Skip to content

DNS records

When you create a load balancer, Cloudflare automatically creates an LB DNS record for the specified Hostname. This functionality allows you to use a hostname with or without an existing DNS record.

Supported records

For customers on non-Enterprise plans, Cloudflare supports load balancing for A, AAAA, and CNAME records.

For customers on Enterprise plans, Cloudflare supports load balancing for A, AAAA, CNAME, MX, and SRV records.

Priority order

For hostnames with existing DNS records, the LB record takes precedence when it is more or equally specific:

  • Scenario 1:

    • A, AAAA, or CNAME: x.example.com
    • LB record: x.example.com
    • Outcome: LB record takes precedence because it is as specific as the DNS record.
  • Scenario 2:

    • A, AAAA, or CNAME: y.example.com
    • LB record: *.example.com (wildcard record)
    • Outcome: DNS record takes precedence because it is more specific.
  • Scenario 3:

    • A, AAAA, or CNAME: *.example.com
    • LB record: *.example.com
    • Outcome: LB record takes precedence because it is as specific as the DNS record.

Disabling a load balancer

When you disable a load balancer, requests to a specific hostname depend on your existing DNS records:

  • If you have existing DNS records, these records will be served.
  • If there are no existing records, requests to the hostname will fail.

In both cases, disabling your load balancer prevents traffic from going to any associated endpoint or fallback pools.

If you already have an existing A, AAAA, or CNAME record, be aware that the change may take some time to propagate due to Time to Live (TTL) and any record changes is affected, as your local DNS cache may take longer to update.

SSL/TLS coverage

Due to internal limitations, Cloudflare Universal SSL certificates do not cover load balancing hostnames by default. This behavior will be corrected in the future.

As a current workaround for a domain or first-level subdomain (lb.example.com), create a proxied CNAME/A/AAAA record for that hostname.

For example, if your load balancer hostname was lb.example.com, you could create the following record solely for the purpose of SSL/TLS coverage.

TypeNameIPv4 addressProxy status
Alb192.0.2.1Proxied

Based on the priority order, it would not receive any traffic because it is as equally specific as the LB hostname.

To get coverage for any deeper subdomain (lb.dev.example.com), purchase an advanced certificate.