cloudflare · ranbel · Dec 26, 2025 · Dec 26, 2025 · Jan 14, 2026 · Jan 14, 2026
@@ -500,22 +500,33 @@
 /dns/zone-setups/partial-setup/convert-partial-to-full/ /dns/zone-setups/conversions/convert-partial-to-full/ 301
 /dns/zone-setups/partial-setup/convert-partial-to-secondary/ /dns/zone-setups/conversions/convert-partial-to-secondary/ 301
 /dns/zone-setups/reference/nameserver-assignment/ /dns/nameservers/nameserver-options/#assignment-method 301
-/dns/zone-setups/troubleshooting/dns-probe-finished-nxdomain/ /dns/troubleshooting/dns-probe-finished-nxdomain/ 301
-/dns/zone-setups/troubleshooting/nameservers/ /dns/zone-setups/full-setup/troubleshooting/ 301
+/dns/troubleshooting/dns-issues/ /dns/manage-dns-records/troubleshooting/ 301
+/dns/troubleshooting/dns-probe-finished-nxdomain/ /dns/manage-dns-records/troubleshooting/ 301
+/dns/troubleshooting/dns-probe-possible/ /dns/manage-dns-records/troubleshooting/ 301
+/dns/troubleshooting/faq/ /dns/faq/ 301
+/dns/zone-setups/troubleshooting/dns-probe-finished-nxdomain/ /dns/manage-dns-records/troubleshooting/ 301
+/dns/zone-setups/troubleshooting/nameservers/ /dns/nameservers/troubleshooting/ 301
+/dns/zone-setups/troubleshooting/cannot-add-domain/ /dns/zone-setups/troubleshooting/ 301
+/dns/zone-setups/troubleshooting/delete-all-records/ /dns/zone-setups/troubleshooting/ 301
+/dns/zone-setups/troubleshooting/domain-deleted/ /dns/zone-setups/troubleshooting/ 301
+/dns/zone-setups/troubleshooting/ /dns/zone-setups/troubleshooting/ 301
+/dns/zone-setups/troubleshooting/index/ /dns/zone-setups/troubleshooting/ 301
+/dns/zone-setups/full-setup/troubleshooting/ /dns/zone-setups/troubleshooting/ 301
+/dns/zone-setups/zone-transfers/troubleshooting/ /dns/zone-setups/troubleshooting/ 301
 /support/dns/ /dns/ 301
 /support/dns/dnssec/ /dns/dnssec/ 301
 /support/dns/how-to/ /dns/ 301
-/support/dns/troubleshooting/ /dns/troubleshooting/ 301
+/support/dns/troubleshooting/ /dns/faq/ 301
 /support/dns/advanced-topics/adding-vendor-specific-dns-records-to-cloudflare/ /dns/manage-dns-records/reference/vendor-specific-records/ 301
 /support/dns/advanced-topics/delegating-subdomains-outside-of-cloudflare/ /dns/manage-dns-records/how-to/subdomains-outside-cloudflare/ 301
 /support/dns/dnssec/troubleshooting-dnssec/ /dns/dnssec/troubleshooting/ 301
 /support/dns/how-to/warning-about-exposing-your-origin-ip-address-via-dns-records/ /dns/manage-dns-records/troubleshooting/exposed-ip-address/ 301
-/support/dns/troubleshooting/cloudflare-dns-faq/ /dns/troubleshooting/faq/ 301
-/support/dns/troubleshooting/dns-troubleshooting-faq/ /dns/troubleshooting/faq/ 301
-/support/dns/troubleshooting/email-undeliverable-when-using-cloudflare/ /dns/troubleshooting/email-issues/ 301
-/support/dns/troubleshooting/i-cannot-add-my-domain-to-cloudflare/ /dns/zone-setups/troubleshooting/cannot-add-domain/ 301
-/support/dns/troubleshooting/my-dns-doesnt-work/ /dns/troubleshooting/dns-issues/ 301
-/support/dns/troubleshooting/why-was-my-domain-deleted-from-cloudflare/ /dns/zone-setups/troubleshooting/domain-deleted/ 301
+/support/dns/troubleshooting/cloudflare-dns-faq/ /dns/faq/ 301
+/support/dns/troubleshooting/dns-troubleshooting-faq/ /dns/faq/ 301
+/support/dns/troubleshooting/email-undeliverable-when-using-cloudflare/ /dns/manage-dns-records/troubleshooting/email-issues/ 301
+/support/dns/troubleshooting/i-cannot-add-my-domain-to-cloudflare/ /dns/zone-setups/troubleshooting/ 301
+/support/dns/troubleshooting/my-dns-doesnt-work/ /dns/faq/ 301
+/support/dns/troubleshooting/why-was-my-domain-deleted-from-cloudflare/ /dns/zone-setups/troubleshooting/ 301
 
