====== DNS Records vs. Tunnel Routes Are Different Things ======

**DEPRECATED:** This guide is no longer relevant for folk.zone. The nitro server uses direct HTTPS via Let's Encrypt instead of Cloudflare tunnels.

**Affects:** [[folkzone:services:cloudflared|Cloudflare Tunnel]]

===== Common Mistake =====

Creating a CNAME record in Cloudflare DNS that points to the tunnel subdomain (e.g. ''5d99addb.cfargotunnel.com'') does **not** add the route to the tunnel configuration. Traffic will still 404 because cloudflared has no ingress rule for that hostname.

===== The Two Separate Things =====

^ Thing ^ Where managed ^ What it does ^
| **DNS record** | Cloudflare DNS tab | Tells the internet where to send traffic (→ Cloudflare edge) |
| **Tunnel route** | Zero Trust → Public Hostnames | Tells cloudflared which container to forward the request to |

Both must exist. When you add a Public Hostname through Zero Trust, Cloudflare creates the DNS record automatically. The reverse is not true.

===== See Also =====
  * [[folkzone:troubleshooting:start|Homelab Troubleshooting Index]]

  * [[folkzone:troubleshooting:cloudflare_add_hostname|Adding a Hostname to a Named Tunnel]]
  * [[folkzone:troubleshooting:cloudflare_named_tunnel_remote_config|Named Tunnels Use Remote Configuration]]
  * [[start|Return to wiki home]]