Getting Error 1014: CNAME Cross-User Banned on domains pointing CNAME to my account
I understand that domains pointing CNAME records to my domain are blocked if the domains are not set up in the same cloudflare account, and I understand that if I upgrade to PRO then I can contact support to lift this restriction.
My question is: can this restriction be lifted for all domains at once, or does it have to be done for each domain individually?
I will upgrade if it can be done for all domains.
I run a url shortening service and there will be new domains with CNAME record pointing to my domain every time a new user adds a domain.
Thanks!
15 Replies
It specifies here this:
To allow CNAME 41 record resolution to a domain in a different Cloudflare account, the domain owner of the CNAME 41 target must contact Cloudflare Support 89 and specify the domains allowed to CNAME 41 to their target domain. A Cloudflare Pro, Business, or Enterprise plan is required on the target domain for Cloudflare Support to change default CNAME 41 restrictions.
https://community.cloudflare.com/t/error-1014-cname-cross-user-banned-how-to-resolve/324935
However, I need it to allow any domain, not just the ones I manually ask to be allowed.
Can this be done?
Cloudflare Community
Error 1014: CNAME Cross-User Banned how to resolve?
Hello, I have try to resolve this issue last two days. How to resolve this issue? how to contact technical person? how to resolve easily? becuase i only update the cname record then after try to verify but issue is cloudflare banned the cname on the sub-domain. Try to connect with gitbook. please resolve this issue. My site is only document. pl...
hello?
what you're looking for is CF for SaaS: https://developers.cloudflare.com/cloudflare-for-platforms/cloudflare-for-saas/
It takes care of certificate issuing as well, and lets people CNAME to your account, and traffic flows to the fallback origin you set up. It's what Cloudflare Pages uses under the hood for Custom Domains for example, as well as Shopify and a few other companies
Cloudflare for SaaS · Cloudflare for Platforms docs
Cloudflare for SaaS allows you to extend the security and performance benefits of Cloudflare’s network to your customers via their own custom or …
Thank you @Chaika I'm looking into it.
According to the documentation this is available on free plans, but when I try to enable it I'm presented with a payment form. What gives?
available on free plans as an addon
Free, Pro, and Business Plan: Free for the first 100 hostnames and $0.10 a month for each additional custom hostname.(hostname referring to the customer hostname, ex one customer sets up link.theirsite.com to point to you, = one hostname. If they had link2.theirsite.com, would be another)
thank you!
@Chaika I have added one hostname manually to test. One weird thing is that it seems that domain has now inherited TXT records from the main domain.
How can I avoid that?
That's how cnames work, but you can CNAME to anything in that domain proxied. For example, make a record called links.yourdomain.com, type: AAAA, value:
100::, proxied. Won't work to visit directly, but you can cname to it from another domain, and if it's added in your Custom hostnames tab, it'll follow the fallback origin set there instead.
You could also cname directly to your fallback origin if it's proxied, doesn't really matter. It's like an entry to CF, and the route is determined by the custom hostname link existing, just important that it's to your domainhttps://developers.cloudflare.com/cloudflare-for-platforms/cloudflare-for-saas/start/getting-started/
Guide here recommends using a wildcard *.customers.domain.com, not a bad idea, and you could ask them to cname to theircompanyname.customers.yourdomain.com
Configuring Cloudflare for SaaS · Cloudflare for Platforms docs
Get started with Cloudflare for SaaS
Thanks @Chaika that worked. Do you know is there's any way that my customers can simply add the CNAME record to their domain name but not have to add a TXT record for validation of the certificate?
You can do it with just the CNAME -- called HTTP Validation: https://developers.cloudflare.com/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/issue-and-validate/validate-certificates/http/
via the API you just pass
http validation method, and you can select it under cert. validation via the dash as wellHTTP domain control validation (DCV) · Cloudflare for Platforms docs
HTTP validation involves adding a DCV token to your customer’s origin.
That worked great thanks. So when a hostname is added and verified with HTTP method, how are the certificates renewed? I've added two domains but the certificates expire after one year. Do I need to do anything to renew them, or they renew automatically?
automatic, they use the /.well-known/acme-challenge path, can find more info on http challenges here: https://letsencrypt.org/docs/challenge-types/
Challenge Types
When you get a certificate from Let’s Encrypt, our servers validate that you control the domain names in that certificate using “challenges,” as defined by the ACME standard. Most of the time, this validation is handled automatically by your ACME client, but if you need to make some more complex configuration decisions, it’s useful to know more ...
@Chaika Hi, I also met this issue when I access R2 bucket objects, using custom domian linked to the bucket. It's weired that I can't active/disable/delete the domain from the R2 setting dashboard. It's current status is "unknown". (1) Click active/disable the domain in R2 setting, nothing happened. (2) Click delete, it would report error: "We encountered an internal error. Please try again. (Code: 10001)".
Hey đź‘‹
Can you continue this in #r2 or a new #general-help post?
The zone has Edge Certificates cover it and it's subdomain (wildcard).
OK. Thanks.