From 55bd61adba6bbff23a3c1f92fa7957019c29adeb Mon Sep 17 00:00:00 2001 From: Rebecca Tamachiro Date: Thu, 6 Mar 2025 17:07:42 +0000 Subject: [PATCH 01/18] Add conditional rendering for create internal zone --- .../docs/dns/internal-dns/get-started.mdx | 13 +++--------- .../dns/internal-dns/internal-zones/setup.mdx | 11 +++------- .../partials/dns/internal-zone-create.mdx | 20 +++++++++++++++++++ 3 files changed, 26 insertions(+), 18 deletions(-) create mode 100644 src/content/partials/dns/internal-zone-create.mdx diff --git a/src/content/docs/dns/internal-dns/get-started.mdx b/src/content/docs/dns/internal-dns/get-started.mdx index b0a15f2359949da..9113e9ab1e86f44 100644 --- a/src/content/docs/dns/internal-dns/get-started.mdx +++ b/src/content/docs/dns/internal-dns/get-started.mdx @@ -41,16 +41,9 @@ Although there are some steps that can be achieved on the dashboard, currently t ## 1. Set up your internal DNS zone -1. Use the [Create Zone](/api/resources/zones/) endpoint to create an [internal zone](/dns/internal-dns/internal-zones/). Specify your account ID and set the `type` to `internal`. - -
- -
- -2. Add DNS records to your internal zone using your preferred option: -- [Import](/api/resources/dns/subresources/records/methods/import/) a formatted BIND file. Refer to the [DNS records how-to](/dns/manage-dns-records/how-to/import-and-export/) for guidance. -- Use other API endpoints, such as [`/batch`](/api/resources/dns/subresources/records/methods/batch/), to manage DNS records. Refer to [Batch record changes](/dns/manage-dns-records/how-to/batch-record-changes/#use-the-api) for details. -3. Repeat this process for each internal zone you wish to add. + ### (Optional) Reference a zone from another zone diff --git a/src/content/docs/dns/internal-dns/internal-zones/setup.mdx b/src/content/docs/dns/internal-dns/internal-zones/setup.mdx index 9e7b29bba27631a..ca433d74bfd8d09 100644 --- a/src/content/docs/dns/internal-dns/internal-zones/setup.mdx +++ b/src/content/docs/dns/internal-dns/internal-zones/setup.mdx @@ -17,14 +17,9 @@ When setting up internal zones, observe the following conditions: ## Create an internal zone -1. Use the [Create Zone](/api/resources/zones/) endpoint to create an internal zone. Specify your account ID and set the `type` to `internal`. -2. Add DNS records to your internal zone using your preferred option: -- [Import](/api/resources/dns/subresources/records/methods/import/) a formatted BIND file. Refer to the [DNS records how-to](/dns/manage-dns-records/how-to/import-and-export/) for guidance. -- Use other API endpoints, such as [`/batch`](/api/resources/dns/subresources/records/methods/batch/), to manage DNS records. Refer to [Batch record changes](/dns/manage-dns-records/how-to/batch-record-changes/#use-the-api) for details. -3. Repeat this process for each internal zone you wish to add. - -Since the resolver policy configuration will require a DNS view, you must link the internal zones to at least one view to be able to use them when routing requests to Internal DNS. For a full procedure overview, refer to [get started](/dns/internal-dns/get-started/). - + ## Other actions diff --git a/src/content/partials/dns/internal-zone-create.mdx b/src/content/partials/dns/internal-zone-create.mdx new file mode 100644 index 000000000000000..235c275b8a392f7 --- /dev/null +++ b/src/content/partials/dns/internal-zone-create.mdx @@ -0,0 +1,20 @@ +--- +params: + - conditional +--- + +import { TabItem, Tabs, Details, Example, Render, Markdown } from "~/components"; + +1. Use the [Create Zone](/api/resources/zones/) endpoint to create an [internal zone](/dns/internal-dns/internal-zones/). Specify your account ID and set the `type` to `internal`. + +{ props.conditional === "get-started-detail" && ( +
+ +
+ ) +} + +2. Add DNS records to your internal zone using your preferred option: +- [Import](/api/resources/dns/subresources/records/methods/import/) a formatted BIND file. Refer to the [DNS records how-to](/dns/manage-dns-records/how-to/import-and-export/) for guidance. +- Use other API endpoints, such as [`/batch`](/api/resources/dns/subresources/records/methods/batch/), to manage DNS records. Refer to [Batch record changes](/dns/manage-dns-records/how-to/batch-record-changes/#use-the-api) for details. +3. Repeat this process for each internal zone you wish to add. \ No newline at end of file From 74b64b4e91a1d2fbf984939813549e1b8909c0f9 Mon Sep 17 00:00:00 2001 From: Rebecca Tamachiro Date: Thu, 6 Mar 2025 17:25:05 +0000 Subject: [PATCH 02/18] Clear out unused components from internal-zone-create --- src/content/partials/dns/internal-zone-create.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/content/partials/dns/internal-zone-create.mdx b/src/content/partials/dns/internal-zone-create.mdx index 235c275b8a392f7..a2864a73d081990 100644 --- a/src/content/partials/dns/internal-zone-create.mdx +++ b/src/content/partials/dns/internal-zone-create.mdx @@ -3,7 +3,7 @@ params: - conditional --- -import { TabItem, Tabs, Details, Example, Render, Markdown } from "~/components"; +import { Details, Render } from "~/components"; 1. Use the [Create Zone](/api/resources/zones/) endpoint to create an [internal zone](/dns/internal-dns/internal-zones/). Specify your account ID and set the `type` to `internal`. From 03d4606e195b65c5020f758d2d49b1d601507a8f Mon Sep 17 00:00:00 2001 From: Rebecca Tamachiro Date: Thu, 6 Mar 2025 17:34:16 +0000 Subject: [PATCH 03/18] Fix syntax to make conditional property opitional --- src/content/docs/dns/internal-dns/internal-zones/setup.mdx | 4 +--- src/content/partials/dns/internal-zone-create.mdx | 2 +- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/src/content/docs/dns/internal-dns/internal-zones/setup.mdx b/src/content/docs/dns/internal-dns/internal-zones/setup.mdx index ca433d74bfd8d09..14d35e8716f5095 100644 --- a/src/content/docs/dns/internal-dns/internal-zones/setup.mdx +++ b/src/content/docs/dns/internal-dns/internal-zones/setup.mdx @@ -17,9 +17,7 @@ When setting up internal zones, observe the following conditions: ## Create an internal zone - + ## Other actions diff --git a/src/content/partials/dns/internal-zone-create.mdx b/src/content/partials/dns/internal-zone-create.mdx index a2864a73d081990..a46c3c8a59f9827 100644 --- a/src/content/partials/dns/internal-zone-create.mdx +++ b/src/content/partials/dns/internal-zone-create.mdx @@ -1,6 +1,6 @@ --- params: - - conditional + - conditional? --- import { Details, Render } from "~/components"; From 5dff0746b033d2f24a9376b1d63f98439ebd9ca8 Mon Sep 17 00:00:00 2001 From: Rebecca Tamachiro Date: Thu, 13 Mar 2025 08:48:54 +0000 Subject: [PATCH 04/18] Add .yaml file so that iDNS comes up in /products --- src/content/products/internal-dns.yaml | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 src/content/products/internal-dns.yaml diff --git a/src/content/products/internal-dns.yaml b/src/content/products/internal-dns.yaml new file mode 100644 index 000000000000000..17f9428302c582b --- /dev/null +++ b/src/content/products/internal-dns.yaml @@ -0,0 +1,9 @@ +name: Internal DNS + +product: + title: Internal DNS + url: /dns/internal-dns/ + group: Application performance + +meta: + description: Leverage Cloudflare DNS for your internal resources. \ No newline at end of file From 8f82673257bbb75f5373b55f9f7c9c15dda8fb89 Mon Sep 17 00:00:00 2001 From: Rebecca Tamachiro Date: Thu, 13 Mar 2025 08:53:39 +0000 Subject: [PATCH 05/18] Update DNS records link to point to #internal-dns-records --- src/content/docs/dns/internal-dns/index.mdx | 2 +- src/content/glossary/dns.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/content/docs/dns/internal-dns/index.mdx b/src/content/docs/dns/internal-dns/index.mdx index 3969a0ec6face30..14348e33e0b50d5 100644 --- a/src/content/docs/dns/internal-dns/index.mdx +++ b/src/content/docs/dns/internal-dns/index.mdx @@ -76,7 +76,7 @@ flowchart LR end ``` -Internal DNS zones contain the DNS records that should be used to resolve an internal DNS query. Also, if no internal record is found within a matching internal zone, Cloudflare will check if the matching internal zone is [referencing another internal zone](/dns/internal-dns/internal-zones/#reference-zones). +Internal DNS zones contain the DNS records that should be used to resolve an internal DNS query. Also, if no internal record is found within a matching internal zone, Cloudflare will check if the matching internal zone is [referencing another internal zone](/dns/internal-dns/internal-zones/#reference-zones). diff --git a/src/content/glossary/dns.yaml b/src/content/glossary/dns.yaml index c1e134dc8ffb4d4..b1e327568b6a000 100644 --- a/src/content/glossary/dns.yaml +++ b/src/content/glossary/dns.yaml @@ -27,7 +27,7 @@ entries: - term: DNS record general_definition: |- - DNS records are instructions that live in authoritative DNS servers and provide information about a domain including what IP address is associated with that domain and how to handle requests for that domain. + DNS records are instructions that live in authoritative DNS servers and provide information about a domain, including what IP address is associated with that domain and how to handle requests for that domain. - term: DNS server general_definition: |- From 647e89549318be6712da352489fc9fb68ab2d094 Mon Sep 17 00:00:00 2001 From: Rebecca Tamachiro Date: Thu, 13 Mar 2025 09:01:57 +0000 Subject: [PATCH 06/18] Create and apply partial for reference-zone-intro --- src/content/docs/dns/internal-dns/internal-zones/index.mdx | 2 +- .../dns/internal-dns/internal-zones/reference-zones.mdx | 2 +- src/content/partials/dns/reference-zone-intro.mdx | 6 ++++++ 3 files changed, 8 insertions(+), 2 deletions(-) create mode 100644 src/content/partials/dns/reference-zone-intro.mdx diff --git a/src/content/docs/dns/internal-dns/internal-zones/index.mdx b/src/content/docs/dns/internal-dns/internal-zones/index.mdx index 5f4dfb4589219f3..056343856f3525e 100644 --- a/src/content/docs/dns/internal-dns/internal-zones/index.mdx +++ b/src/content/docs/dns/internal-dns/internal-zones/index.mdx @@ -17,7 +17,7 @@ Internal DNS zones do not get assigned Cloudflare nameservers and can only be qu ## Reference zones -During an [internal DNS query resolution](/dns/internal-dns/#architecture-overview), if no internal record is found within a matching internal zone, Cloudflare will check if the matching internal zone is referencing another internal zone. Successive references can be followed with a maximum of five references in a chain. + Each internal zone can only reference one other zone, but the same zone can be referenced by multiple internal zones. Public zones cannot be used as reference zones. diff --git a/src/content/docs/dns/internal-dns/internal-zones/reference-zones.mdx b/src/content/docs/dns/internal-dns/internal-zones/reference-zones.mdx index 0d0bee5d88639ca..94077ca2ec6c7f3 100644 --- a/src/content/docs/dns/internal-dns/internal-zones/reference-zones.mdx +++ b/src/content/docs/dns/internal-dns/internal-zones/reference-zones.mdx @@ -7,7 +7,7 @@ sidebar: