But the point of CDNs is to direct connections to a geographically-near IP, yes?

That’s generally right enough, the goal of a CDN is to deliver content from a server close to the consumer as possible (ideally on their ISP network using cache servers to avoid going out over the “wider internet”.) – however CDN networks typically also use Anycast IP addresses, which means that all of the CDN servers across their network use the same pool of IP addresses, and BGP / the routing table dictate what actual physical server you get routed to. This is typically the ideal closest server, however sometimes you want certain IP pools in certain regions for legal (China), or technical reasons, so the IP address returned by a given A/AAAA lookup for a CDN isn’t a given. There’s also ECN and other optimization CDNs can do on the lookup side but that’s outside of the scope here.

The domain name that any CDN webserver in different regions will get in the HTTP request headers is going to be the same, CNAME or no.

Yeah, so the CNAME just says “whatever A/AAAA address that resolves to” and the HTTP client will send whatever HOST it thinks its connecting to, meaning you can’t “mask” the actual domain you’re using by using a CNAME record.

Technically if you have a totally static IP serving a single site, it’s possible to ignore the HOST field and always serve that site, since logically, any request is only meant for that given site (this is basically the default site on something like Apache).

My main point is that there’s really no getting around that CloudFlare requires you to be locked in to their platform even if you just wanna serve R2 files from a subdomain, and I personally find that a bit spooky, migrating nameservers can have very long propagation times leaving your site unreachable if they decide they don’t want you as a customer anymore, or as a shakedown.

The way CDNs and virtual hosts work in general is to read the host field in the HTTP header, otherwise unless you dedicate an IP for each domain / “web site” there would be no way to know what to serve.

The issue is if you put the CNAME of foo www.foo-cloudflare-cdn.com. then it will just resolve to whatever the A/AAAA record is for that, and send the host of www.foo.com – which they will only service if that domain is hosted with their nameservers (they run automated checks to make sure you’re actually doing so). So there isn’t really an easy way to just give cloudflare some subdomain, unless you pay them $$,$$$+ for the privilege.

Valve actually does that, ironically enough, for the steam community web assets they use Fastly, Akamai, and CloudFront, all on subdomains of course 🙃.

Cloudflare tries to enforce pretty strong vendor lock in by requiring you use their nameservers.

Also subdelegate domains are an “enterprise” feature, so no luck there.

Basically the CDN market sucks, not a shocker Netflix, Google, Valve, and many others operate their own.

It sucks because up until the “sales team” rugpull, they’re the cheapest (and closest to reality) for bandwidth cost, virtually all the other CDN providers charge astronomical prices and their margins are hundreds to thousands of percentage.

I only “follow” because whatever Apple does gets broadcast by every media outlet in existence. Also Google started blindly following Apple design since they killed my beloved blob emojis.

Also not a fan of the critical UI elements being popped out into floating islands, very easy to accidentally hit underlying page content when there’s effectively zero padding around controls (on touch devices, as the ad companies have discovered by making the × icons smaller and smaller).

Frutiger Aero.