Cloudflare DNS Setup Prompt
Context
Use this prompt when configuring DNS records and settings in Cloudflare for Pacing Agency or client domains. Common use cases include:
- Setting up new client websites on Webflow
- Configuring subdomains for self-hosted services
- Moving existing domains to Cloudflare
- SSL/TLS configuration
- Setting up page rules and caching
This prompt will help you:
- Configure DNS records correctly
- Set appropriate proxy settings
- Configure SSL/TLS for security
- Set up page rules for performance
- Document DNS configuration
Prerequisites
- Cloudflare account access - Login to Cloudflare dashboard
- Domain name - Know which domain/subdomain to configure
- Destination - IP address or CNAME target
- Purpose - Understand what service is being configured
- SSL requirements - Know if SSL certificate is needed
See Cloudflare Tool Documentation for account details, existing domains, and configuration patterns.
Prompt Template
I need to configure DNS and settings in Cloudflare for the following domain:
**Domain Information:**
- Domain/subdomain: [DOMAIN_NAME]
- Purpose: [PURPOSE]
- Destination: [DESTINATION] (IP address or CNAME)
- Owner: [OWNER] (Client/Pacing internal)
**DNS Configuration:**
- Record type: [RECORD_TYPE] (A/CNAME/MX/TXT)
- Hostname: [HOSTNAME] (@ for root, subdomain for subdomain)
- Target: [TARGET] (IP address or domain)
- Proxy status: [PROXY_STATUS] (Proxied/DNS only)
- TTL: [TTL] (Auto or specific value)
**SSL/TLS Configuration:**
- SSL/TLS encryption mode: [SSL_MODE] (Flexible/Full/Full (strict))
- Certificate type: [CERT_TYPE] (Universal/Custom/Let's Encrypt)
- Always Use HTTPS: [HTTPS_REDIRECT] (Yes/No)
- HSTS: [HSTS_STATUS] (Enabled/Disabled)
**Page Rules (if needed):**
- Rule URL pattern: [URL_PATTERN]
- Settings: [RULE_SETTINGS] (Cache level, SSL mode, forwarding)
- Priority: [PRIORITY]
**Caching Configuration:**
- Browser Cache TTL: [CACHE_TTL]
- Caching Level: [CACHE_LEVEL] (No query string/Ignore query string/Standard)
- Development Mode: [DEV_MODE] (On temporarily for testing)
Please provide:
1. **Step-by-step DNS configuration**:
- Exact DNS records to create
- Proxy settings explanation
- TTL recommendations
2. **SSL/TLS configuration steps**:
- Encryption mode selection
- Certificate setup
- Verification process
3. **Page rules setup** (if applicable):
- Rule configuration
- Settings explanation
- Priority ordering
4. **Verification checklist**:
- DNS propagation check
- SSL certificate validation
- Page load test
- Cache test
5. **Common issues and solutions**:
- SSL errors
- Redirect loops
- Cache problems
6. **Documentation template** for adding to `tools/cloudflare.md`
Include:
- Screenshots of key settings (describe what to look for)
- Testing commands (dig, curl, etc.)
- Troubleshooting tips
- Expected propagation times
Format with clear sections and code blocks for commands.
