After you update your policy, Cloudflare updates the new setting across all of our datacenters around the world. It takes about 60 seconds to update the policy when you make a change.
If it takes longer than 60 seconds and you are still seeing that you can successfully resolve a domain then the DNS record is probably getting cached in your browser or in your operating system. DNS records for domains can be cached from anywhere between five minutes to a few hours. Here is how you can flush the DNS cache in your browser and/or your operating system:
sudo dscacheutil -flushcache; sudo killall -HUP mDNSResponder
sudo killall -HUP mDNSResponder
sudo service network-manager restart
Use the instructions in the Mac section to flush the DNS cache for Safari.
about:configin Firefox’s address bar and acknowledge the warning that appears
network.dnsCacheExpirationand set its value to
0(If there’s no such entry, create a new integer item with the name above and a value of 0)
If you have other DNS resolvers in your DNS settings, your device could be using IP addresses for resolvers that are not part of Gateway. As a result, the domain you are trying to block is still accessible from your device. Please make sure to remove all other IP addresses from your DNS settings and only include Gateway's DNS resolver IP addresses.
If your policy is not assigned to a location and you send a DNS query from that location, Gateway will not apply that policy. Assign a policy to a location to make sure the desired policy is applied when you send a DNS query from that location.