 # Durable Objects
 /durable-objects/api/hibernatable-websockets-api/ /durable-objects/best-practices/websockets/ 301

@@ -2,7 +2,7 @@
 pcx_content_type: troubleshooting
 title: Available debug endpoints
 sidebar:
-  order: 10
+  order: 101
   label: Debug endpoints
 ---
 

@@ -9,29 +9,29 @@ head:
     content: FAQs — DNS Firewall
 ---
 
-import { Details, GlossaryTooltip } from "~/components";
+import { GlossaryTooltip } from "~/components";
 
-<Details header="How does DNS Firewall choose a backend nameserver to query upstream?">
+## How does DNS Firewall choose a backend nameserver to query upstream?
 
 DNS Firewall alternates between a customer's nameservers, using an algorithm is more likely to send queries to the faster upstream nameservers than slower nameservers.
 
-</Details>
+---
 
-<Details header="How long does DNS Firewall cache a stale object?">
+## How long does DNS Firewall cache a stale object?
 
 DNS Firewall sets cache longevity according to allocated memory.
 
 As long as there is enough allocated memory, Cloudflare does not clear items from the cache forcefully, even when the TTL expires. This feature allows Cloudflare to serve stale objects from cache if your nameservers are offline.
 
-</Details>
+---
 
-<Details header="Does the DNS Firewall cache SERVFAIL?">
+## Does the DNS Firewall cache SERVFAIL?
 
 Yes. `SERVFAIL` is treated like any other negative answer for caching purposes. The default TTL is 30 seconds. You can use the [API](/api/resources/dns_firewall/methods/edit/) to set a different `negative_cache_ttl`.
 
-</Details>
+---
 
-<Details header="Does DNS Firewall support EDNS Client Subnet (ECS)?">
+## Does DNS Firewall support EDNS Client Subnet (ECS)?
 
 Yes. Often, DNS providers want to see a client's IP via <GlossaryTooltip term="EDNS Client Subnet (ECS)">EDNS Client Subnet (ECS)</GlossaryTooltip> ([RFC 7871](https://www.rfc-editor.org/rfc/rfc7871.html)) because they serve geographically specific DNS answers based on the client's IP. With EDNS Client Subnet enabled, the DNS Firewall will forward the client's IP subnet along with the DNS query to the upstream nameserver.
 
@@ -50,19 +50,17 @@ EDNS limits the effectiveness of the DNS cache.
 
 Some resolvers might not be sending any EDNS data. When you set the `ecs_fallback` parameter to `true` via the [API](/api/resources/dns_firewall/methods/edit/), DNS Firewall will forward the IP subnet of the resolver instead only if there is no EDNS data present in incoming the DNS query.
 
-</Details>
+---
 
-<Details header="Does DNS Firewall cache negative answers?">
+## Does DNS Firewall cache negative answers?
 
 Yes. The default TTL is 30 seconds. You can set `negative_cache_ttl` via the [API](/api/resources/dns_firewall/methods/edit/). This will affect the TTL of responses with status `REFUSED`, `NXDOMAIN`, or `SERVFAIL`.
 
-</Details>
+---
 
-<Details header="How can I set PTR records for nameserver hostnames?">
+## How can I set PTR records for nameserver hostnames?
 
 To set up PTR records for the DNS Firewall cluster IPs that point to your nameserver hostnames, use the following API endpoints:
 
