Filter DNS on home or office network
You can use Cloudflare Gateway to filter and log DNS queries from any device in your network without installing client software.
🗺️ This tutorial covers how to:
- Create a DNS filtering policy that secures a home or office network by blocking malicious hostnames
- Review logs and events that occur on that network
⏲️ Time to complete:
Before you start
Configure Cloudflare Gateway
- Zero Trust Free
- Zero Trust Standard
Add a location
During the Gateway onboarding flow, the dashboard will prompt you to configure a location for the IP you are currently using. Gateway will automatically detect the IP of your current network and assign it to the location being created.
If you want to create a different location, one that you are not currently using, you can add a new location from the
Locations page in the
Create a Gateway policy
First, assign the policy a name and add an optional description. Next, build an expression to determine what is blocked.
In this example, the policy will block any hostnames that Cloudflare’s data intelligence platform identifies as containing security risks like malware or phishing campaigns. You can click
All security risks to include all options or check individual types of threats in the dropdown.
The policy will block security threats for any location in your Cloudflare Zero Trust deployment. If you want to only block the security risks selected above for the location created previously, add an
AND rule to the selector. Choose
Location and check the location to include in this policy.
Block as the action and create the policy.
The rule will appear in your DNS policies list.
Configure your router
You will need to make a one-time change to your router to use Cloudflare Gateway for DNS filtering for all devices in your network.
Instructions to change your router’s DNS settings are available in the Zero Trust dashboard. Navigate to the
Locations page and expand the location you want to configure. Click
Once configured, you can review DNS queries made from your network in the Analytics > Gateway page.