import { Example, Render } from "~/components"; -During an [internal DNS query resolution](/dns/internal-dns/#architecture-overview), if no internal record is found within a matching internal zone, Cloudflare will check if the matching internal zone is referencing another internal zone. Successive references can be followed with a maximum of five references in a chain. + Each internal zone can only reference one other zone, but the same zone can be referenced by multiple internal zones. Public zones cannot be used as reference zones. diff --git a/src/content/partials/dns/reference-zone-intro.mdx b/src/content/partials/dns/reference-zone-intro.mdx new file mode 100644 index 000000000000000..326bc7d5e540a21 --- /dev/null +++ b/src/content/partials/dns/reference-zone-intro.mdx @@ -0,0 +1,6 @@ +--- +{} + +--- + +During an [internal DNS query resolution](/dns/internal-dns/#architecture-overview), if no internal record is found within a matching internal zone, Cloudflare will check if the matching internal zone is referencing another internal zone. Successive references can be followed with a maximum of five references in a chain. \ No newline at end of file From 23d14e9542c493e4e988a08c381060ab78d522cd Mon Sep 17 00:00:00 2001 From: Rebecca Tamachiro Date: Thu, 13 Mar 2025 10:38:48 +0000 Subject: [PATCH 07/18] Add info about CNAME flatenning to iDNS docs --- src/content/docs/dns/cname-flattening/index.mdx | 8 ++------ .../docs/dns/internal-dns/internal-zones/index.mdx | 13 ++++++++++++- src/content/glossary/dns.yaml | 4 ++++ 3 files changed, 18 insertions(+), 7 deletions(-) diff --git a/src/content/docs/dns/cname-flattening/index.mdx b/src/content/docs/dns/cname-flattening/index.mdx index dcdd96e576dce45..024337b483121f7 100644 --- a/src/content/docs/dns/cname-flattening/index.mdx +++ b/src/content/docs/dns/cname-flattening/index.mdx @@ -6,16 +6,12 @@ sidebar: label: About --- -import { Render } from "~/components" +import { Render, GlossaryTooltip } from "~/components" -CNAME flattening speeds up CNAME resolution and allows you to use a CNAME record at your root/apex domain (`example.com`). +CNAME flattening speeds up CNAME resolution and allows you to use a CNAME record at your zone apex (`example.com`). :::note - - This functionality is also what allows you to use a [root custom domain](/pages/configuration/custom-domains/) with a Cloudflare Pages site. - - ::: ## How it works diff --git a/src/content/docs/dns/internal-dns/internal-zones/index.mdx b/src/content/docs/dns/internal-dns/internal-zones/index.mdx index 056343856f3525e..b6772b78562fbe6 100644 --- a/src/content/docs/dns/internal-dns/internal-zones/index.mdx +++ b/src/content/docs/dns/internal-dns/internal-zones/index.mdx @@ -29,4 +29,15 @@ Internal zones can contain the same [DNS record types](/dns/manage-dns-records/r You can manage internal DNS records in the same way as you would manage public DNS records, with the difference that [proxy status](/dns/proxy-status/) does not apply to internal DNS records. -Refer to [Manage DNS records](/dns/manage-dns-records/how-to/create-dns-records/) or to the [API documentation](/api/resources/dns/subresources/records/) for further guidance. \ No newline at end of file +Refer to [Manage DNS records](/dns/manage-dns-records/how-to/create-dns-records/) or to the [API documentation](/api/resources/dns/subresources/records/) for further guidance. + +### CNAME flattening + +With CNAME flattening, Cloudflare finds the IP address that a CNAME points to and then returns the final IP address instead of a CNAME record. With Internal DNS, this behavior is applied by default and cannot be turned off. + +Cloudflare will try to flatten the CNAME record within the same [DNS view](/dns/internal-dns/dns-views/). If that is not possible, the following will happen: + +1. The CNAME record is returned to Gateway resolver as-is. +2. Gateway resolver will process the returned record, depending on the **Fallback through public DNS** configuration: + - On: Gateway will try to resolve the query by sending it to Cloudflare's public DNS resolver ([1.1.1.1](/1.1.1.1/)). + - Off: Gateway will return the response as-is to the client. \ No newline at end of file diff --git a/src/content/glossary/dns.yaml b/src/content/glossary/dns.yaml index b1e327568b6a000..593179167b174d3 100644 --- a/src/content/glossary/dns.yaml +++ b/src/content/glossary/dns.yaml @@ -79,3 +79,7 @@ entries: When a [DNS record is proxied](/dns/proxy-status/), requests are processed according to your configurations, and Cloudflare can optimize, cache, and protect your domain. Refer to [How Cloudflare works](/fundamentals/concepts/how-cloudflare-works/) for details. associated_products: - Fundamentals + + - term: zone apex + general_definition: |- + zone apex refers to the domain or subdomain on which the control of DNS records starts. From 9fe349b7131c40ee803b5ab5b5f2b53208ebfa1e Mon Sep 17 00:00:00 2001 From: Rebecca Tamachiro Date: Thu, 13 Mar 2025 10:55:30 +0000 Subject: [PATCH 08/18] Add note about wildcard record and reference zones --- .../docs/dns/internal-dns/internal-zones/index.mdx | 2 -- .../dns/internal-dns/internal-zones/reference-zones.mdx | 2 -- src/content/partials/dns/reference-zone-intro.mdx | 8 +++++++- 3 files changed, 7 insertions(+), 5 deletions(-) diff --git a/src/content/docs/dns/internal-dns/internal-zones/index.mdx b/src/content/docs/dns/internal-dns/internal-zones/index.mdx index b6772b78562fbe6..91b1b1e29f9d926 100644 --- a/src/content/docs/dns/internal-dns/internal-zones/index.mdx +++ b/src/content/docs/dns/internal-dns/internal-zones/index.mdx @@ -19,8 +19,6 @@ Internal DNS zones do not get assigned Cloudflare nameservers and can only be qu -Each internal zone can only reference one other zone, but the same zone can be referenced by multiple internal zones. Public zones cannot be used as reference zones. - Refer to [Set up reference zones](/dns/internal-dns/internal-zones/reference-zones/) for step-by-step instructions. ## Internal DNS records diff --git a/src/content/docs/dns/internal-dns/internal-zones/reference-zones.mdx b/src/content/docs/dns/internal-dns/internal-zones/reference-zones.mdx index 94077ca2ec6c7f3..f95374c11d3c3bf 100644 --- a/src/content/docs/dns/internal-dns/internal-zones/reference-zones.mdx +++ b/src/content/docs/dns/internal-dns/internal-zones/reference-zones.mdx @@ -9,8 +9,6 @@ import { Example, Render } from "~/components"; -Each internal zone can only reference one other zone, but the same zone can be referenced by multiple internal zones. Public zones cannot be used as reference zones. - ## Steps To set up a reference zone, use the [Update DNS settings](/api/resources/dns/subresources/settings/methods/edit/) endpoint. In `--data`, specify the `internal_dns` object with the parameter `reference_zone_id`. diff --git a/src/content/partials/dns/reference-zone-intro.mdx b/src/content/partials/dns/reference-zone-intro.mdx index 326bc7d5e540a21..3e255f6a447513e 100644 --- a/src/content/partials/dns/reference-zone-intro.mdx +++ b/src/content/partials/dns/reference-zone-intro.mdx @@ -3,4 +3,10 @@ --- -During an [internal DNS query resolution](/dns/internal-dns/#architecture-overview), if no internal record is found within a matching internal zone, Cloudflare will check if the matching internal zone is referencing another internal zone. Successive references can be followed with a maximum of five references in a chain. \ No newline at end of file +During an [internal DNS query resolution](/dns/internal-dns/#architecture-overview), if no internal record is found within a matching internal zone, Cloudflare will check if the matching internal zone is referencing another internal zone. Successive references can be followed with a maximum of five references in a chain. + +:::note +A wildcard record in the matching internal zone will take precedence over an exact match in a referenced zone. +::: + +Each internal zone can only reference one other zone, but the same zone can be referenced by multiple internal zones. Public zones cannot be used as reference zones. \ No newline at end of file From 938dbf6f90cd574804fd603c5b573935590d7ed4 Mon Sep 17 00:00:00 2001 From: Rebecca Tamachiro Date: Thu, 13 Mar 2025 10:57:51 +0000 Subject: [PATCH 09/18] Revert "Add .yaml file so that iDNS comes up in /products" This reverts commit 5dff0746b033d2f24a9376b1d63f98439ebd9ca8. --- src/content/products/internal-dns.yaml | 9 --------- 1 file changed, 9 deletions(-) delete mode 100644 src/content/products/internal-dns.yaml diff --git a/src/content/products/internal-dns.yaml b/src/content/products/internal-dns.yaml deleted file mode 100644 index 17f9428302c582b..000000000000000 --- a/src/content/products/internal-dns.yaml +++ /dev/null @@ -1,9 +0,0 @@ -name: Internal DNS - -product: - title: Internal DNS - url: /dns/internal-dns/ - group: Application performance - -meta: - description: Leverage Cloudflare DNS for your internal resources. \ No newline at end of file From 53bf5dd06936550441b5106a0228a8903f1e2de6 Mon Sep 17 00:00:00 2001 From: Rebecca Tamachiro Date: Mon, 17 Mar 2025 14:44:39 +0000 Subject: [PATCH 10/18] Create dedicated pages to reference zones and internal records --- .../docs/dns/internal-dns/get-started.mdx | 2 +- src/content/docs/dns/internal-dns/index.mdx | 2 +- .../dns/internal-dns/internal-zones/index.mdx | 29 +++---------------- .../internal-zones/internal-dns-records.mdx | 24 +++++++++++++++ .../internal-zones/reference-zones.mdx | 4 +-- 5 files changed, 32 insertions(+), 29 deletions(-) create mode 100644 src/content/docs/dns/internal-dns/internal-zones/internal-dns-records.mdx diff --git a/src/content/docs/dns/internal-dns/get-started.mdx b/src/content/docs/dns/internal-dns/get-started.mdx index 9113e9ab1e86f44..7bbba2b8687f29c 100644 --- a/src/content/docs/dns/internal-dns/get-started.mdx +++ b/src/content/docs/dns/internal-dns/get-started.mdx @@ -47,7 +47,7 @@ Although there are some steps that can be achieved on the dashboard, currently t ### (Optional) Reference a zone from another zone -1. Use the [Update DNS settings](/api/resources/dns/subresources/settings/methods/edit/) endpoint to add a reference from an internal zone to another internal zone. In `--data`, specify the `internal_dns` object with the parameter `reference_zone_id`. For details, refer to [reference zones](/dns/internal-dns/internal-zones/#reference-zones). +1. Use the [Update DNS settings](/api/resources/dns/subresources/settings/methods/edit/) endpoint to add a reference from an internal zone to another internal zone. In `--data`, specify the `internal_dns` object with the parameter `reference_zone_id`. For details, refer to [reference zones](/dns/internal-dns/internal-zones/reference-zones/). diff --git a/src/content/docs/dns/internal-dns/index.mdx b/src/content/docs/dns/internal-dns/index.mdx index 14348e33e0b50d5..725400ce2081402 100644 --- a/src/content/docs/dns/internal-dns/index.mdx +++ b/src/content/docs/dns/internal-dns/index.mdx @@ -76,7 +76,7 @@ flowchart LR end ``` -Internal DNS zones contain the DNS