How to Use Cloudflare DNS Without CDN or WAF

I’m a big fan of DNS Made Easy, and it’s what I use for all of my sites. However, I also recommend Cloudflare DNS for those that need a free solution that is fast and has great uptime. It’s definitely much better than simply using your domain registrar’s DNS. Check out these quick steps below on how to use Cloudflare DNS without the CDN or web application firewall (WAF).

Why Only Use Cloudflare DNS?

You might be wondering why you wouldn’t want to also use Cloudfare’s CDN as well? Well, in my personal experience they have a much higher time to first byte (TTFB), and therefore I prefer to use a 3rd-party CDN provider like KeyCDN. Their TTFB is simply higher because they are a full proxy service. This is to be expected because they are adding another layer before people hit your origin server. Note: The full web application firewall (WAF) is only on their paid plans. Check out our post on Cloudflare vs KeyCDN.

In some cases, their performance enhancements can make up for their TTFB, but not for those that are serious about optimization. You could also go with full page caching, but this has its own downfalls, as you’ll have to have workarounds for dynamic parts of your site. This can be especially complex and frustrating to setup for WordPress e-commerce sites. Reports have also shown that Cloudflare’s new Argo service can also help decrease your TTFB. But it isn’t free.

So you always have the option of using only Cloudflare’s DNS which is completely free.

Step 1

The first thing to do is add your site at Cloudflare. Click on “Add Site” and then on “Scan DNS Records.”

Add site to Cloudflare
Add site to Cloudflare

Step 2

Scan for your DNS records. If it doesn’t detect anything you can add them. The important part here is that you want your A record and optional AAAA records to be marked with the gray cloud. This ensures that the traffic bypasses Cloudflare’s network.

Cloudflare DNS records
Cloudflare DNS records

For basic setups, I would also recommend adding a CNAME for www that points to your main domain.

Cloudflare CNAME www
Cloudflare CNAME www

Step 3

Select the free Cloudflare plan and click “Continue.”

Cloudflare free plan
Cloudflare free plan

Step 4

You will then need to point your current nameservers with your domain registrar to Cloudflare. Note: From this point forward you will manage all of your DNS records with Cloudflare. This includes MX records, CNAMEs, etc.

Change nameservers to Cloudflare
Change nameservers to Cloudflare

Step 5

Go to the “Overview” tab, click on “Advanced,” and then click on “Pause.” This will ensure that only DNS is being routed by Cloudflare, nothing else.

Pause Cloudflare
Pause Cloudflare

And that’s it! You are now only using Cloudflare DNS without their CDN or firewall functionality.


As you can see, using only Cloudflare’s DNS service is super easy. What are your thoughts? Who do you prefer or use for your DNS provider? Let me know below in the comments.

Get More Stuff Like This

Marketing, WordPress, Blogging Tips, SEO and Reviews, once a week.

Thank you for subscribing.

Something went wrong.

16 thoughts on “How to Use Cloudflare DNS Without CDN or WAF”

  1. I never thought about doing this. That’s a good idea ;) I do use CloudFlare but I am using the WAF – while WPEngine (we have a dedicated server there) has their own firewall we were still getting hundreds of thousands of SPAM bot traffic and Cloudflare completely eliminated it. Not sure about their CDN though, seems pretty fast to me (at least in the US) but now you are making me wonder….

    Are you by any chance available for hire for site optimizations/site audit? (SEO+Speed) – I would be interested if you want to hit me up ;)

    – AJ

    • Hey AJ,
      I have encountered the same thing on a few of my sites this year as well. Out of the blue, they were getting hundreds of thousands of requests from proxy IP addresses. I did a comparison of both Cloudflare and Sucuri, and I can tell you I prefer Sucuri from a performance perspective. Even though their network is smaller, I saw better speeds.

      Unfortunately I don’t have any time for audits right now :( If I get 6 hours a sleep it’s a good day lol.

