Cloudflare Docs
Cloudflare Zero Trust
Edit this page
Report an issue with this page
Log into the Cloudflare dashboard
Set theme to dark (⇧+D)

Add locations

DNS locations are a collection of DNS endpoints which can be mapped to physical entities such as offices, homes, or data centers.

The fastest way to start filtering DNS queries from a location is by changing the DNS resolvers at the router.

To add a DNS location to Gateway:

  1. In Zero Trust, go to Gateway > DNS Locations.

  2. Select Add a location.

  3. Choose a name for your DNS location.

  4. Cloudflare will prefill the Source IPv4 Address based on the network you are on. Enterprise users have the option of manually entering dedicated DNS resolver IP addresses assigned to their account.

    You do not need the IPv4 address field if:

    • Your DNS location only uses IPv6.
    • Users will be sending all DNS requests from this location using DNS over HTTPS via a browser.
    • You will be deploying the WARP client.

    If any of the above apply to your case, select Delete.

  1. (Optional) Toggle the following settings:

    • Set as Default DNS Location sets this location as the default DoH endpoint for DNS queries.

    • Enable EDNS client subnet sends a user’s IP geolocation to authoritative DNS nameservers.

      EDNS client subnet (ECS) helps reduce latency by routing the user to the closest origin server. Cloudflare has enabled EDNS in a privacy preserving way by not sending the user’s exact IP address but rather a /24 range which contains their IP address.

  2. Select Add location.

  1. Change the DNS resolvers on your router, browser, or OS by following the setup instructions in the UI.

    DNS resolver setup instructions in Zero Trust
  2. Select Done. Your location will appear under Gateway > DNS Locations.

You can now apply DNS policies to your location using the Location selector.