DNS config for WARP Connector

Author: ranbel

src/content/docs/cloudflare-one/connections/connect-networks/private-net/warp-connector/site-to-internet.mdx

@@ -35,7 +35,7 @@ This guide covers how to connect a private network to the Internet using WARP Co
 
 ## 3. Route traffic from subnet to WARP Connector
 
-Depending on where you installed the WARP Connector, you may need to configure other devices on the subnet to route outbound requests through WARP Connector.
+The WARP Connector host will automatically forward DNS and network traffic to Cloudflare. Depending on where you installed the WARP Connector, you may need to configure other devices on the subnet to route outbound requests through WARP Connector.
 
 ### Option 1: Default gateway
 
@@ -48,7 +48,7 @@ Depending on where you installed the WARP Connector, you may need to configure o
 	product="cloudflare-one"
 />
 
-#### Add route to router
+#### Add IP route to router
 
 For example, for all traffic from the subnet to egress through WARP Connector, add a rule on the router that routes `0.0.0.0` to the WARP Connector host machine (`10.0.0.100`).
 
@@ -57,24 +57,36 @@ For example, for all traffic from the subnet to egress through WARP Connector, a
 	product="cloudflare-one"
 />
 
+#### Configure DNS resolver on router
+
+<Render
+	file="tunnel/warp-connector-alternate-gateway-dns"
+	product="cloudflare-one"
+/>
+
 ### Option 3: Intermediate gateway
 
 <Render
 	file="tunnel/warp-connector-intermediate-gateway"
 	product="cloudflare-one"
 />
 
-#### Add route to devices
+#### Add IP route to devices
 
 <Render
 	file="tunnel/warp-connector-route-all-traffic"
 	product="cloudflare-one"
 />
 
-#### Verify routes
-
 <Render file="tunnel/warp-connector-verify-routes" product="cloudflare-one" />
 
+#### Configure DNS resolver on devices
+
+<Render
+	file="tunnel/warp-connector-intermediate-gateway-dns"
+	product="cloudflare-one"
+/>
+
 ## 4. Test the WARP Connector
 
 You can now test if traffic from your subnet routes through Cloudflare. For example,

src/content/docs/cloudflare-one/connections/connect-networks/private-net/warp-connector/site-to-site.mdx

@@ -38,7 +38,7 @@ In this example, we will create a WARP Connector for subnet `10.0.0.0/24` and in
 
 <Render file="tunnel/warp-connector-device-profile" product="cloudflare-one" />
 
-## 3. Route traffic from WARP Connector to subnet
+## 3. Route traffic between WARP Connector and Cloudflare
 
 1. In [Zero Trust](https://one.dash.cloudflare.com), go to **Networks** > **Routes**.
 2. Select **Create route**.
@@ -65,9 +65,17 @@ The WARP Connector will now forward inbound requests to devices on the subnet.
 
 ```
 
+### DNS filtering
+If you would like to filter private DNS queries using Cloudflare Gateway, check [Split Tunnels](/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/split-tunnels/) and ensure that the following IPs route through WARP Connector:
+	- Internal DNS resolver IP
+	- <GlossaryTooltip term="initial resolved IP">Initial resolved IP</GlossaryTooltip> CGNAT range:
+		<Render file="gateway/egress-selector-cgnat-ips" 	product="cloudflare-one"/>
+
+When you resolve DNS queries from WARP Connector through Gateway, Gateway will log the queries with the private source IP. You can use the private source IP to create [resolver policies](/cloudflare-one/policies/gateway/resolver-policies/) for queries intended for [internal DNS records](/cloudflare-one/policies/gateway/resolver-policies/#internal-dns).
+
 ## 4. Route traffic from subnet to WARP Connector
 
-Depending on where you installed the WARP Connector, you may need to configure other devices on the subnet to route outbound requests through WARP Connector.
+The WARP Connector host will automatically forward DNS and network traffic to Cloudflare. Depending on where you installed the WARP Connector, you may need to configure other devices on the subnet to route outbound requests through WARP Connector.
 
 ```mermaid
     flowchart LR
@@ -94,7 +102,7 @@ Depending on where you installed the WARP Connector, you may need to configure o
 	product="cloudflare-one"
 />
 
-#### Add route to router
+#### Add IP route to router
 
 For example, for devices on subnet `10.0.0.0/24` to reach applications behind subnet `192.168.1.0/24`, add a rule on the router that routes `192.168.1.0/24` to the WARP Connector host machine (`10.0.0.100`).
 
