Cloudflare DNS Firewall proxies all DNS queries to your nameservers through Cloudflare’s global network. This action protects upstream nameservers from DDoS attacks and reduces load by caching DNS responses.
How DNS Firewall works
When a DNS query for your domain takes place:
- Queries go to the Cloudflare data center that is closest to the website visitor. This is determined by the location of the DNS resolver.
- Cloudflare tries to return a DNS response from cache.
- If the response is not available in cache, Cloudflare queries the upstream authoritative nameservers.
- After returning the response from the nameservers, Cloudflare temporarily caches it for subsequent DNS queries.
DNS Firewall provides the following benefits while allowing your organization total control over your authoritative nameservers: