By default, all DNS requests on the user device are resolved by Cloudflare's public DNS resolver except for common top level domains used for local resolution (such as localhost ). You can connect an internal DNS resolver to Cloudflare and use it to resolve non-publicly routed domains.

Configure private DNS

To resolve private DNS queries:

The WARP client will now send DNS queries to your internal DNS resolver for resolution. To learn more, refer to How the WARP client handles DNS requests.

Test the setup

For testing, run a dig command for the internal DNS service:

Terminal window dig AAAA www.myorg.privatecorp

The dig command will work because myorg.privatecorp was configured above as a fallback domain. If you skip that step, you can still force dig to use your private DNS resolver:

Terminal window dig @10.0.0.25 AAAA www.myorg.privatecorp

Both dig commands will fail if the WARP client is disabled on your end user's device.

Troubleshooting

Use the following troubleshooting strategies if you are running into issues while configuring private DNS with Cloudflare Tunnel.