Set up a child domain

When using a subdomain setup, the steps to create a child domain depend on the parent domain’s setup and whether the child domain already exists.

Available setups

Parent zone	Child zone	Available
Full or Secondary	Full	Yes
Full or Secondary	Secondary	Yes
Full or Secondary	Partial	No
Partial	Full	Yes
Partial	Secondary	Yes
Partial	Partial	Yes

Parent domain on full setup

If the parent domain is using a full setup¹, your child domain setup depends on whether the child domain already exists.

Subdomain does not exist in the parent domain

If you have not yet created a DNS record covering your child domain in the parent domain:

Add the child domain to the parent domain’s Cloudflare account or another account.
Get the nameserver names for the child domain. These will not be the same nameservers as the parent domain.
Within the DNS > Records of the parent zone, add two NS records in the parent zone for the subdomain you want to delegate.
For example, if you delegated www.example.com, you might add the following records to example.com:
Type Name Content
NS www john.ns.cloudflare.com
NS www melinda.ns.cloudflare.com
After a few minutes, the child domain will be active.
Create the various DNS records needed for your child domain.
(Optional) Enable DNSSEC on the child domain.

Type	Name	Content
`NS`	www	john.ns.cloudflare.com
`NS`	www	melinda.ns.cloudflare.com

Subdomain already exists in the parent domain

If you have already created a DNS record covering your child domain in the parent domain:

Add the child domain to the parent domain’s Cloudflare account or another account.
In your child domain, re-create all DNS records that relate to your child domain. This includes all DNS records deeper than the delegated subdomain, meaning that if you are delegating www.example.com, you should also move over records for api.www.example.com.
Cloudflare recommends exporting records from the parent domain, deleting all unnecessary records, and then importing the records into your new zone.
In the parent domain, make sure that you migrate over any settings (Firewall rules, Rules, Workers, and more) that might be needed for the child domain.
In the child domain, order an advanced SSL certificate that covers the child subdomain and any deeper subdomains (if present).
Get the nameserver names for the child domain. These will not be the same nameservers as the parent domain.
Within the DNS > Records of the parent zone, delete all non-address records (meaning everything except for A, AAAA, and CNAME records).
Within the DNS > Records of the parent zone, leave one address record and delete the rest.
Using the Cloudflare API, send a PATCH request to change the type of the last address record to NS and its content to one of the child domain’s nameserver names.
Within the DNS > Records of the parent zone, create the second NS record in the parent zone for the subdomain you want to delegate.
For example, if you delegated www.example.com, you might add the following records to example.com:
Type Name Content
NS www john.ns.cloudflare.com
Flush the address records of your child domain in public resolvers ( 1.1.1.1 and 8.8.8.8).
Within a short period of time, the child domain should be active.
(Optional) Enable DNSSEC on the child domain.

Type	Name	Content
`NS`	www	john.ns.cloudflare.com

Parent domain on partial setup

If the parent domain is using a partial setup², your child domain setup depends on whether the child domain already exists.

Subdomain does not exist in the parent domain

If you have not yet created a DNS record covering your child domain in the parent domain:

Add the child domain in the same or a new account.
Convert the child zone to a partial setup.
Create the various DNS records needed for your child domain.
Add the TXT verification record at your authoritative DNS provider.
Within a short period of time, the child domain should be active.
Add a CNAME record at your authoritative DNS provider.

Subdomain already exists in the parent domain

If you have already created a DNS record covering your child domain in the parent domain:

Add the child domain in the same or a new account.
Convert the child zone to a partial setup.
In your child domain, re-create all DNS records that relate to your child domain. This includes all DNS records deeper than the delegated subdomain, meaning that if you are delegating www.example.com, you should also move over records for api.www.example.com.
Cloudflare recommends exporting records from the parent domain, deleting all unnecessary records, and then importing the records into your new zone.
In the parent domain, make sure that you migrate over any settings (Firewall rules, Rules, Workers, and more) that might be needed for the child domain.
In the child domain, order an advanced SSL certificate that covers the child subdomain and any deeper subdomains.
Add the TXT verification record at your authoritative DNS provider.
Within a short period of time, the child domain should be active.
Within the DNS > Records of the parent zone, delete any A, AAAA, or CNAME records referencing the child domain or any of its deeper subdomains.

Meaning that Cloudflare is your Authoritative DNS provider. ↩︎
Meaning that another DNS provider - not Cloudflare - maintains your Authoritative DNS. ↩︎

Set up a child domain

​​ Available setups

​​ Parent domain on full setup

​​ Subdomain does not exist in the parent domain

​​ Subdomain already exists in the parent domain

​​ Parent domain on partial setup

​​ Subdomain does not exist in the parent domain

​​ Subdomain already exists in the parent domain

Available setups

Parent domain on full setup

Subdomain does not exist in the parent domain

Subdomain already exists in the parent domain

Parent domain on partial setup

Subdomain does not exist in the parent domain

Subdomain already exists in the parent domain