Set up a child domain
When using a subdomain setup, the steps to create a child domain depend on the parent domain’s setup and whether the child domain already exists.
Subdomain setup is only available for Enterprise accounts.
 Available setups
| Parent zone | Child zone | Available | 
|---|---|---|
| Full or Secondary | Full | Yes | 
| Full or Secondary | Secondary | Yes | 
| Full or Secondary | Partial | No | 
| Partial | Full | Yes | 
| Partial | Secondary | Yes | 
| Partial | Partial | Yes | 
 Parent domain on full setup
If the parent domain is using a full setup1, your child domain setup depends on whether the child domain already exists.
 Subdomain does not exist in the parent domain
If you have not yet created a DNS record covering your child domain in the parent zone:
- Add the child domain to the parent domain’s Cloudflare account or another account. 
- Get the nameserver names for the child domain. These will not be the same nameservers as the parent domain. 
- Within the DNS > Records of the parent zone, add two - NSrecords for the subdomain you want to delegate.- For example, if you delegated - www.example.com, you might add the following records to- example.com:- Type - Name - Content - NS- www - john.ns.cloudflare.com - NS- www - melinda.ns.cloudflare.com 
- After a few minutes, the child domain will be active. 
- Create the various DNS records needed for your child domain. 
- (Optional) Enable DNSSEC on the child domain. 
 Subdomain already exists in the parent domain
If you have already created a DNS record covering your child domain in the parent zone:
- Add the child domain to the parent domain’s Cloudflare account or another account. 
- In your child domain, re-create all DNS records that relate to your child domain. This includes all DNS records deeper than the delegated subdomain, meaning that if you are delegating - www.example.com, you should also move over records for- api.www.example.com.
- If the parent zone is in Cloudflare, make sure that you migrate over any settings (WAF custom rules, Rules, Workers, and more) that might be needed for the child domain. 
- In the child domain zone, order an advanced SSL certificate that covers the child subdomain and any deeper subdomains (if present). 
- Get the nameserver names for the child domain. These will not be the same nameservers as the parent domain. 
- Within the DNS > Records of the parent zone, delete all non-address records (meaning everything except for - A,- AAAA, and- CNAMErecords) referencing the child domain or any of its deeper subdomains.
- Within the DNS > Records of the parent zone, leave one address record referencing the child domain and delete the rest. 
- Change the type of the last address record to - NSand its content to one of the child domain’s nameserver names. If the parent domain is in Cloudflare, use a- PATCHrequest to achieve this.
- Within the DNS > Records of the parent zone, create the second - NSrecord in the parent zone for the subdomain you want to delegate.- For example, if you delegated - www.example.com, you might add the following records to- example.com:- Type - Name - Content - NS- www - john.ns.cloudflare.com 
- Flush the address records of your child domain in public resolvers ( 1.1.1.1 and 8.8.8.8). 
- Within a short period of time, the child domain should be active. 
- (Optional) Enable DNSSEC on the child domain. 
 Parent domain on partial setup
If the parent domain is using a partial setup2, your child domain setup depends on whether the child domain already exists.
 Subdomain does not exist in the parent domain
If you have not yet created a DNS record covering your child domain in the parent zone:
- Add the child domain to the parent domain’s Cloudflare account or another account.
- Complete the configuration accordingly for Full or Secondary setup.
- After creating the DNS records on the child zone, add the Cloudflare nameservers as NSrecords at your external DNS provider.
- Within a short period of time, the child domain should be active.
- Add the child domain to the parent domain’s Cloudflare account or another account.
- Convert the child zone to a partial setup.
- Create the various DNS records needed for your child domain.
- Add the TXT verification record at your authoritative DNS provider.
- Within a short period of time, the child domain should be active.
- Add a CNAMErecord at your authoritative DNS provider.
 Subdomain already exists in the parent domain
If you have already created a DNS record covering your child domain in the parent domain:
- Add the child domain to the parent domain’s Cloudflare account or another account. 
- In your child domain, re-create all DNS records that relate to your child domain. This includes all DNS records deeper than the delegated subdomain, meaning that if you are delegating - www.example.com, you should also move over records for- api.www.example.com.
- In the parent domain, make sure that you migrate over any settings (WAF custom rules, Rules, Workers, and more) that might be needed for the child domain.
- In the child domain, order an advanced SSL certificate that covers the child subdomain and any deeper subdomains.
- Get the Cloudflare nameservers for the child domain and add them as NSrecords at your external DNS provider.
- Within a short period of time, the child domain should be active.
- Within the DNS > Records of the parent zone, delete any A,AAAA, orCNAMErecords referencing the child domain or any of its deeper subdomains.
- Add the child domain to the parent domain’s Cloudflare account or another account. 
- Convert the child zone to a partial setup. 
- In your child domain, re-create all DNS records that relate to your child domain. This includes all DNS records deeper than the delegated subdomain, meaning that if you are delegating - www.example.com, you should also move over records for- api.www.example.com.
- In the parent domain, make sure that you migrate over any settings (WAF custom rules, Rules, Workers, and more) that might be needed for the child domain.
- In the child domain, order an advanced SSL certificate that covers the child subdomain and any deeper subdomains.
- Add the TXT verification record at your authoritative DNS provider.
- Within a short period of time, the child domain should be active.
- Within the DNS > Records of the parent zone, delete any previous A,AAAA, orCNAMErecords referencing the child domain or any of its deeper subdomains, and add the CloudflareCNAMErecord.