Wednesday, December 7th 2016 (over 2 years ago)

Using External DNS Services with Now

Olli Vanhoja (@OVanhoja)
Leo Lamprecht (@notquiteleo)

Starting with version 0.35.0 of the now command line interface, we'll provide out of the box support for DNS/CDN services like Cloudflare or StackPath.

This is made possible by a few improvements we've made to the way how the system is verifying new domains before you can use them. Assuming that you'd like to add a new domain for a deployment of yours, there are now two ways to handle it:

Adding a Domain with Nameservers

This is the usual way of adding a new domain to now. It requires you configure your domain to point to a few nameservers of your choice and run this command afterwards:

▲ now domain add

There are no changes to this workflow, other than that the domain will now be verified properly in the background. We're using a refined mechanism which makes sure that the domain is correctly configured and pointing to

This additional step (which you won't even notice) ensures that the domain is ready to be linked to a deployment of your choice.

In some cases, your domain registar may request you to set the DNS records on the destination nameservers (, before you can set the NS entries...

So far, we've provided a way to still let you add said domain to now (so that you can configure the DNS records) by using the --force flag:

▲ now domain add --force

In this case, it's obvious that we won't be able to verify that your domain actually points to our infrastructure (because you haven't configured the NS entries yet), so you need to run the main command after you've added them:

▲ now domain add

Once you're done with that, your domain is properly verified and ready to be used!

Adding a Domain Using an External Nameserver

Previously, you've been able to use external nameservers by simply creating a CNAME record with a value of and adding an alias using the now alias command.

From now on, this will be slightly different: You need to create a TXT record containing a token for authorization in addition to any CNAME or ALIAS records.

The following example is demonstrating how you can use Cloudflare with now. However, this workflow just works the same for any other external DNS service:

  • Firstly, add the domain to now using the --external flag:

    ▲ now domain add --external
  • Next, you'll see a token which you need to add as a TXT record to the DNS entries on the platform you're using for DNS management (like mentioned above):

  • Enable Full (strict) encryption. Without this step your deployments can't communicate with Cloudflare.

  • Finally, repeat the first step and your domain will be added (you won't see another token this time). Now you can use the domain for one of your deployments!

  • On some occasions now alias fails to issue a certificate for a deployment when using Cloudflare. In such a case you should try adding a page rule that enforces CloudFlare to use HTTP for the certificate request validation URL. The URL in question is formatted as*.

    In the following screenshot we have a page rule that turns off encryption when accessing a certificate request validation URL of any subdomain of

    The page rule should no be removed at any time because the verification URL is accessed every time we renew your certificates. In case the rule is removed and the verification URL is inaccessible, we may not be able to renew your certificates successfully, which in turn may make your website or service inaccessible.

How to Get It

If you've installed Now's command line interface using Now Desktop, the only thing you need to do is make sure that the application is running. Assuming that's the case, the binary will automatically be updated for you in the next few minutes!

However, if that's not the case, we highly recommend you to download it and use it to install the CLI. Afterwards, you're covered!

If you're on a platform that's not yet supported by Now Desktop, simply update/install the command line utility like this: npm install -g now@latest.