Skip to content

Commit d8a2393

Browse files
RebeccaTamachiroRebeccaTamachiro
committed
Dedicated section to Connectivity and more details on fallback
1 parent 768db0f commit d8a2393

File tree

1 file changed

+11
-0
lines changed

1 file changed

+11
-0
lines changed

src/content/docs/dns/internal-dns/get-started.mdx

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -71,23 +71,34 @@ Since the resolver policy will require a [view](/dns/internal-dns/dns-views/), y
7171

7272
## 3. Configure Gateway policies
7373

74+
Besides selecting an internal DNS view when setting up your resolver policies, you can also enable the **fallback through public DNS** option.
75+
7476
<Tabs syncKey="dashPlusAPI"> <TabItem label="Dashboard">
7577

7678
1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **Gateway** > **Resolver policies**.
7779
2. Select **Add a policy** and enter a name and description.
7880
3. Create an expression for the traffic you wish to route. For guidance about selectors, operators, and values, refer to [Gateway](/cloudflare-one/policies/gateway/resolver-policies/#selectors).
7981
4. Select **Use DNS view**. In the dropdown, choose the view that queries matching the expression should be sent to.
8082
5. (Optional) Adjust the option to **fallback through public DNS** according to your use case.
83+
- Off: Gateway DNS resolver returns the response as-is to the client.
84+
- On: In case the response from the internal zone is REFUSED, NXDOMAIN, or a response with a CNAME type, Gateway DNS resolver sends the query to Cloudflare 1.1.1.1 public resolver and tries to resolve the query via public DNS.
8185
6. Select **Create policy** to confirm.
8286

8387
</TabItem> <TabItem label="API">
8488

8589
Use the API endpoints under [Zero Trust > Gateway > Rules](/api/resources/zero_trust/subresources/gateway/subresources/rules/) to set up resolver policies. Use the rule settings object to define `resolve_dns_internally`, specifying `view_id` and `fallback` option.
8690

91+
- `"fallback": "none"`: Gateway DNS resolver returns the response as-is to the client.
92+
- `"fallback": "public_dns"`: In case the response from the internal zone is REFUSED, NXDOMAIN, or a response with a CNAME type, Gateway DNS resolver sends the query to Cloudflare 1.1.1.1 public resolver and tries to resolve the query via public DNS.
93+
8794
For guidance about selectors, operators, and values, refer to [Gateway](/cloudflare-one/policies/gateway/resolver-policies/#selectors).
8895

8996
</TabItem> </Tabs>
9097

98+
---
99+
100+
## Connectivity
101+
91102
The internal DNS queries can be sent using different configurations:
92103

93104
- Via [WARP](/cloudflare-one/connections/connect-devices/warp/).

0 commit comments

Comments
 (0)