Variables to Customize
| Variable | Description | Example |
|---|---|---|
[DOMAIN_NAME] | Full domain or subdomain | "pacing.agency", "docs.pacing.agency", "client-site.com" |
[PURPOSE] | What this DNS record is for | "Webflow website", "n8n automation server", "Email service" |
[DESTINATION] | Where traffic should go | "76.76.21.21" (Webflow), "91.98.150.95" (our server) |
[OWNER] | Who owns the domain | "Pacing Agency", "Client Name" |
[RECORD_TYPE] | DNS record type | A, AAAA, CNAME, MX, TXT, SRV |
[HOSTNAME] | Hostname portion | "@" (root), "www", "docs", "n8n" |
[TARGET] | Where record points | IP address, domain name |
[PROXY_STATUS] | Cloudflare proxy | "Proxied" (orange cloud), "DNS only" (grey cloud) |
[TTL] | Time to live | "Auto", "1 hour", "1 day" |
[SSL_MODE] | SSL encryption mode | "Flexible", "Full", "Full (strict)" |
[CERT_TYPE] | SSL certificate type | "Universal SSL", "Let's Encrypt", "Custom" |
[HTTPS_REDIRECT] | Force HTTPS | "Yes" (recommended), "No" |
[HSTS_STATUS] | HTTP Strict Transport Security | "Enabled", "Disabled" |
[URL_PATTERN] | Page rule pattern | "*pacing.agency/*", "docs.pacing.agency/*" |
[RULE_SETTINGS] | Page rule settings | "Cache Everything", "SSL: Full", "Forwarding URL" |
[PRIORITY] | Page rule priority | "1" (highest), "2", "3" |
[CACHE_TTL] | Browser cache duration | "4 hours", "1 day", "1 month" |
[CACHE_LEVEL] | Caching behaviour | "Standard", "Ignore Query String", "No Query String" |
[DEV_MODE] | Development mode | "On" (testing), "Off" (production) |
Common Configuration Patterns
Webflow Website (Client)
- Record: CNAME @ → proxy-ssl.webflow.com
- Proxy: Proxied (orange cloud)
- SSL: Full
- HTTPS redirect: Yes
Self-Hosted Service (Internal)
- Record: A subdomain → server IP
- Proxy: Proxied (orange cloud)
- SSL: Full (strict)
- HTTPS redirect: Yes
Email Service (MX Records)
- Record: MX @ → mail server
- Proxy: DNS only (grey cloud)
- TTL: Auto
- Priority: 10, 20
Expected Output
The AI should provide:
1. DNS Record Configuration
DNS Records to Create:
1. A Record (Root Domain)
- Type: A
- Name: @
- Content: 76.76.21.21
- Proxy status: Proxied (orange cloud)
- TTL: Auto
2. CNAME Record (www subdomain)
- Type: CNAME
- Name: www
- Content: pacing.agency
- Proxy status: Proxied (orange cloud)
- TTL: Auto
2. SSL/TLS Configuration
SSL/TLS Settings:
1. Navigate to SSL/TLS > Overview
2. Set encryption mode: Full (strict)
3. Enable "Always Use HTTPS"
4. Enable "Automatic HTTPS Rewrites"
5. Configure HSTS:
- Max-Age: 6 months
- Include subdomains: Yes
- Preload: No (unless specifically required)
3. Page Rule Example
Page Rule Configuration:
1. URL pattern: *pacing.agency/*
2. Settings:
- Cache Level: Standard
- Browser Cache TTL: 4 hours
- SSL: Full
3. Priority: 1
4. Verification Commands
# Check DNS propagation
dig pacing.agency
dig www.pacing.agency
# Check DNS with specific nameserver
dig @1.1.1.1 pacing.agency
# Check SSL certificate
curl -I https://pacing.agency
# Check headers
curl -IL https://pacing.agency
# Full SSL test
openssl s_client -connect pacing.agency:443 -servername pacing.agency
5. Documentation Template
### [Domain Name]
**Purpose**: [DESCRIPTION]
**Owner**: [OWNER]
**Cloudflare zone**: [ZONE_ID]
**Created**: [DATE]
**DNS Records**:
- A/CNAME: `[RECORD_DETAILS]`
- MX: `[MX_RECORDS]` (if applicable)
- TXT: `[TXT_RECORDS]` (if applicable)
**SSL/TLS**: [SSL_MODE]
**Proxy status**: [PROXIED/DNS_ONLY]
**Page Rules**:
- Rule 1: [DESCRIPTION]
- Rule 2: [DESCRIPTION]
**Related services**:
- [SERVICE_1]
- [SERVICE_2]