records that should be used to resolve an internal DNS query. Also, if no internal record is found within a matching internal zone, Cloudflare will check if the matching internal zone is [referencing another internal zone](/dns/internal-dns/internal-zones/#reference-zones). +Internal DNS zones contain the DNS records that should be used to resolve an internal DNS query. Also, if no internal record is found within a matching internal zone, Cloudflare will check if the matching internal zone is [referencing another internal zone](/dns/internal-dns/internal-zones/reference-zones/). diff --git a/src/content/docs/dns/internal-dns/internal-zones/index.mdx b/src/content/docs/dns/internal-dns/internal-zones/index.mdx index 91b1b1e29f9d926..3c37c6ff73d4c69 100644 --- a/src/content/docs/dns/internal-dns/internal-zones/index.mdx +++ b/src/content/docs/dns/internal-dns/internal-zones/index.mdx @@ -7,35 +7,14 @@ sidebar: label: Internal zones --- -import { Example, Render } from "~/components"; +import { Example, Render, DirectoryListing } from "~/components"; -Internal DNS zones are groupings of internal DNS records. While [public DNS records](/dns/manage-dns-records/) contain information about resources that you want to make available to the public Internet, [internal DNS records](#internal-dns-records) allow you to manage resources that should only be available within your private network. +Internal DNS zones are groupings of internal DNS records. While [public DNS records](/dns/manage-dns-records/) contain information about resources that you want to make available to the public Internet, [internal DNS records](/dns/internal-dns/internal-zones/internal-dns-records/) allow you to manage resources that should only be available within your private network. Refer to [Manage internal zones](/dns/internal-dns/internal-zones/setup/) for a full list of configuration conditions and step-by-step instructions. Internal DNS zones do not get assigned Cloudflare nameservers and can only be queried via [Cloudflare Gateway](/cloudflare-one/policies/gateway/resolver-policies/) when linked to a [DNS view](/dns/internal-dns/dns-views/). The Gateway configuration must exist within the same Cloudflare account where the internal zone exists. -## Reference zones +## Resources - - -Refer to [Set up reference zones](/dns/internal-dns/internal-zones/reference-zones/) for step-by-step instructions. - -## Internal DNS records - -Internal zones can contain the same [DNS record types](/dns/manage-dns-records/reference/dns-record-types/) that Cloudflare supports for public zones. - -You can manage internal DNS records in the same way as you would manage public DNS records, with the difference that [proxy status](/dns/proxy-status/) does not apply to internal DNS records. - -Refer to [Manage DNS records](/dns/manage-dns-records/how-to/create-dns-records/) or to the [API documentation](/api/resources/dns/subresources/records/) for further guidance. - -### CNAME flattening - -With CNAME flattening, Cloudflare finds the IP address that a CNAME points to and then returns the final IP address instead of a CNAME record. With Internal DNS, this behavior is applied by default and cannot be turned off. - -Cloudflare will try to flatten the CNAME record within the same [DNS view](/dns/internal-dns/dns-views/). If that is not possible, the following will happen: - -1. The CNAME record is returned to Gateway resolver as-is. -2. Gateway resolver will process the returned record, depending on the **Fallback through public DNS** configuration: - - On: Gateway will try to resolve the query by sending it to Cloudflare's public DNS resolver ([1.1.1.1](/1.1.1.1/)). - - Off: Gateway will return the response as-is to the client. \ No newline at end of file + \ No newline at end of file diff --git a/src/content/docs/dns/internal-dns/internal-zones/internal-dns-records.mdx b/src/content/docs/dns/internal-dns/internal-zones/internal-dns-records.mdx new file mode 100644 index 000000000000000..9c52b795e537098 --- /dev/null +++ b/src/content/docs/dns/internal-dns/internal-zones/internal-dns-records.mdx @@ -0,0 +1,24 @@ +--- +pcx_content_type: concept +title: Manage internal DNS records +sidebar: + order: 4 + label: Internal DNS records +--- + +Internal zones can contain the same [DNS record types](/dns/manage-dns-records/reference/dns-record-types/) that Cloudflare supports for public zones. + +You can manage internal DNS records in the same way as you would manage public DNS records, with the difference that [proxy status](/dns/proxy-status/) does not apply to internal DNS records. + +Refer to [Manage DNS records](/dns/manage-dns-records/how-to/create-dns-records/) or to the [API documentation](/api/resources/dns/subresources/records/) for further guidance. + +### CNAME flattening + +With CNAME flattening, Cloudflare finds the IP address that a CNAME points to and then returns the final IP address instead of a CNAME record. With Internal DNS, this behavior is applied by default and cannot be turned off. + +Cloudflare will try to flatten the CNAME record within the same [DNS view](/dns/internal-dns/dns-views/). If that is not possible, the following will happen: + +1. The CNAME record is returned to Gateway resolver as-is. +2. Gateway resolver will process the returned record, depending on the **Fallback through public DNS** configuration: + - On: Gateway will try to resolve the query by sending it to Cloudflare's public DNS resolver ([1.1.1.1](/1.1.1.1/)). + - Off: Gateway will return the response