[DNS] Add note about subdomain setup and Access apps (#17589)

cloudflare · Oct 17, 2024 · 37c4fef · 37c4fef
1 parent 6a1aef7
commit 37c4fef
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 4 deletions.
diff --git a/src/content/docs/dns/zone-setups/subdomain-setup/index.mdx b/src/content/docs/dns/zone-setups/subdomain-setup/index.mdx
@@ -6,7 +6,7 @@ sidebar:
   label: About
 ---
 
-import { DirectoryListing, FeatureTable, GlossaryTooltip } from "~/components"
+import { DirectoryListing, FeatureTable, GlossaryTooltip, Render } from "~/components"
 
 When you use a subdomain setup, you can manage the [Cloudflare configurations](/fundamentals/concepts/how-cloudflare-works/) for one or more subdomains separately from those associated with your <GlossaryTooltip term="apex domain">apex domain</GlossaryTooltip>. This means that, on your [account homepage](https://dash.cloudflare.com/?to=/:account/), you would find websites like `example.com` or `blog.example.com` listed as separate <GlossaryTooltip term="DNS zone">zones</GlossaryTooltip>.
 
@@ -22,6 +22,10 @@ Subdomain setups are also useful when different subdomains require entirely diff
 
 <FeatureTable id="dns.subdomain_setup" />
 
+### Access applications
+
+<Render file="subdomain-setup-access-apps" />
+
 ## Resources
 
 <DirectoryListing />
diff --git a/src/content/docs/dns/zone-setups/subdomain-setup/setup/index.mdx b/src/content/docs/dns/zone-setups/subdomain-setup/setup/index.mdx
@@ -9,11 +9,11 @@ head:
 
 ---
 
-import { DirectoryListing, GlossaryTooltip } from "~/components"
+import { DirectoryListing, GlossaryTooltip, Render } from "~/components"
 
 :::caution
 
-Subdomain setup is only available for Enterprise accounts. If you only want to create a subdomain for your site in Cloudflare, refer to [Create a subdomain record](/dns/manage-dns-records/how-to/create-subdomain/). 
+Subdomain setup is only available for Enterprise accounts. If you only want to create a subdomain for your site in Cloudflare, refer to [Create a subdomain record](/dns/manage-dns-records/how-to/create-subdomain/).
 :::
 
 [Subdomain setup](/dns/zone-setups/subdomain-setup/) relies on a process known as delegation. When, in a parent domain such as `example.com`, an [`NS` record](https://www.cloudflare.com/learning/dns/dns-records/dns-ns-record/) is created for a subdomain `blog.example.com`, this means that DNS management for the subdomain can be done separately, in its own <GlossaryTooltip term="DNS zone" link="/dns/concepts/#zone">DNS zone</GlossaryTooltip>.
@@ -50,7 +50,7 @@ The availability of different setups will depend on both the parent zone setup a
 
 :::caution[* Subdomain zones in partial setup are not delegated]
 
-Subdomains using a partial setup represent an exception in the sense that [delegation](#subdomain-delegation) does not apply in this context. As explained in the dedicated [Partial (CNAME) setup section](/dns/zone-setups/partial-setup/), this setup is intended to simply proxy individual subdomains through Cloudflare. For completeness, however, this is listed as an option in this table and the [how-to guide](/dns/zone-setups/subdomain-setup/setup/parent-on-partial/) has detailed explanation on how to achieve a subdomain zone using partial setup. 
+Subdomains using a partial setup represent an exception in the sense that [delegation](#subdomain-delegation) does not apply in this context. As explained in the dedicated [Partial (CNAME) setup section](/dns/zone-setups/partial-setup/), this setup is intended to simply proxy individual subdomains through Cloudflare. For completeness, however, this is listed as an option in this table and the [how-to guide](/dns/zone-setups/subdomain-setup/setup/parent-on-partial/) has detailed explanation on how to achieve a subdomain zone using partial setup.
 :::
 
 This table assumes zones that are in an [active status](/dns/zone-setups/reference/domain-status/). For example, if you need to add the parent zone to Cloudflare when its child zone already exists in a partial setup, you can [convert the parent zone to partial](/dns/zone-setups/partial-setup/setup/#add-your-domain-to-cloudflare) while it is still in pending status.
@@ -72,3 +72,7 @@ Although the how-to guides in this documentation are focused on both parent doma
 If the parent domain's SSL/TLS certificate explicitly lists the delegated subdomain and is created after the subdomain's SSL/TLS own certificate, the parent domain's certificate will take precedence over the subdomain's certificate.
 
 For instance, if `example.com` [creates an advanced certificate](/ssl/edge-certificates/advanced-certificate-manager/manage-certificates/) that directly lists `docs.example.com`, visitors to `docs.example.com` might see the SSL/TLS certificate for `example.com`.
+
+## Access applications
+
+<Render file="subdomain-setup-access-apps" />
diff --git a/src/content/partials/dns/subdomain-setup-access-apps.mdx b/src/content/partials/dns/subdomain-setup-access-apps.mdx
@@ -0,0 +1,10 @@
+---
+{}
+
+---
+
+To use subdomain setups with [Cloudflare Access](/cloudflare-one/policies/access/), note that:
+
+- If the child zone is in a pending state when you create the Access application, your configuration will not automatically apply when you activate the zone. You must also re-save the Access application once your subdomain setup is active.
+
+- If you split out a subdomain which already has an Access application, you will also need to re-save the Access application to associate it with the new child zone.