@@ -103,14 +111,21 @@ For example, for devices on subnet `10.0.0.0/24` to reach applications behind su
 	product="cloudflare-one"
 />
 
+#### Configure DNS resolver on router
+
+<Render
+	file="tunnel/warp-connector-alternate-gateway-dns"
+	product="cloudflare-one"
+/>
+
 ### Option 3: Intermediate gateway
 
 <Render
 	file="tunnel/warp-connector-intermediate-gateway"
 	product="cloudflare-one"
 />
 
-#### Add route to devices
+#### Add IP route to devices
 
 <Render
 	file="tunnel/warp-connector-route-all-traffic"
@@ -141,10 +156,15 @@ route /p add <DESTINATION-IP> mask 255.255.255.255 <WARP-CONNECTOR-IP>
 
 </TabItem> </Tabs>
 
-#### Verify routes
-
 <Render file="tunnel/warp-connector-verify-routes" product="cloudflare-one" />
 
+#### Configure DNS resolver on devices
+
+<Render
+	file="tunnel/warp-connector-intermediate-gateway-dns"
+	product="cloudflare-one"
+/>
+
 ## 5. Install another WARP Connector
 
 Repeat steps 1, 3, and 4 above to install an additional WARP Connector on subnet `192.168.1.0/24`. The device profile created in Step 2 will apply to all WARP Connectors.
@@ -183,10 +203,11 @@ You can now test the connection between the two subnets. For example, on the `10
 ```
 
 :::note
-
 If you are testing with curl using private hostnames, add the `--ipv4` flag to your curl commands.
 :::
 
+Your [Gateway activity logs](/cloudflare-one/insights/logs/gateway-logs/) will show traffic associated with the email `warp_connector@<your-team-name>.cloudflareaccess.com`.
+
 [^1]:
     <Render
     	file="tunnel/warp-connector-linux-packages"

src/content/docs/cloudflare-one/connections/connect-networks/private-net/warp-connector/user-to-site.mdx

@@ -59,7 +59,7 @@ Depending on where you installed the WARP Connector, you may need to configure o
 	product="cloudflare-one"
 />
 
-#### Add route to router
+#### Add IP route to router
 
 `100.96.0.0/12` is the default CIDR for all user devices running the [WARP client](/cloudflare-one/connections/connect-devices/warp/). On your router, add a rule that routes the destination IP `100.96.0.0/12` to the WARP Connector host machine (`10.0.0.100`).
 
@@ -75,7 +75,7 @@ Depending on where you installed the WARP Connector, you may need to configure o
 	product="cloudflare-one"
 />
 
-#### Add route to devices
+#### Add IP route to devices
 
 To route all <GlossaryTooltip term="CGNAT IP">CGNAT IP</GlossaryTooltip> traffic through WARP Connector:
 
@@ -101,8 +101,6 @@ route /p add 100.96.0.0/12 mask 255.255.255.255 <WARP-CONNECTOR-IP>
 
 </TabItem> </Tabs>
 
-#### Verify routes
-
 <Render file="tunnel/warp-connector-verify-routes" product="cloudflare-one" />
 
 ## 5. Test the WARP Connector

src/content/partials/cloudflare-one/tunnel/warp-connector-alternate-gateway-dns.mdx

@@ -0,0 +1,5 @@
+---
+{}
+---
+
+To forward DNS traffic from the subnet to Cloudflare Gateway, your router should point DNS queries to either WARP Connector's [local DNS proxy](/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/warp-architecture/#dns-traffic) (for example, `10.0.0.100:53`) or directly to the Gateway DNS resolver IPs (`172.64.36.1` and `172.64.36.2`).

src/content/partials/cloudflare-one/tunnel/warp-connector-intermediate-gateway-dns.mdx

@@ -0,0 +1,5 @@
+---
+{}
+---
+
+To filter DNS traffic with Cloudflare Gateway, the DNS resolver on your device should point to either WARP Connector's [local DNS proxy](/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/warp-architecture/#dns-traffic) (for example, `10.0.0.4:53`) or directly to the Gateway DNS resolver IPs (`172.64.36.1` and `172.64.36.2`).