as-is to the client. \ No newline at end of file diff --git a/src/content/docs/dns/internal-dns/internal-zones/reference-zones.mdx b/src/content/docs/dns/internal-dns/internal-zones/reference-zones.mdx index f95374c11d3c3bf..19950ecd0a0d228 100644 --- a/src/content/docs/dns/internal-dns/internal-zones/reference-zones.mdx +++ b/src/content/docs/dns/internal-dns/internal-zones/reference-zones.mdx @@ -1,6 +1,6 @@ --- pcx_content_type: how-to -title: Set up reference zones +title: Reference zones sidebar: order: 4 --- @@ -9,7 +9,7 @@ import { Example, Render } from "~/components"; -## Steps +## Set up To set up a reference zone, use the [Update DNS settings](/api/resources/dns/subresources/settings/methods/edit/) endpoint. In `--data`, specify the `internal_dns` object with the parameter `reference_zone_id`. From 6f8f1867906bf6ad525d2625d11e98e398205da6 Mon Sep 17 00:00:00 2001 From: Rebecca Tamachiro Date: Mon, 17 Mar 2025 14:56:58 +0000 Subject: [PATCH 11/18] Descride CNAME flattening behavior with reference zones and view --- src/content/docs/dns/cname-flattening/index.mdx | 4 ++++ .../internal-dns/internal-zones/internal-dns-records.mdx | 6 ++++-- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/src/content/docs/dns/cname-flattening/index.mdx b/src/content/docs/dns/cname-flattening/index.mdx index 024337b483121f7..19bdcb2f42fe6af 100644 --- a/src/content/docs/dns/cname-flattening/index.mdx +++ b/src/content/docs/dns/cname-flattening/index.mdx @@ -20,6 +20,10 @@ With CNAME flattening, Cloudflare finds the IP address that a CNAME points to. T For more details on the steps involved in CNAME flattening, review the [CNAME flattening diagram](/dns/cname-flattening/cname-flattening-diagram/) and refer to the [Cloudflare blog post](https://blog.cloudflare.com/introducing-cname-flattening-rfc-compliant-cnames-at-a-domains-root/). +:::note +For information about CNAME flattening in [Internal DNS](/dns/internal-dns/), refer to [internal DNS records](/dns/internal-dns/internal-zones/internal-dns-records/). +::: + ## Aspects to keep in mind * CNAME flattening happens by default in some cases. Refer to [Setup](/dns/cname-flattening/set-up-cname-flattening/) for details. diff --git a/src/content/docs/dns/internal-dns/internal-zones/internal-dns-records.mdx b/src/content/docs/dns/internal-dns/internal-zones/internal-dns-records.mdx index 9c52b795e537098..e124a89f1de3f96 100644 --- a/src/content/docs/dns/internal-dns/internal-zones/internal-dns-records.mdx +++ b/src/content/docs/dns/internal-dns/internal-zones/internal-dns-records.mdx @@ -12,11 +12,13 @@ You can manage internal DNS records in the same way as you would manage public D Refer to [Manage DNS records](/dns/manage-dns-records/how-to/create-dns-records/) or to the [API documentation](/api/resources/dns/subresources/records/) for further guidance. -### CNAME flattening +## CNAME flattening With CNAME flattening, Cloudflare finds the IP address that a CNAME points to and then returns the final IP address instead of a CNAME record. With Internal DNS, this behavior is applied by default and cannot be turned off. -Cloudflare will try to flatten the CNAME record within the same [DNS view](/dns/internal-dns/dns-views/). If that is not possible, the following will happen: +Cloudflare will try to flatten the CNAME record considering both the specified [DNS view](/dns/internal-dns/dns-views/) and any existing [reference zones](/dns/internal-dns/internal-zones/reference-zones/). If the reference zone then has another CNAME, the record will again be considered from the perspective of the original view. + +If it is not possible to flatten the CNAME record, the following will happen: 1. The CNAME record is returned to Gateway resolver as-is. 2. Gateway resolver will process the returned record, depending on the **Fallback through public DNS** configuration: From bff3dee955ab721a1589c22d875a55daad521c27 Mon Sep 17 00:00:00 2001 From: Rebecca Tamachiro Date: Mon, 17 Mar 2025 16:59:49 +0000 Subject: [PATCH 12/18] Add CNAME flattening example --- .../internal-zones/internal-dns-records.mdx | 32 +++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/src/content/docs/dns/internal-dns/internal-zones/internal-dns-records.mdx b/src/content/docs/dns/internal-dns/internal-zones/internal-dns-records.mdx index e124a89f1de3f96..dbeea7333415f4e 100644 --- a/src/content/docs/dns/internal-dns/internal-zones/internal-dns-records.mdx +++ b/src/content/docs/dns/internal-dns/internal-zones/internal-dns-records.mdx @@ -6,6 +6,8 @@ sidebar: label: Internal DNS records --- +import { Details, Example } from "~/components"; + Internal zones can contain the same [DNS record types](/dns/manage-dns-records/reference/dns-record-types/) that Cloudflare supports for public zones. You can manage internal DNS records in the same way as you would manage public DNS records, with the difference that [proxy status](/dns/proxy-status/) does not apply to internal DNS records. @@ -18,6 +20,36 @@ With CNAME flattening, Cloudflare finds the IP address that a CNAME points to an Cloudflare will try to flatten the CNAME record considering both the specified [DNS view](/dns/internal-dns/dns-views/) and any existing [reference zones](/dns/internal-dns/internal-zones/reference-zones/). If the reference zone then has another CNAME, the record will again be considered from the perspective of the original view. +