 - [Show DNS Firewall Cluster Reverse DNS](/api/resources/dns_firewall/subresources/reverse_dns/methods/get/)
 - [Update DNS Firewall Cluster Reverse DNS](/api/resources/dns_firewall/subresources/reverse_dns/methods/edit/)
-
-</Details>
@@ -0,0 +1,31 @@
+---
+pcx_content_type: faq
+title: FAQ
+sidebar:
+  order: 10
+head:
+  - tag: title
+    content: DNSSEC FAQ
+---
+
+import { Render } from "~/components";
+
+## Why do I have to remove my DS record when signing up for Cloudflare?
+
+<Render file="dnssec-providers" product="dns" />
+
+For more help, refer to [Enabling DNSSEC in Cloudflare](/dns/dnssec/).
+
+---
+
+## What happens when I remove the DS record?
+
+When you remove your DS record, an invalidation process begins which results in the unsigning of your domain's DNS records. This will allow your authoritative nameservers to be changed. If you are an existing customer, this will not affect your ability to use Cloudflare. New customers will need to complete this step before Cloudflare can be used successfully.
+
+---
+
+## Does Cloudflare support EDNS0 (extension mechanisms for DNS)?
+
+Yes, Cloudflare DNS supports EDNS0. EDNS0 is enabled for all Cloudflare customers. It is a building block for modern DNS implementations that adds support for signaling if the DNS Resolver (recursive DNS provider) supports larger message sizes and DNSSEC.
+
+EDNS0 is the first approved set of mechanisms for [DNS extensions](http://en.wikipedia.org/wiki/Extension_mechanisms_for_DNS), originally published as [RFC 2671](https://datatracker.ietf.org/doc/html/rfc2671).
@@ -53,3 +53,15 @@ If your registrar does not support DNSSEC with Cloudflare's preferred cipher cho
 * File a [complaint with ICANN](https://www.icann.org/compliance/complaint), citing your registrar's lack of compliance.
 
