservers (.com for .com domains) start pointing to the new authoritative nameservers within minutes. But resolvers that already cached the old NS records keep using them until their TTL expires.

In practice this takes between five minutes and a few hours for most users, and up to 24 to 48 hours for the long tail. Cloudflare detects the change and marks the site Active when their own checks succeed. You will get an email.

You can check propagation yourself:

dig +short NS yoursite.com

If you see Cloudflare’s nameservers come back, the resolver you are using has the new state.

What Cloudflare gives you on the free plan

Once the site is active, you have access to the bulk of Cloudflare’s features:

  • Full DNS management with unlimited records
  • The CDN and global caching
  • Free TLS certificate (auto-issued, auto-renewed)
  • Basic WAF with managed rulesets
  • Always-on DDoS protection
  • Unlimited subdomains
  • Page Rules (a few free), Cache Rules, Redirect Rules
  • Workers (with 100K requests per day quota)
  • Pages (unlimited static sites with 500 builds per month)
  • R2 storage (10GB free), KV (100K reads per day), D1 (5GB free)
  • Cloudflare Tunnel (free for personal use)
  • Email Routing (free)
  • Access (up to 50 seats free)

The Pro plan ($25/mo), Business, and Enterprise tiers add image optimization, longer cache, more aggressive WAF, custom SSL, SLA, and priority support. Buy a higher plan when you hit a specific feature need, not preemptively.

Account structure

Cloudflare’s account model goes:

  • Account. Your billing entity. One account can hold many sites.
  • Site (zone). One domain. Each zone has its own DNS records, rules, analytics, and settings.
  • Project. A Pages or Workers project lives at the account level and is bound to one or more zones via custom domains.

A common pattern is one Cloudflare account per organization or solo operator, holding all their domains as zones. Pages and Workers projects sit alongside, attaching custom domains as needed.

With the site active, the next thing you usually want to do is touch DNS records.