Follow-up Actions
After configuring DNS:
1. Document in Cloudflare Tool Doc
Add domain configuration to tools/cloudflare.md:
### [Domain Name]
**Owner**: [OWNER]
**Purpose**: [DESCRIPTION]
**DNS**: [DNS_SUMMARY]
**SSL**: [SSL_MODE]
**Created**: [DATE]
2. Wait for DNS Propagation
DNS changes can take time to propagate:
- Cloudflare cache: 1-5 minutes
- ISP caches: 1-24 hours
- Global propagation: Up to 48 hours (rarely)
Check propagation status:
# Use DNS Checker tool
# https://dnschecker.org
# Or command line
dig @8.8.8.8 [DOMAIN]
dig @1.1.1.1 [DOMAIN]
3. Verify SSL Certificate
Once DNS is propagated, verify SSL:
# Check certificate details
openssl s_client -connect [DOMAIN]:443 -servername [DOMAIN] < /dev/null
# Check HTTP to HTTPS redirect
curl -I http://[DOMAIN]
# Should return 301 redirect to https://
# Check final response
curl -IL https://[DOMAIN]
# Should return 200 OK
4. Test Page Rules
If configured page rules, test they're working:
# Check caching headers
curl -I https://[DOMAIN]
# Look for "cf-cache-status" header
# Check SSL mode
curl -I https://[DOMAIN]
# Should return 200 OK with SSL
# Test redirect rules
curl -IL http://old-url.com
# Should redirect to new URL
5. Update Related Documentation
If DNS is for a service, update relevant docs:
- Webflow site → Update
tools/webflow.md - Self-hosted service → Update service doc (e.g.,
tools/n8n.md) - Client site → Update client documentation
6. Configure Monitoring
Set up monitoring for:
- SSL certificate expiry (Cloudflare auto-renews)
- Domain expiry (set calendar reminder)
- DNS health (use monitoring service)
- Uptime (use Cloudflare Analytics or external monitor)
Related Documentation
- Cloudflare Tool Documentation - All domains and configuration
- Webflow Documentation - Webflow DNS requirements
- Hetzner Documentation - Self-hosted server IPs
- Architecture - Infrastructure overview
Success Criteria
Before considering DNS setup complete, verify:
✅ DNS records are created correctly
✅ Proxy status is appropriate (orange/grey cloud)
✅ SSL/TLS is configured and working
✅ HTTPS redirect is functioning
✅ DNS has propagated (test from multiple locations)
✅ SSL certificate is valid and trusted
✅ Page rules are working (if configured)
✅ Domain is documented in tools/cloudflare.md
✅ Related service docs are updated
✅ Monitoring is configured
Common Issues
Issue: SSL certificate error (NET::ERR_CERT_COMMON_NAME_INVALID)
Symptoms: Browser shows SSL error, certificate doesn't match domain
Solutions:
- Wait for DNS propagation (can take 5-10 minutes)
- Clear browser cache and cookies
- Check DNS records point to correct destination:
dig [DOMAIN]
# Should show Cloudflare IP if proxied - Verify SSL mode is appropriate:
- Flexible: Origin doesn't have SSL (use only if necessary)
- Full: Origin has any SSL (self-signed OK)
- Full (strict): Origin has valid SSL (recommended)
- Force SSL certificate regeneration:
- Disable Universal SSL
- Wait 1 minute
- Re-enable Universal SSL
Issue: Too many redirects (ERR_TOO_MANY_REDIRECTS)
Symptoms: Browser shows redirect loop error
Solutions:
- Check SSL/TLS mode:
- If origin has SSL → Use "Full" or "Full (strict)"
- If origin has no SSL → Use "Flexible"
- Check for conflicting redirects:
- Cloudflare page rule forcing HTTPS
- Origin server also forcing HTTPS
- Solution: Disable one of them
- Check "Always Use HTTPS" setting:
- Disable temporarily to test
- Re-enable after fixing loop
- Clear browser cache and test in incognito
Issue: DNS not resolving
