Implications of not using Proxy

The Proxy status of a DNS record affects how Cloudflare treats incoming traffic to that record.

Note: We recommend enabling our proxy for all A, AAAA, and CNAME records.

Error: This record exposes the IP address used in the CNAME record on Enable the proxy status to protect your origin server. Learn more.

Proxied records: 

When an A, AAAA, or CNAME record is Proxied; also known as being orange clouded. DNS queries for these will resolve to Cloudflare Anycast IPs instead of their original DNS target. This means that all requests intended for proxied hostnames will go to Cloudflare first and then be forwarded to your origin server.

  • This behavior allows Cloudflare to optimize, cache, and protect all requests to your application

  • Helps protect your origin server from DDoS attacks

  • Proxied hostnames go through Cloudflare before reaching your origin server, all requests will appear to be coming from Cloudflare’s IP addresses (and could potentially be blocked or rate limited). 

DNS-only records:

When an A, AAAA, or CNAME record is DNS-only; also known as being gray-clouded. DNS queries for these will resolve to the record’s normal IP address.

  • Potentially exposing your origin IP addresses to bad actors and DDoS attacks, leaving your records

  • Cloudflare cannot optimize, cache, and protect requests to your application


We need to have all A, AAAA, and CNAME records proxied so it aids Cloudflare features in implementing best practices. Also this would affect the configuration and implementation of Web application Firewall(WAF).