 If your top-level domain does not support DNSSEC with Algorithm 13 (also known as *ECDSA Curve P-256 with SHA-256*), [contact that top-level domain](https://www.iana.org/domains/root/db).
+
+---
+
+## Resources
+
+### Troubleshooting
+
+- [DNSSEC troubleshooting](/dns/dnssec/troubleshooting/)
+
+### FAQ
+
+- [DNSSEC FAQ](/dns/dnssec/faq/)
@@ -0,0 +1,108 @@
+---
+pcx_content_type: faq
+source: https://support.cloudflare.com/hc/en-us/articles/360017421192-Cloudflare-DNS-FAQ
+title: General FAQ
+sidebar:
+  order: 100
+---
+
+import { Render, GlossaryTooltip } from "~/components";
+
+:::note[Feature-specific FAQs]
+
+For questions about specific DNS features, refer to:
+- [DNS records FAQ](/dns/manage-dns-records/faq/)
+- [Nameservers FAQ](/dns/nameservers/faq/)
+- [Zone setups FAQ](/dns/zone-setups/faq/)
+- [DNSSEC FAQ](/dns/dnssec/faq/)
+- [DNS Firewall FAQ](/dns/dns-firewall/faq/)
+
+:::
+
+## Is Cloudflare a free DNS (domain nameserver) provider?
+
+Yes. Cloudflare offers [free DNS services](https://www.cloudflare.com/dns) to customers on all plans. Note that:
+
+1. You do not need to change your hosting provider to use Cloudflare.
+2. You do not need to move away from your registrar. The only change you make with your registrar is to point the authoritative nameservers to the Cloudflare nameservers.
+
+---
+
+## Does Cloudflare charge for or limit DNS queries?
+
+Cloudflare never limits or caps DNS queries, but the pricing depends on your plan level.
+
+For customers on Free, Pro, or Business plans, Cloudflare does not charge for DNS queries.
+
+For customers on Enterprise plans, Cloudflare uses the number of monthly DNS queries as a pricing input to generate a custom quote.
+
+---
+
+## Why can't I make ANY queries to Cloudflare DNS servers?
+
+`ANY` queries are special and often misunderstood. They are usually used to get all record types available on a DNS name, but what they return is just any type in the cache of recursive resolvers. This can cause confusion when they are used for debugging.
+
+Because of Cloudflare's many advanced DNS features like CNAME flattening, it can be complex and even impossible to give correct answers to `ANY` queries. For example, when DNS records dynamically come and go or are stored remotely, it can be taxing or even impossible to get all the results at the same time.
+
+`ANY` is rarely used in production, but is often used in DNS reflection attacks, taking advantage of the lengthy answer returned by `ANY`.
+
+Instead of using `ANY` queries to list records, Cloudflare customers can get a better overview of their DNS records by logging in and checking their DNS app settings.
+
+The decision to block `ANY` queries was implemented for all Authoritative DNS customers in September 2015, and does not affect DNS Firewall customers.
+
+Read [Deprecating the DNS ANY meta-query type](https://blog.cloudflare.com/deprecating-dns-any-meta-query-type/) on the Cloudflare blog.
+
+---
+
+## Why are DNS queries returning incorrect results?
+
+Third-party tools can sometimes fail to return correct DNS results if a recursive DNS cache fails to refresh. In this circumstance, purge your public DNS cache via these methods:
+
+- [Purging your DNS cache at OpenDNS](http://www.opendns.com/support/cache/)
+- [Purging your DNS cache at Google](https://developers.google.com/speed/public-dns/cache)
+- [Purging your DNS cache locally](https://docs.cpanel.net/knowledge-base/dns/how-to-clear-your-dns-cache/)
+
+---
+
+## Why is my site showing DNS errors like "This site can't be reached"?
+
+In web browsers such as Safari or Chrome, there are several commonly observable DNS errors:
+
+- `This site can't be reached`
+- `This webpage is not available`
+- `err_name_not_resolved`
+- `Can't find the server`
+- [`Error 1001 DNS resolution error`](/support/troubleshooting/http-status-codes/cloudflare-1xxx-errors/error-1001/)
+
+Below are the most common causes for DNS resolution errors:
+
+**Mistyped domain or subdomain**: Verify that the domain or subdomain was correctly spelled in the request URL.
+
+**Missing DNS records**: Ensure that you have the necessary DNS records in the **DNS** app of your Cloudflare dashboard, including the [zone apex](/dns/manage-dns-records/how-to/create-zone-apex/) (e.g., `example.com`) and [subdomain](/dns/manage-dns-records/how-to/create-subdomain/) records (`www.example.com`, `blog.example.com`).
+
+**DNSSEC not disabled**: DNS resolution failures occur if [DNSSEC is not disabled](/dns/dnssec/#disable-dnssec) at your domain provider before you add the domain to Cloudflare.
+
+**Nameservers changed**: If your domain stops pointing to Cloudflare's nameservers, DNS resolution will stop functioning. [Check whether your domain uses Cloudflare's nameservers](/dns/zone-setups/full-setup/setup/#verify-changes).
+
+**Unresolved IP address**: In rare cases, the DNS resolver in the client requesting the URL might fail to resolve a DNS record to a valid IP address. Reload the page after a short wait. Using [Cloudflare's DNS resolver](/1.1.1.1/setup/) may help.
+
+---
+
+## What is DNS_PROBE_FINISHED_NXDOMAIN?
+
+`DNS_PROBE_FINISHED` means that the DNS request for a resource timed out and `NXDOMAIN` stands for non-existent domain. Together, these messages mean that the DNS query for a specific resource could not locate an associated domain.
+
+Though visitors sometimes encounter this error — or similarly worded messages from Safari, Edge, or Firefox — because of network or local DNS issues, it might point to an issue with your DNS records in Cloudflare.
+
+To resolve this error, verify that you have the necessary DNS records in the **DNS** app of your Cloudflare dashboard. For additional troubleshooting help, refer to the [Community troubleshooting guide](https://community.cloudflare.com/t/community-tip-fixing-the-dns-probe-finished-nxdomain-error/42818).
+
+---
+
+## What is DNS_PROBE_POSSIBLE?
+
+`DNS_PROBE_POSSIBLE` means that the resolver could not find DNS records for the requested hostname.
+
+Though visitors sometimes encounter this error — or similarly worded messages from Safari, Edge, or Firefox — because of network or local DNS issues, it might point to an issue with your DNS records in Cloudflare.
+
+To resolve this error, verify that you have the necessary DNS records in the **DNS** app of your Cloudflare dashboard.
+
@@ -43,6 +43,13 @@ Refer to [DNS features and availability](/dns/reference/all-features/) for a com
 
 ***
 
+## Resources
+
+- [General FAQ](/dns/faq/) - Common questions about Cloudflare DNS
+- [DNS debug endpoints](/dns/dns-debug-endpoints/) - Tools for debugging DNS issues
+
+***
+
 ## Related products
 
