Set up a child domain

When using a subdomain setup, the steps to create a child domain depend on the parent domain’s setup and whether the child domain already exists.

Subdomain setup is only available for Enterprise accounts.

​​ Available setups

​​ Parent domain on full setup

If the parent domain is using a full setup¹, your child domain setup depends on whether the child domain already exists.

​​ Subdomain does not exist in the parent domain

If you have not yet created a DNS record covering your child domain in the parent zone:

1. Add the child domain to the parent domain’s Cloudflare account or another account.

2. Get the nameserver names for the child domain. These will not be the same nameservers as the parent domain.

3. Within the DNS > Records of the parent zone, add two NS records for the subdomain you want to delegate.

   For example, if you delegated www.example.com, you might add the following records to example.com:

   Type	Name	Content
   NS	www	john.ns.cloudflare.com
   NS	www	melinda.ns.cloudflare.com

4. After a few minutes, the child domain will be active.

5. Create the various DNS records needed for your child domain.

6. (Optional) Enable DNSSEC on the child domain.

​​ Subdomain already exists in the parent domain

If you have already created a DNS record covering your child domain in the parent zone:

1. Add the child domain to the parent domain’s Cloudflare account or another account.

2. In your child domain, re-create all DNS records that relate to your child domain. This includes all DNS records deeper than the delegated subdomain, meaning that if you are delegating www.example.com, you should also move over records for api.www.example.com.

3. If the parent zone is in Cloudflare, make sure that you migrate over any settings (WAF custom rules, Rules, Workers, and more) that might be needed for the child domain.

4. In the child domain zone, order an advanced SSL certificate that covers the child subdomain and any deeper subdomains (if present).

5. Get the nameserver names for the child domain. These will not be the same nameservers as the parent domain.

6. Within the DNS > Records of the parent zone, delete all non-address records (meaning everything except for A, AAAA, and CNAME records) referencing the child domain or any of its deeper subdomains.

7. Within the DNS > Records of the parent zone, leave one address record referencing the child domain and delete the rest.

8. Change the type of the last address record to NS and its content to one of the child domain’s nameserver names. If the parent domain is in Cloudflare, use a PATCH request Open API docs link to achieve this.

9. Within the DNS > Records of the parent zone, create the second NS record in the parent zone for the subdomain you want to delegate.

   For example, if you delegated www.example.com, you might add the following records to example.com:

   Type	Name	Content
   NS	www	john.ns.cloudflare.com

10. Flush the address records of your child domain in public resolvers ( 1.1.1.1 Open external link and 8.8.8.8 Open external link ).

11. Within a short period of time, the child domain should be active.

12. (Optional) Enable DNSSEC on the child domain.

​​ Parent domain on partial setup

If the parent domain is using a partial setup², your child domain setup depends on whether the child domain already exists.

​​ Subdomain does not exist in the parent domain

If you have not yet created a DNS record covering your child domain in the parent zone:

​​ Subdomain already exists in the parent domain

If you have already created a DNS record covering your child domain in the parent domain: