How to use Cloudflare DNS without the CDN or WAF

I’m a big fan of DNS Made Easy, and it’s what I use for all of my sites. However, I also recommend Cloudflare DNS for those that need a free solution that is fast and has great uptime. It’s definitely much better than simply using your domain registrar’s DNS. Check out these quick steps below on how to use Cloudflare DNS without the CDN or web application firewall (WAF).

Why only use Cloudflare DNS?

You might be wondering why you wouldn’t want to also use Cloudfare’s CDN as well? Well, in my personal experience they have a much higher time to first byte (TTFB), and therefore I prefer to use a 3rd-party CDN provider like KeyCDN. Their TTFB is simply higher because they are a full proxy service. This is to be expected because they are adding another layer before people hit your origin server. Note: The full web application firewall (WAF) is only on their paid plans. Check out our post on Cloudflare vs KeyCDN.

In some cases, their performance enhancements can make up for their TTFB, but not for those that are serious about optimization. You could also go with full page caching, but this has its own downfalls, as you’ll have to have workarounds for dynamic parts of your site. This can be especially complex and frustrating to setup for WordPress e-commerce sites. Reports have also shown that Cloudflare’s new Argo service can also help decrease your TTFB. But it isn’t free.

So you always have the option of using only Cloudflare’s DNS which is completely free.

Step 1

The first thing to do is add your site at Cloudflare. Click on “Add Site” and then on “Scan DNS Records.”

Add site to Cloudflare
Add site to Cloudflare

Step 2

Scan for your DNS records. If it doesn’t detect anything you can add them. The important part here is that you want your A record and optional AAAA records to be marked with the gray cloud. This ensures that the traffic bypasses Cloudflare’s network.

Cloudflare DNS records
Cloudflare DNS records

For basic setups, I would also recommend adding a CNAME for www that points to your main domain.

Cloudflare CNAME www
Cloudflare CNAME www

Step 3

Select the free Cloudflare plan and click “Continue.”

Cloudflare free plan
Cloudflare free plan

Step 4

You will then need to point your current nameservers with your domain registrar to Cloudflare. Note: From this point forward you will manage all of your DNS records with Cloudflare. This includes MX records, CNAMEs, etc.

Change nameservers to Cloudflare
Change nameservers to Cloudflare

Step 5 (optional)

Go to the “Overview” tab, scroll down and on the bottom click the link “Pause Cloudflare on Site.” This will ensure that only DNS is being routed by Cloudflare, nothing else. This is optional because if you have all of your DNS records already marked with a gray cloud, then you won’t be using Cloudflare’s network features.

Pause Cloudflare on Site
Pause Cloudflare on Site

Pausing Cloudflare stops traffic from passing through our network, making your origin server IP address visible. Also, Cloudflare’s security and protection features become disabled. As an alternative, consider Development Mode to bypass caching while preserving security and protection.

And that’s it! You are now only using Cloudflare DNS without their CDN or firewall functionality.

Summary

As you can see, using only Cloudflare’s DNS service is super easy. What are your thoughts? Who do you prefer or use for your DNS provider? Let me know below in the comments.

author bio
Brian Jackson

I craft actionable content and develop performance-driven WordPress plugins. Connect on X, subscribe to my newsletter (once a month), or buy me coffee.

27 thoughts on “How to use Cloudflare DNS without the CDN or WAF”

  1. I never thought about doing this. That’s a good idea ;) I do use CloudFlare but I am using the WAF – while WPEngine (we have a dedicated server there) has their own firewall we were still getting hundreds of thousands of SPAM bot traffic and Cloudflare completely eliminated it. Not sure about their CDN though, seems pretty fast to me (at least in the US) but now you are making me wonder….

    Are you by any chance available for hire for site optimizations/site audit? (SEO+Speed) – I would be interested if you want to hit me up ;)

    – AJ

    Reply
    • Hey AJ,
      I have encountered the same thing on a few of my sites this year as well. Out of the blue, they were getting hundreds of thousands of requests from proxy IP addresses. I did a comparison of both Cloudflare and Sucuri, and I can tell you I prefer Sucuri from a performance perspective. Even though their network is smaller, I saw better speeds.

      Unfortunately I don’t have any time for audits right now :( If I get 6 hours a sleep it’s a good day lol.

      Reply
    • Ya it depends. Their TTFB is really bad. But this is simply because of full proxy. Some will say TTFB doesn’t matter, but I don’t agree with that. However, if you do full-page caching this can be fixed. But this is kind of a pain on some WordPress sites. So for me it kind of depends on the site. Agreed, you can’t beat the size of Cloudflare’s network :)

      Reply
  2. Hey Brian,

    I am using Cloudflare and it works for me. I am using full page cache by Cloudflare together with WAF. Maybe TTFB is a little bit higher but it makes my site loads much faster on the other side of the globe because of Cloudflare page cache.

    What do you mean by “Bad TTFB”?

    Reply
    • Hey Patrik, Cloudflare is known for high TTFB if you aren’t using full page cache. This is because they are a fully proxy service. A lot of people don’t use full page cache correctly because this requires rules be set up and with e-commerce shops especially it can get very confusing. If you have full page cache setup, then you should be good to go! I just prefer to use a traditional CDN.

