Skip to main content
Recon44’s WAF, active IP blocking, and real-time threat feed all require live traffic to pass through Recon44’s edge network. You enable this by adding one CNAME record to your domain’s DNS configuration. No changes to your server, application code, or hosting setup are needed. This guide explains what the record looks like, how to add it in the most common DNS providers, and how to confirm it’s working.
Recon44 handles the rest automatically once the record is in place. You do not need to update the record again unless you remove the site from your Recon44 account.

What the CNAME record looks like

After you add a site in the Recon44 dashboard, the DNS Setup tab on that site’s settings page shows your unique CNAME target. It follows this format: 
Type:  CNAME
Name:  www          (or @ for the apex domain — see note below)
Value: <your-site-id>.edge.recon44.com
TTL:   300
Your exact Value is generated per site and shown in the dashboard. Copy it directly from there — do not type it manually.
Most DNS providers do not support a CNAME on the apex domain (@ or bare example.com). If you need apex domain support, use a provider that offers CNAME flattening or ALIAS records (Cloudflare, Route 53, and DNSimple all support this). See the provider-specific steps below.

How to add the record

1

Copy your CNAME value from the dashboard

In the Recon44 dashboard, go to your site and open the Settings tab, then click DNS Setup. You’ll see a pre-filled table with the exact record to add. Click the copy icon next to the Value field.
2

Add the record in your DNS provider

Open your DNS provider’s control panel and add the CNAME record using the values from the previous step. Follow the provider-specific instructions below.
  1. Log in to the Cloudflare dashboard and select your domain.
  2. Go to DNS → Records and click Add record.
  3. Set the fields as follows:
    • Type: CNAME
    • Name: www (or your subdomain)
    • Target: paste the value from your Recon44 dashboard
    • Proxy status: set to DNS only (gray cloud) — do not proxy through Cloudflare at this step
    • TTL: Auto
  4. Click Save.
If you want apex domain (example.com) support on Cloudflare, set Name to @. Cloudflare automatically flattens CNAME records on the apex.
Keep Cloudflare’s proxy disabled (DNS only) on the Recon44 CNAME. Enabling the Cloudflare proxy in addition to routing through Recon44 creates a double-proxy configuration that can cause unexpected behavior.
3

Wait for DNS propagation

DNS changes propagate across global resolvers within a few minutes when using a low TTL (300 seconds). Full propagation to all resolvers worldwide can take up to 24 hours in rare cases, but most users see changes take effect within 5–15 minutes.You can check propagation status using a public DNS lookup tool:
dig www.example.com CNAME +short
Replace www.example.com with your actual hostname. The output should return your Recon44 edge value, for example:
abc123xyz.edge.recon44.com.
If the old value still appears, your local DNS resolver may have cached the previous record. This is normal — the new value will be visible once the TTL expires on any resolver that cached the old one.
4

Verify the connection in Recon44

Return to the Recon44 dashboard and open your site’s DNS Setup tab. Recon44 automatically checks for the CNAME record and updates the status indicator.When the record is detected correctly, the status changes from Pending to Active. You’ll also see live traffic start appearing in the Threat Feed within seconds of the first request.
Send a test request to your site from a browser or with curl to trigger the first entry in the threat feed and confirm end-to-end routing is working.
curl -I https://www.example.com
Check the response headers. You should see Recon44’s inspection headers alongside your normal server headers. If the site loads normally, routing is working correctly.

Troubleshooting

Verify the CNAME record is present using dig or an online DNS lookup tool. If the record appears correctly in DNS but the dashboard still shows Pending, click Recheck on the DNS Setup tab to trigger a manual verification. If the issue persists, confirm the Value in your DNS record exactly matches what the dashboard shows — extra spaces or a missing period at the end can cause failures.
This usually means the CNAME value was entered incorrectly, or the record replaced an existing A record rather than pointing www to a new target. Check that:
  • The record type is CNAME, not A or AAAA
  • The Value matches exactly what the Recon44 dashboard shows
  • No conflicting A record exists for the same hostname
If you need to roll back quickly, delete the CNAME record and restore the previous A record pointing to your origin server IP.
Use a DNS provider that supports CNAME flattening or ALIAS records: Cloudflare, Amazon Route 53, DNSimple, or NS1. On those providers, you can set the apex record to point to your Recon44 edge value, and the provider resolves it to an IP address transparently.
Check that your plan includes active blocking (Pro or higher) and that blocking mode is enabled in Settings → WAF Mode. On the Free plan, Recon44 operates in monitor-only mode and logs threats without blocking them.

What’s next

How the WAF works

Learn how Recon44 inspects requests and matches against OWASP attack patterns.

Block and whitelist IPs

Manually block attackers or protect trusted IPs from WAF inspection.

Set up alerts

Get notified by email, Telegram, or SMS when an attack is detected.

Audit logs

Export tamper-proof, hash-chained logs for compliance reporting.