Cloudflare Docs
Learning Paths
Cloudflare Docs
Secure your Internet traffic and SaaS apps (Learning Path)
GitHub icon
Edit this page on GitHub
Set theme to dark (⇧+D)
  1. Learning Paths
  2. Secure your Internet traffic and SaaS apps
  3. Build DNS security policies
  4. Create your first DNS policy

Create your first DNS policy

  1 min read

DNS policies determine how Gateway should handle a DNS request. When a user sends a DNS request, Gateway matches the request against your filters and either allows the query to resolve, blocks the query, or responds to the query with a different IP.

You can filter DNS traffic based on query or response parameters (such as domain, source IP, or geolocation). You can also filter by user identity if you connect your devices to Gateway with the WARP client or Cloudflare One Agent. To learn more, refer to DNS policies.

To create a new DNS policy:

  1. In Zero Trust, go to Gateway > Firewall Policies.

  2. In the DNS tab, select Add a policy.

  3. Name the policy.

  4. Under Traffic, build a logical expression that defines the traffic you want to allow or block.

  5. Choose an Action to take when traffic matches the logical expression. For example, we recommend adding a policy to block all security categories:

    SelectorOperatorValueAction
    Security CategoriesinAll security risksBlock

  6. Select Create policy.

For more information, refer to DNS policies.




Next