Only A and CNAME over web traffic ports (such as 80 and 443) records have the option to be powered by Cloudflare, meaning that only A, AAAA, and CNAME records have the option of an orange cloud.
However, not all A, AAAA, and CNAME records are appropriate to pass through Cloudflare. Cloudflare makes suggestions for which records should be orange, but you can easily change this by clicking on the cloud. To decide which records pass through the Cloudflare network, you need to understand what type of content appears on that subdomain. You should enable Cloudflare for any subdomain that gets web traffic.
You should not enable Cloudflare for subdomains that handle non-web traffic, such as mail, ftp, and ssh. These types of records should be marked by a gray cloud. To view these options for Cloudflare protection, please go to Your Websites -> Settings -> DNS Settings. A list of common gray records follow below:
- autodiscover
- calendar
- chat
- cPanel
- cvs
- e
- exchange
- ftp
- game
- gameserver
- git
- imap
- irc
- local
- localhost
- mobilemail
- mx
- panel
- pda
- pop
- repo
- secure
- sftp
- sites
- smtp
- ssh
- ssl
- stream
- streaming
- svn
- vid
- video
- vids
- vpn
- webmail
- webstats