    • Ya it depends. Their TTFB is really bad. But this is simply because of full proxy. Some will say TTFB doesn’t matter, but I don’t agree with that. However, if you do full-page caching this can be fixed. But this is kind of a pain on some WordPress sites. So for me it kind of depends on the site. Agreed, you can’t beat the size of Cloudflare’s network :)

  2. Hey Brian,

    I am using Cloudflare and it works for me. I am using full page cache by Cloudflare together with WAF. Maybe TTFB is a little bit higher but it makes my site loads much faster on the other side of the globe because of Cloudflare page cache.

    What do you mean by “Bad TTFB”?

    • Hey Patrik, Cloudflare is known for high TTFB if you aren’t using full page cache. This is because they are a fully proxy service. A lot of people don’t use full page cache correctly because this requires rules be set up and with e-commerce shops especially it can get very confusing. If you have full page cache setup, then you should be good to go! I just prefer to use a traditional CDN.

  3. If you’re using Cloudflare’s free SSL however I’m not sure this will work. Turning off Cloudflare’s proxy server and only using them for DNS seems to break the SSL usage. I get a “Site is unsecure” error in browser when I do this.

    • You are correct. If you’re using any other feature that Cloudflare offers you’ll need to use the proxy server part of their service for it to work properly. This will only work if you want to only use their DNS feature by itself. Many hosts now offer free SSL certificates.

      • Actually, strike that Brian. I can still use Cloudflare’s SSL even if I’m only using their DNS services and not the HTTP proxy. But I’m not sure how many of CF’s other services work without the proxy.

        • Hi for me the ssl is not working if i bypass CF network and just set CF dns….does the ssl take time to generate and work or it works right away after configuration.

  4. Recently set up JetPack and getting all these messages about downtime — thus, what led me to your post. Thank you for a well written explanation on DNS and how to set up free Cloudflare. I’ve dabbled with a simple website (sorta a resume online) for the last 20 years but have not kept up with all the advancements. Since retiring I’ve had more time to spend on it and am discovering all these things that need updating but not having a clue as to what you all are talking about. Thank you for answering one of several questions — now to see if I really understand the process!

  5. I have been using DNSMadeEasy for a while now, but I have been thinking about switching to CloudFlare for my DNS as well as for their super cheap domain name registration. I use CloudFlare for some other sites and have always been happy (They are not super optimised sites anyway so things like TTFB is not a deal breaker, their size of network and reputation and known brand name helps a heap though).

    I am just curious if I will miss anything switching over from DNSMadeEasy? I don’t use vanity/custom NS. Anything to reduce costs is a bonus. I assume most of the features I am used to are available with CloudFlare like HTTP redirection, etc.?

    • Hey Mark! So here are my personal thoughts on this.

      #1. I use a mix of DNS Made Easy and Cloudflare right now on my sites for DNS. There DNS speeds are almost identical now, however, Cloudflare has slightly faster speeds in my opinion on some other continents. DNS Made Easy is blazing fast in the states.

      If you’re only using Cloudflare’s DNS (not their WAF/proxy) you won’t see any increase in TTFB. That only happens when you’re putting your site behind the WAF.

      #2. I have a post that touches a little bit on URL redirects with Cloudflare.

      #3. My one word of warning would be not to combine your DNS and domains with the same company. For example, I have my DNS with one company (or two rather), my domains with another, and my hosting with another. Why? Security.

      Yes, you should have two-factor authentication. But just think if someone did manage to hack your account. You wouldn’t want them having access to both DNS and domain ownership at the same time. At least I wouldn’t. That’s why I always recommend keeping these services separate. Especially if your websites are how you make a living.

  6. Hello Brian,

    A great post indeed. However, please help me with: While setting up DNS with CF, you asked to add A and CNAME record for (say) But I’ve one more CNAME record for the CDN, i.e., (pointing to So do I need to add it as well in CF dashboard and mark all CNAMEs with grey cloud?


    • Yes, you can add as many additional DNS records as you want. You can add a CNAME for your CDN. Just click the grey cloud and your good to go.

Leave a Comment