Symptoms: Browser shows "DNS_PROBE_FINISHED_NXDOMAIN" or "Server not found"
Solutions:
- Wait for DNS propagation (5-10 minutes minimum)
- Check DNS records are correct:
- Correct record type (A/CNAME)
- Correct hostname (@ for root, subdomain for subdomain)
- Correct target (IP or domain)
- Check nameservers:
dig NS [DOMAIN]
# Should show Cloudflare nameservers - Verify domain is active in Cloudflare:
- Check DNS status in Cloudflare dashboard
- Look for "Active" status
- Test with different DNS server:
dig @1.1.1.1 [DOMAIN]
dig @8.8.8.8 [DOMAIN]
Issue: Caching problems (showing old content)
Symptoms: Website shows outdated content, changes not visible
Solutions:
- Enable Development Mode temporarily:
- Cloudflare dashboard → Caching → Development Mode: On
- Bypasses cache for 3 hours
- Purge Cloudflare cache:
- Caching → Configuration → Purge Everything
- Or purge specific URLs
- Check browser cache:
- Hard refresh (Cmd+Shift+R / Ctrl+Shift+R)
- Or clear browser cache
- Check page rule cache settings:
- Ensure cache rules are appropriate
- Consider reducing cache TTL during development
Issue: Subdomain not working
Symptoms: Root domain works but subdomain doesn't
Solutions:
- Check subdomain DNS record exists:
dig subdomain.domain.com - Verify record configuration:
- Correct name (subdomain part only, not full domain)
- Correct target (IP or domain)
- Wait for propagation (subdomains can take longer)
- Check wildcard DNS if using:
dig *.domain.com
Cost Considerations
Cloudflare Plans
Free Plan - £0/month
- Unlimited DNS records
- Basic DDoS protection
- Universal SSL certificate
- 3 page rules
- 100+ global data centres
- Use for: Most client sites and internal services
Pro Plan - £18/month per domain
- Everything in Free
- 20 page rules
- Advanced caching (30-day analytics)
- Image optimization
- Use for: High-traffic client sites
Business Plan - £182/month per domain
- Everything in Pro
- 50 page rules
- Custom SSL certificates
- Advanced DDoS protection
- 100% uptime SLA
- Use for: Enterprise clients only
Current Usage
See Cloudflare Tool Documentation for details on all domains and plans.
Most domains use Free plan - sufficient for:
- Webflow websites
- Self-hosted services
- Email configuration
- SSL/TLS encryption
Examples
Example 1: Webflow Client Website
Domain: client-site.com
Purpose: Client Webflow website
Record: CNAME @ → proxy-ssl.webflow.com
Proxy: Proxied (orange cloud)
SSL: Full
HTTPS redirect: Yes
Configuration:
- DNS: CNAME @ → proxy-ssl.webflow.com
- DNS: CNAME www → proxy-ssl.webflow.com
- SSL/TLS: Full
- Always Use HTTPS: Enabled
- Page Rule: Cache Standard, 4 hours
Example 2: Self-Hosted n8n Subdomain
Domain: n8n.pacing.agency
Purpose: n8n automation server
Record: A n8n → 91.98.150.95
Proxy: Proxied (orange cloud)
SSL: Full (strict)
HTTPS redirect: Yes
Configuration:
- DNS: A n8n → 91.98.150.95
- SSL/TLS: Full (strict) (server has Let's Encrypt certificate)
- Always Use HTTPS: Enabled
- HSTS: Enabled
- Page Rule: SSL: Full (strict), No cache
Example 3: Email Service (MX Records)
Domain: pacing.agency
Purpose: Email service (Google Workspace)
Records: MX @ → Google mail servers
Proxy: DNS only (grey cloud)
TTL: Auto
Configuration:
- MX @ → aspmx.l.google.com (Priority 1)
- MX @ → alt1.aspmx.l.google.com (Priority 5)
- MX @ → alt2.aspmx.l.google.com (Priority 5)
- TXT @ → v=spf1 include:_spf.google.com ~all
- CNAME mail → ghs.googlehosted.com (for Gmail web interface)
Last updated: 2026-01-07
Tested on: Cloudflare Free Plan
Estimated time: 15 minutes (setup + propagation)