Cloudflare DNS Firewall proxies all DNS queries to your nameservers through Cloudflare’s global edge network. This action protects upstream nameservers from DDoS attacks and reduces load by caching DNS responses.
How it works
When a DNS query goes to your nameservers:
- Queries go to the closest Cloudflare data center to the website visitor (determined by the location of the used DNS resolver).
- Cloudflare tries to return a DNS response from cache.
- If the response is not available in cache, Cloudflare queries the upstream authoritative nameservers.
- Cloudflare temporarily caches the response for subsequent DNS queries.
DNS Firewall provides the following benefits while allowing organizations total control over their authoritative nameservers:
- DDoS mitigation
- High availability
- Global distribution
- Enhanced performance
- Bandwidth savings
- DNS caching
- Rate limiting per data center
- Specify minimum and maximum TTL
- Block queries