      Reply
  3. If you’re using Cloudflare’s free SSL however I’m not sure this will work. Turning off Cloudflare’s proxy server and only using them for DNS seems to break the SSL usage. I get a “Site is unsecure” error in browser when I do this.

    Reply
    • You are correct. If you’re using any other feature that Cloudflare offers you’ll need to use the proxy server part of their service for it to work properly. This will only work if you want to only use their DNS feature by itself. Many hosts now offer free SSL certificates.

      Reply
      • Actually, strike that Brian. I can still use Cloudflare’s SSL even if I’m only using their DNS services and not the HTTP proxy. But I’m not sure how many of CF’s other services work without the proxy.

        Reply
          • Has this been confirmed? I see that the last comment states this you do in fact lose SSL.

            Does anyone know which it is?

          • Hey Chris! I can confirm that you have to use Cloudflare’s proxy feature (orange cloud) if you want to use their SSL certificates. Many hosting providers offer free SSL certificates these days, so for many I don’t see this being a big issue. And if you are simply needing to forward a URL or add 301 redirects on an old domain for SEO purposes, you can set up the proxy for SSL. More about that in my post here: https://woorkup.com/free-url-forwarding/

        • Hi for me the ssl is not working if i bypass CF network and just set CF dns….does the ssl take time to generate and work or it works right away after configuration.

          Reply
  4. Recently set up JetPack and getting all these messages about downtime — thus, what led me to your post. Thank you for a well written explanation on DNS and how to set up free Cloudflare. I’ve dabbled with a simple website (sorta a resume online) for the last 20 years but have not kept up with all the advancements. Since retiring I’ve had more time to spend on it and am discovering all these things that need updating but not having a clue as to what you all are talking about. Thank you for answering one of several questions — now to see if I really understand the process!

    Reply
  5. I have been using DNSMadeEasy for a while now, but I have been thinking about switching to CloudFlare for my DNS as well as for their super cheap domain name registration. I use CloudFlare for some other sites and have always been happy (They are not super optimised sites anyway so things like TTFB is not a deal breaker, their size of network and reputation and known brand name helps a heap though).

    I am just curious if I will miss anything switching over from DNSMadeEasy? I don’t use vanity/custom NS. Anything to reduce costs is a bonus. I assume most of the features I am used to are available with CloudFlare like HTTP redirection, etc.?

    Reply
    • Hey Mark! So here are my personal thoughts on this.

      #1. I use a mix of DNS Made Easy and Cloudflare right now on my sites for DNS. There DNS speeds are almost identical now, however, Cloudflare has slightly faster speeds in my opinion on some other continents. DNS Made Easy is blazing fast in the states.

      If you’re only using Cloudflare’s DNS (not their WAF/proxy) you won’t see any increase in TTFB. That only happens when you’re putting your site behind the WAF.

      #2. I have a post that touches a little bit on URL redirects with Cloudflare. https://woorkup.com/free-url-forwarding/

      #3. My one word of warning would be not to combine your DNS and domains with the same company. For example, I have my DNS with one company (or two rather), my domains with another, and my hosting with another. Why? Security.

      Yes, you should have two-factor authentication. But just think if someone did manage to hack your account. You wouldn’t want them having access to both DNS and domain ownership at the same time. At least I wouldn’t. That’s why I always recommend keeping these services separate. Especially if your websites are how you make a living.

      Reply
  6. Hello Brian,

    A great post indeed. However, please help me with: While setting up DNS with CF, you asked to add A and CNAME record for (say) mydomain.com. But I’ve one more CNAME record for the CDN, i.e., cdn.mydomain.com (pointing to mydomain-abcd.kxcdn.com). So do I need to add it as well in CF dashboard and mark all CNAMEs with grey cloud?

    Best,
    Dasa

    Reply
    • Yes, you can add as many additional DNS records as you want. You can add a CNAME for your CDN. Just click the grey cloud and your good to go.

      Reply
  7. Your information is OUTDATED. The way you describe above it NO LONGER POSSIBLE. One is getting different screens. First of all you need to subscribe. The PAUSE is no longer present.

    Reply
    • Thanks Wilfred! I’ll get the above info updated. It all still works fine. Sign up for a free account and you can use their DNS. Simply make sure you have the clouds set to grey, and you are good to go. It’s actually even easier than before. :)

      Reply
    • No, this is simply wrong. There is a button in Overview page. If you scroll at the very bottom, you’ll find an “Advanced Actions” section on lower right sidebar. Under which you can find a hyperlink (not a button) to Pause/Enable Cloudflare on Site.

      Reply
      • I’ve updated the post with the correct image. As mentioned above, that step isn’t actually needed if you want to use just the DNS. As long as the clouds are set to gray, none of Cloudflare’s network features will be used. I marked it as an optional step. Still useful to know where the “Pause” is.

        Reply
  8. Hey Brian,

    Great post, looking for the past 12 hours for similar info on YouTube and other sites. Going to switch all my sites to Cloudflare DNS only now.

    Reply
    • Hey Sumit,
      Yes, if you’re using Cloudflare for DNS, you’ll want to add all of our DNS records. If your domain doesn’t use www by default, then you can just add a CNAME for www.

      Reply
    • Hey Jose,
      I’ve tested Namecheap’s premium DNS in the past, and it’s very slow. I love Namecheap for domain name registrations, but I would stay away from their DNS, hosting, and other services.

      Reply

Leave a Comment