Skip to content

Commit 69d2baf

Browse files
maxvpmaxvp
committed
Add DNS policy table
1 parent 37aa7cf commit 69d2baf

File tree

1 file changed

+37
-0
lines changed

1 file changed

+37
-0
lines changed

src/content/docs/cloudflare-one/policies/gateway/global-policies.mdx

Lines changed: 37 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -42,3 +42,40 @@ The following policies are sorted by [order of precedence](/cloudflare-one/polic
4242
| Always Blocked Categories | `00000001-bed5-462e-b0f1-2e2c3555e9f7` | Content Category | Child Abuse | block | Blocks child abuse materials. |
4343
| Don't Isolate RBI Help Pages | `00000001-1a18-431f-9c9d-bce431f1002a` | Hostname | `developers.cloudflare.com` and `help.cloudflarebrowser.com` | noisolate | Prevents browser isolation of Cloudflare developer docs and help pages to help users troubleshoot configuration issues. |
4444
| Don't AV Scan CF Speed | `00000001-c194-408f-87dd-9a366ce76e12` | Hostname | `speed.cloudflare.com` | noscan | Allows files transferred by the Cloudflare speed test. |
45+
46+
## DNS resolution policies
47+
48+
Gateway enforces policies for each of the above domains to ensure each is not blocked and is resolved through Cloudflare's public DNS resolver, [1.1.1.1](/1.1.1.1/).
49+
50+
| Name | ID | Value | Action |
51+
| ----------------------------------------------------------------------------------------- | -------------------------------------- | ------------------------------------------------------------------ | ------- |
52+
| Allow DNS queries for cloudflareclient.com domain | `00000001-e139-4a1b-90d5-698d8fa371e0` | `cloudflareclient.com` | allow |
53+
| Resolve cloudflareclient.com through 1.1.1.1 | `00000001-e738-4554-823b-0b2c75af2c66` | `cloudflareclient.com` | resolve |
54+
| Allow DNS queries for assets.browser.run domain | `00000001-9bff-4d83-a9e4-e5ed321fe0b9` | `assets.browser.run` | allow |
55+
| Resolve assets.browser.run through 1.1.1.1 | `00000001-0df5-472b-80c0-02888e7167ee` | `assets.browser.run` | resolve |
56+
| Allow DNS queries for edge.browser.run and cloudflarebrowser.com domains | `00000001-e2f1-4e99-bab3-91df88879587` | `edge.browser.run` and `cloudflarebrowser.com` | allow |
57+
| Resolve edge.browser.run and cloudflarebrowser.com through 1.1.1.1 | `00000001-b103-44c6-a114-7a784cdf3fb7` | `edge.browser.run` and `cloudflarebrowser.com` | resolve |
58+
| Allow DNS queries for help.teams.cloudflare.com domain | `00000001-b2fc-46db-b0f1-69ef3553bd7a` | `help.teams.cloudflare.com` | allow |
59+
| Resolve help.teams.cloudflare.com through 1.1.1.1 | `00000001-ce13-486a-b006-ba0435ccb013` | `help.teams.cloudflare.com` | resolve |
60+
| Allow DNS queries for cloudflare-gateway.com domain | `00000001-e83d-492b-995e-351970cd5e8e` | `cloudflare-gateway.com` | allow |
61+
| Resolve cloudflare-gateway.com through 1.1.1.1 | `00000001-d9bc-4913-a2f5-905dbb3ecf9a` | `cloudflare-gateway.com` | resolve |
62+
| Allow DNS queries for cloudflarestatus.com domain | `00000001-78da-4f8a-b9ee-76563f1ec46b` | `cloudflarestatus.com` | allow |
63+
| Resolve cloudflarestatus.com through 1.1.1.1 | `00000001-4d1d-43a3-9015-c49fc3a6da31` | `cloudflarestatus.com` | resolve |
64+
| Allow DNS queries for nel.cloudflare.com domain | `00000001-af28-4afa-8987-eadc21187e14` | `nel.cloudflare.com` | allow |
65+
| Resolve nel.cloudflare.com through 1.1.1.1 | `00000001-0034-45a0-8333-f339451fba46` | `nel.cloudflare.com` | resolve |
66+
| Allow DNS queries for api.cloudflare.com domain | `00000001-5eea-4932-8dd5-8e1ec9770396` | `api.cloudflare.com` | allow |
67+
| Resolve api.cloudflare.com through 1.1.1.1 | `00000001-4f0c-4f86-9b96-5d26123a194b` | `api.cloudflare.com` | resolve |
68+
| Allow DNS queries for dash.teams.cloudflare.com domain | `00000001-0f75-48a9-b3e1-925a974d2b65` | `dash.teams.cloudflare.com` | allow |
69+
| Resolve dash.teams.cloudflare.com through 1.1.1.1 | `00000001-3d84-41a6-bc84-3014685c0d81` | `dash.teams.cloudflare.com` | resolve |
70+
| Allow DNS queries for dash.cloudflare.com domain | `00000001-0c2a-4b31-8606-3e5a1d87c1bf` | `dash.cloudflare.com` | allow |
71+
| Resolve dash.cloudflare.com through 1.1.1.1 | `00000001-c47f-41f3-b234-d66c82b8d422` | `dash.cloudflare.com` | resolve |
72+
| Allow DNS queries for cloudflareportal.com, cloudflareok.com and cloudflarecp.com domains | `00000001-1c6c-4793-b48f-799eee6e0e31` | `cloudflareportal.com`, `cloudflareok.com`, and `cloudflarecp.com` | allow |
73+
| Resolve cloudflareportal.com, cloudflareok.com and cloudflarecp.com through 1.1.1.1 | `00000001-8c35-4d7d-9dbb-cb7350375b7b` | `cloudflareportal.com`, `cloudflareok.com`, and `cloudflarecp.com` | resolve |
74+
| Allow DNS queries for cloudflareaccess.com domain | `00000001-d738-4dad-bac4-1a50201d9503` | `cloudflareaccess.com` | allow |
75+
| Resolve cloudflareaccess.com through 1.1.1.1 | `00000001-4404-4572-80f6-f7b098909460` | `cloudflareaccess.com` | resolve |
76+
| Allow DNS queries for blocked.teams.cloudflare.com domain | `00000001-76f4-4438-b8ab-a9da53f4a2f1` | `blocked.teams.cloudflare.com` | allow |
77+
| Resolve blocked.teams.cloudflare.com through 1.1.1.1 | `00000001-af3c-458f-aeb2-b3bb5d3fe1d5` | `blocked.teams.cloudflare.com` | resolve |
78+
| Allow DNS queries for developers.cloudflare.com domain | `00000001-4263-4808-8457-4d4329c91f66` | `developers.cloudflare.com` | allow |
79+
| Resolve developers.cloudflare.com through 1.1.1.1 | `00000001-9f91-4462-9270-78beca5b4dbc` | `developers.cloudflare.com` | resolve |
80+
| Allow DNS queries for speed.cloudflare.com domain | `00000001-4fc0-4286-b783-6c442adda171` | `speed.cloudflare.com` | allow |
81+
| Resolve speed.cloudflare.com through 1.1.1.1 | `00000001-ec51-4471-9e78-bd47d46a3002` | `speed.cloudflare.com` | resolve |

0 commit comments

Comments
 (0)