 <RelatedProduct header="Registrar" href="/registrar/" product="registrar">

@@ -0,0 +1,110 @@
+---
+pcx_content_type: faq
+title: FAQ
+sidebar:
+  order: 13
+head:
+  - tag: title
+    content: DNS records FAQ
+---
+
+import { Render } from "~/components";
+
+## Does Cloudflare limit the number of DNS records a domain can have?
+
+Yes. All customers have a limit on the number of DNS records they can create.
+
+- Free: 200
+- Pro: 3,500
+- Business: 3,500
+- Enterprise: 3,500
+
+Free zones created before 2024-09-01 00:00:00 UTC have an increased limit of 1,000.
+
+:::note[For more DNS records]
+
+If you are an Enterprise customer and require more DNS records, contact your account team. Cloudflare can support millions of DNS records on a single zone.
+
+:::
+
+---
+
+## Which record types can Cloudflare proxy?
+
+Only `A`, `AAAA`, and `CNAME` records can be proxied. Cloudflare will not proxy any other [DNS record types](/dns/manage-dns-records/reference/dns-record-types/).
+
+---
+
+## How do I add ANAME records on Cloudflare?
+
+<Render file="aname-alias-callout" product="dns" />
+
+---
+
+## Does Cloudflare support wildcard DNS entries?
+
+Cloudflare supports wildcard '\*' DNS records, both proxied and unproxied, on all plans.
+
+---
+
+## How long does it take for a DNS change I made to push out?
+
+By default, any changes or additions you make to your Cloudflare zone file will take effect globally within 5 minutes, usually much less.
+
+Depending on the Time-to-Live (TTL) set on the previous [DNS record](/dns/manage-dns-records/how-to/create-dns-records/), old data may still remain cached until the TTL expires. Proxied records expire after 5 minutes ("Automatic"), but the TTL for unproxied records can be customized.
+
+If changes to records with large TTLs are anticipated, it may make sense to reduce the TTL ahead of time so that the change takes effect as quickly as possible.
+
+---
+
+## What should I do if I change my server IP address or hosting provider?
+
+After switching hosting providers or server IP addresses, update the IP addresses in your Cloudflare **DNS** app. Your new hosting provider will provide the new IP addresses that your DNS should use.  To modify DNS record content in the **DNS** app, click on the IP address, and enter the new IP address.
+
+---
+
+## Why am I getting hundreds of random DNS records after adding my domain?
+
+This can happen when you had a wildcard `*` record configured at your previous authoritative DNS, and for some reason the wildcard record was not detected. You can remove these records in bulk [using the API](/api/resources/dns/subresources/records/methods/delete/).
+
+Alternatively, you can also:
+
+1. [Remove your domain](/fundamentals/manage-domains/remove-domain/) from Cloudflare.
+2. Delete the wildcard record from your authoritative DNS.
+3. [Re-add](/fundamentals/manage-domains/add-site/) the domain.
+
+---
+
+## What IP should I use for parked domain / redirect-only / originless setup?
+
+In the case a placeholder address is needed for "originless" setups, use the IPv6 reserved address `100::` or the IPv4 reserved address `192.0.2.0` in your Cloudflare DNS to create a [proxied DNS record](/dns/proxy-status/) that can use Cloudflare [Redirect Rules](/rules/url-forwarding/), [Page Rules](/rules/page-rules/), or [Cloudflare Workers](/workers/).
+
+---
+
+## Can I CNAME a domain not on Cloudflare to a domain that is on Cloudflare?
+
+No. If you would like to do a redirect for a site not on Cloudflare, then set up a traditional `301` or `302` redirect on your origin web server.
+
+Redirecting non-Cloudflare sites via `CNAME` records would cause a DNS resolution error. Since Cloudflare is a reverse proxy for the domain that is on Cloudflare, the `CNAME` redirect for the domain (not on Cloudflare) would not know where to send the traffic to.
+
+---
+
+## 403 Authentication error when creating DNS records using Terraform
+
+**Problem Description**
+
+`Error: failed to create DNS record: HTTP status 403: Authentication error (10000)` is returned when using Terraform with Cloudflare API.
+
+**Root Cause**
+
+Error seems to be misleading, as the error was found to be in customer code syntax, specifically: `zone_id = data.cloudflare_zones.example_com.id`
+
+**Solution**
+
+Make sure the argument `zone_id = data.cloudflare_zones.example_com.zones[0].id`. A more detailed use case can be found in [this GitHub thread](https://github.com/cloudflare/terraform-provider-cloudflare/issues/913).
+
+---
+
+## Why are Cloudflare's A or AAAA records / IP addresses for my domain's DNS responses appearing?
+
+For DNS records proxied to Cloudflare, Cloudflare's IP addresses are returned in DNS queries instead of your original server IP address. This allows Cloudflare to optimize, cache, and protect all requests for your website.