Onboard DNS for a network
The fastest way to start filtering DNS queries is to change your DNS resolver to use a specific Gateway endpoint. You can make this change at the browser, OS, or router level.
Choose this option if:
- You want to try out DNS filtering without installing software.
- You do not need to filter by user identity.
- You want to apply blanket DNS policies to all devices in a physical location, such as a retail store or office.
Change DNS resolver in browser
To configure your browser to send traffic to Gateway:
-
Obtain your DNS over HTTPS (DoH) address:
- Go to Gateway > DNS locations.
- Select Add a location.
- Enter a name for the location.
- Turn on Set as Default DNS Location.
- Select Add location.
- Copy your DNS over HTTPS hostname:
https://<YOUR_DOH_SUBDOMAIN>.cloudflare-gateway.com/dns-query
-
Follow the configuration instructions for your browser:
Mozilla Firefox
- In Firefox, go to Settings.
- In Privacy & Security, go to DNS over HTTPS.
- Under Enable secure DNS using, select Max Protection.
- In Choose provider, choose Custom.
- In the field, enter
https://<YOUR_DOH_SUBDOMAIN>.cloudflare-gateway.com/dns-query
.
Firefox is now configured to use your DoH endpoint. For more information on configuring DoH settings in Firefox, refer to Mozilla’s documentation ↗.
Google Chrome
- In Chrome, go to Settings > Privacy and security > Security.
- Scroll down and turn on Use secure DNS.
- Select With Custom.
- In the Enter custom provider field, enter
https://<YOUR_DOH_SUBDOMAIN>.cloudflare-gateway.com/dns-query
.
Read more about enabling DNS over HTTPS ↗ on Chrome.
Microsoft Edge
- In Microsoft Edge, go to Settings.
- Select Privacy, Search, and Services, and scroll down to Security.
- Turn on Use secure DNS.
- Select Choose a service provider.
- In the Enter custom provider field, enter
https://<YOUR_DOH_SUBDOMAIN>.cloudflare-gateway.com/dns-query
.
Brave
- In Brave, go to Settings > Security and Privacy > Security.
- Turn on Use secure DNS.
- Select With Custom.
- In the Enter custom provider field, enter
https://<YOUR_DOH_SUBDOMAIN>.cloudflare-gateway.com/dns-query
.
Safari
Currently, Safari does not support DNS over HTTPS.
-
Verify that third-party firewall or TLS decryption software does not inspect or block traffic to the DoH endpoint:
https://<YOUR_DOH_SUBDOMAIN>.cloudflare-gateway.com/dns-query
.
DNS filtering is now turned on for this browser.
To configure your router or OS, or to add additional DNS endpoints, refer to DNS locations.