Hyperlint Automation: Broken Link Fixes #19851
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -30,7 +30,7 @@ Cloudflare Gateway, like all Cloudflare services, utilizes [anycast technology]( | |
| To distinguish queries originating from the service provider from those coming from other customers, admins configure a [location](/cloudflare-one/connections/connect-devices/agentless/dns/locations/) in their Cloudflare tenant dashboard. When a DNS location is created, Gateway assigns IPv4/IPv6 addresses and DoT/DoH hostnames for that location. These assigned IP addresses and hostnames are then used by the service provider to send DNS queries for resolution. In turn, the service provider configures the location object with the public IP addresses of their on-premises DNS servers, allowing Cloudflare to accurately associate queries with the corresponding location. | ||
|
|
||
| :::note[On Locations] | ||
| If stable and defined source IPv4 addresses cannot be assigned to the on-premises DNS servers, service providers can instead use unique destination location endpoints. Each location is assigned a distinct [DoT](/cloudflare-one/connections/connect-devices/agentless/dns/locations/dns-resolver-ips/#dns-over-tls-dot) and [DoH](/cloudflare-one/connections/connect-devices/agentless/dns/locations/dns-resolver-ips/#dns-over-https-doh) hostname, as well as a unique [destination IPv6 address](/cloudflare-one/connections/connect-devices/agentless/dns/locations/dns-resolver-ips/#ipv4ipv6-address). Additionally, Cloudflare can provide unique [destination IPv4 addresses upon request](/cloudflare-one/connections/connect-devices/agentless/dns/locations/dns-resolver-ips/#dns-resolver-ip). | ||
| ::: | ||
|
|
||
| DNS filtering is then enforced through DNS policies set up by the service provider to detect domains linked to [security risks](/cloudflare-one/policies/gateway/domain-categories/#security-categories). Cloudflare continuously updates the list of risky domains using [its extensive threat intelligence](https://www.cloudflare.com/en-gb/security/). When a DNS query matches a flagged domain, the corresponding action specified in the DNS policy is executed. This action can be a '[Block](/cloudflare-one/policies/gateway/dns-policies/#block),' where Gateway responds with `0.0.0.0` for IPv4 queries or `::` for IPv6 queries, or displays a [custom block page hosted by Cloudflare](/cloudflare-one/policies/gateway/block-page/). Alternatively, an `[Override](/cloudflare-one/policies/gateway/dns-policies/#override)` action can redirect the DNS query to a block page hosted by the service provider. | ||
|
|
@@ -46,7 +46,7 @@ To streamline the management of allowed and blocked domains, use [lists](/cloudf | |
| Additionally, all DNS queries forwarded to Cloudflare Gateway are logged and can be exported to external systems using [Logpush](/cloudflare-one/insights/logs/logpush/). | ||
|
|
||
| :::note[Miscategorization of domains] | ||
| In cases of a miscategorization of domains, raise a [categorization change request](/security-center/investigate/change-categorization/#via-the-cloudflare-dashboard) directly from the Cloudflare dashboard. | ||
| ::: | ||
|
|
||
| ## Additional offerings based on DNS filtering capabilities | ||
|
|
@@ -59,7 +59,7 @@ Some potential applications include: | |
| - **Educational Services**: Designed for schools and educational organizations, this service can extend beyond parental controls by blocking additional categories like CIPA, gambling, and entertainment, thereby promoting a focused learning atmosphere. | ||
| - **Enterprise Services**: This offering allows businesses to easily restrict access to non-work-related domains, including categories such as entertainment, social networking, gambling, shopping & auctions, society & lifestyle, and sports. | ||
|
|
||
| To differentiate these additional services from the core DNS security offering, the service provider would create additional DNS locations, one for each service. Cloudflare would be able to distinguish DNS queries for these services if the service provider sends them to one of the unique identifiers of a location. Each location has a unique [DoH](/cloudflare-one/connections/connect-devices/agentless/dns/locations/dns-resolver-ips/#dns-over-https-doh) and [DoT](/cloudflare-one/connections/connect-devices/agentless/dns/locations/dns-resolver-ips/#dns-over-tls-dot) hostname and a unique [destination IPv6 address](/cloudflare-one/connections/connect-devices/agentless/dns/locations/dns-resolver-ips/#ipv4ipv6-address). Cloudflare can also provision [dedicated destination IPv4 addresses](/cloudflare-one/connections/connect-devices/agentless/dns/locations/dns-resolver-ips/#dns-resolver-ip) per location. | ||
|
Contributor
Author
There was a problem hiding this comment. This page: http://localhost:1111/reference-architecture/diagrams/sase/gateway-dns-for-isp/ By looking at the page: http://localhost:1111/cloudflare-one/connections/connect-devices/agentless/dns/locations/dns-resolver-ips/ |
||
|
|
||
| ## Related resources | ||
|
|
||
|
|
||
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This page: http://localhost:1111/reference-architecture/diagrams/sase/gateway-dns-for-isp/
has a broken internal link to: http://localhost:1111/cloudflare-one/connections/connect-devices/agentless/dns/locations/dns-resolver-ips/.
The fragment
dns-over-tlsdoes not exist.By looking at the page: http://localhost:1111/cloudflare-one/connections/connect-devices/agentless/dns/locations/dns-resolver-ips/
The best fragment to use seems to be: #dns-over-tls-dot
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@bllchmbrs The comment describes one change, but the updated line actually contains 3 different changes. Not sure if we should have an explanation for the three, or just a note in the comment saying that the updated line contains 2 additional changes (just to alert the reviewer).