+ +- Query for `abc.example.local` with view ID 111. +- Zone 600 references zone 700, which does not belong to any view. + +```mermaid +flowchart LR + accTitle: Internal DNS zones and CNAME flattening example + accDescr: Diagram exemplifying Internal DNS zones and containing CNAME and A records + subgraph Internal DNS + subgraph Zone 700 - net + A[@ A 192.0.2.10] + B[xyz CNAME def.example.local] + end + subgraph View 111 - London + subgraph Zone 600 - example.local + X[@ A 192.0.2.1] + Y[abc CNAME xyz.net] + Z[def A 192.0.2.9] + end + end + end +``` + +After finding the CNAME record that points to `xyz.net`, Cloudflare cannot resolve it within zone 600. However, since this zone is referencing zone 700, this will be considered in the resolution. + +The record in zone 700 then points to `def.example.local`, which Cloudflare will then try to resolve in the original view. As an `A` record can be found for `def.example.local`, Cloudflare will return the IP address `192.0.2.9`. + +
+ If it is not possible to flatten the CNAME record, the following will happen: 1. The CNAME record is returned to Gateway resolver as-is. From 8315bcf10921742482529050b5c33e5ce04e0f5d Mon Sep 17 00:00:00 2001 From: Rebecca Tamachiro Date: Mon, 17 Mar 2025 17:14:39 +0000 Subject: [PATCH 13/18] Re-org and further detail reference zones conditions --- .../internal-zones/internal-dns-records.mdx | 2 +- .../internal-dns/internal-zones/reference-zones.mdx | 13 ++++++++++++- .../docs/dns/internal-dns/internal-zones/setup.mdx | 2 +- 3 files changed, 14 insertions(+), 3 deletions(-) diff --git a/src/content/docs/dns/internal-dns/internal-zones/internal-dns-records.mdx b/src/content/docs/dns/internal-dns/internal-zones/internal-dns-records.mdx index dbeea7333415f4e..4317f3b1b6b6cf6 100644 --- a/src/content/docs/dns/internal-dns/internal-zones/internal-dns-records.mdx +++ b/src/content/docs/dns/internal-dns/internal-zones/internal-dns-records.mdx @@ -23,7 +23,7 @@ Cloudflare will try to flatten the CNAME record considering both the specified [
- Query for `abc.example.local` with view ID 111. -- Zone 600 references zone 700, which does not belong to any view. +- Zone 600 references zone 700, which is not linked to any view. ```mermaid flowchart LR diff --git a/src/content/docs/dns/internal-dns/internal-zones/reference-zones.mdx b/src/content/docs/dns/internal-dns/internal-zones/reference-zones.mdx index 19950ecd0a0d228..190a42b633bdab8 100644 --- a/src/content/docs/dns/internal-dns/internal-zones/reference-zones.mdx +++ b/src/content/docs/dns/internal-dns/internal-zones/reference-zones.mdx @@ -7,7 +7,18 @@ sidebar: import { Example, Render } from "~/components"; - +During an [internal DNS query resolution](/dns/internal-dns/#architecture-overview), if no internal record is found within a matching internal zone, Cloudflare will check if the matching internal zone is referencing another internal zone. Successive references can be followed with a maximum of five references in a chain. + +:::note +A wildcard record (`*.example.local`) in the matching internal zone will take precedence over an exact match in a referenced zone. +::: + +## Configuration conditions + +- Each internal zone can only reference one other zone. +- The same zone can be referenced by multiple internal zones. +- Public zones cannot be used as reference zones. +- Reference zones do not have to be linked to the same [DNS view](/dns/internal-dns/dns-views/) as the zone referencing them. They may also not be linked to any view at all. ## Set up diff --git a/src/content/docs/dns/internal-dns/internal-zones/setup.mdx b/src/content/docs/dns/internal-dns/internal-zones/setup.mdx index 14d35e8716f5095..9f9c667c69e425f 100644 --- a/src/content/docs/dns/internal-dns/internal-zones/setup.mdx +++ b/src/content/docs/dns/internal-dns/internal-zones/setup.mdx @@ -7,7 +7,7 @@ sidebar: import { Example, Render } from "~/components"; -Refer to the following sections to learn how to manage your internal DNS zones. +Refer to the following sections to learn how to manage your [internal DNS zones](/dns/internal-dns/internal-zones/). ## Configuration conditions From 400de453c06995e47662ac29a1087fd7c0624892 Mon Sep 17 00:00:00 2001 From: Rebecca Tamachiro Date: Mon, 17 Mar 2025 17:16:17 +0000 Subject: [PATCH 14/18] Remove redundant reference-zone-intro partial --- src/content/partials/dns/reference-zone-intro.mdx | 12 ------------ 1 file changed, 12 deletions(-) delete mode 100644 src/content/partials/dns/reference-zone-intro.mdx diff --git a/src/content/partials/dns/reference-zone-intro.mdx b/src/content/partials/dns/reference-zone-intro.mdx deleted file mode 100644 index 3e255f6a447513e..000000000000000 --- a/src/content/partials/dns/reference-zone-intro.mdx +++ /dev/null @@ -1,12 +0,0 @@ ---- -{} - ---- - -During an [internal DNS query resolution](/dns/internal-dns/#architecture-overview), if no internal record is found within a matching internal zone, Cloudflare will check if the matching internal zone is referencing another internal zone. Successive references can be followed with a maximum of five references in a chain. - -:::note -A wildcard record in the matching internal zone will take precedence over an exact match in a referenced zone. -::: - -Each internal zone can only reference one other zone, but the same zone can be referenced by multiple internal zones. Public zones cannot be used as reference zones. \ No newline at end of file From 5665f255869b2a609afa1c327bf1c13e26b9b7cb Mon Sep 17 00:00:00 2001 From: Rebecca Tamachiro Date: Tue, 18 Mar 2025 09:53:52 +0000 Subject: [PATCH 15/18] Fix link to get-started and more specific CNAME h2 --- src/content/docs/dns/internal-dns/dns-views.mdx | 2 +- .../dns/internal-dns/internal-zones/internal-dns-records.mdx | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/content/docs/dns/internal-dns/dns-views.mdx b/src/content/docs/dns/internal-dns/dns-views.mdx index 669192d07208988..64a2018e7dab5fd 100644 --- a/src/content/docs/dns/internal-dns/dns-views.mdx +++ b/src/content/docs/dns/internal-dns/dns-views.mdx @@ -10,7 +10,7 @@ import { Details, Render } from "~/components"; Internal DNS views are logical groupings of [internal DNS zones](/dns/internal-dns/internal-zones/). As explained in the [architecture overview](/dns/internal-dns/#architecture-overview), DNS views are referenced by [Gateway resolver policies](/cloudflare-one/policies/gateway/resolver-policies/) to define how a specific query should be resolved. -Refer to the sections below for details on how to manage your DNS views, or consider the [get started](/dns/internal-dns/#architecture-overview) for a complete workflow. +Refer to the sections below for details on how to manage your DNS views, or consider the [get started](/dns/internal-dns/get-started/) for a complete workflow. ## Configuration conditions diff --git a/src/content/docs/dns/internal-dns/internal-zones/internal-dns-records.mdx b/src/content/docs/dns/internal-dns/internal-zones/internal-dns-records.mdx index 4317f3b1b6b6cf6..e367204798d252b 100644 --- a/src/content/docs/dns/internal-dns/internal-zones/internal-dns-records.mdx +++ b/src/content/docs/dns/internal-dns/internal-zones/internal-dns-records.mdx @@ -14,7 +14,7 @@ You can manage internal DNS records in the same way as you would manage public D Refer to [Manage DNS records](/dns/manage-dns-records/how-to/create-dns-records/) or to the [API documentation](/api/resources/dns/subresources/records/) for further guidance. -## CNAME flattening +## CNAME flattening in Internal DNS With CNAME flattening, Cloudflare finds the IP address that a CNAME points to and then returns the final IP address instead of a CNAME record. With Internal DNS, this behavior is applied by default and cannot be turned off. From 035d0ae3570dfa329544319838a0d2d9da61c87d Mon Sep 17 00:00:00 2001 From: Rebecca Tamachiro Date: Tue, 25 Mar 2025 16:43:19 +0000 Subject: [PATCH 16/18] Add quotes to labels to fix mermaid diagram --- .../internal-zones/internal-dns-records.mdx | 31 ++++++++++--------- 1 file changed, 16 insertions(+), 15 deletions(-) diff --git a/src/content/docs/dns/internal-dns/internal-zones/internal-dns-records.mdx b/src/content/docs/dns/internal-dns/internal-zones/internal-dns-records.mdx index e367204798d252b..0e3fc8fa9a5c8de 100644 --- a/src/content/docs/dns/internal-dns/internal-zones/internal-dns-records.mdx +++ b/src/content/docs/dns/internal-dns/internal-zones/internal-dns-records.mdx @@ -27,21 +27,22 @@ Cloudflare will try to flatten the CNAME record considering both the specified [ ```mermaid flowchart LR - accTitle: Internal DNS zones and CNAME flattening example - accDescr: Diagram exemplifying Internal DNS zones and containing CNAME and A records - subgraph Internal DNS - subgraph Zone 700 - net - A[@ A 192.0.2.10] - B[xyz CNAME def.example.local] - end - subgraph View 111 - London - subgraph Zone 600 - example.local - X[@ A 192.0.2.1] - Y[abc CNAME xyz.net] - Z[def A 192.0.2.9] - end - end - end +accTitle: Internal DNS zones and CNAME flattening example +accDescr: Diagram exemplifying Internal DNS zones and containing CNAME and A records + +subgraph Internal DNS +subgraph Zone 700 - net +A["@ A 192.0.2.10"] +B["xyz CNAME def.example.local"] +end +subgraph View 111 - London +subgraph Zone 600 - example.local +X["@ A 192.0.2.1"] +Y["abc CNAME xyz.net"] +Z["def A 192.0.2.9"] +end +end +end ``` After finding the CNAME record that points to `xyz.net`, Cloudflare cannot resolve it within zone 600. However, since this zone is referencing zone 700, this will be considered in the resolution. From 53807cde0bd8b4b9f63d5b3b224c751e9fb0f407 Mon Sep 17 00:00:00 2001 From: Rebecca Tamachiro Date: Tue, 25 Mar 2025 17:31:57 +0000 Subject: [PATCH 17/18] More generic CNAME flattening explanation and adjust example --- .../internal-dns/internal-zones/internal-dns-records.mdx | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/src/content/docs/dns/internal-dns/internal-zones/internal-dns-records.mdx b/src/content/docs/dns/internal-dns/internal-zones/internal-dns-records.mdx index 0e3fc8fa9a5c8de..bc7e4fd46f4d758 100644 --- a/src/content/docs/dns/internal-dns/internal-zones/internal-dns-records.mdx +++ b/src/content/docs/dns/internal-dns/internal-zones/internal-dns-records.mdx @@ -16,13 +16,13 @@ Refer to [Manage DNS records](/dns/manage-dns-records/how-to/create-dns-records/ ## CNAME flattening in Internal DNS -With CNAME flattening, Cloudflare finds the IP address that a CNAME points to and then returns the final IP address instead of a CNAME record. With Internal DNS, this behavior is applied by default and cannot be turned off. +With CNAME flattening, Cloudflare finds the final target content that a CNAME points to and then returns this content instead of a CNAME record. With Internal DNS, CNAME flattening is applied by default and cannot be turned off. Cloudflare will try to flatten the CNAME record considering both the specified [DNS view](/dns/internal-dns/dns-views/) and any existing [reference zones](/dns/internal-dns/internal-zones/reference-zones/). If the reference zone then has another CNAME, the record will again be considered from the perspective of the original view.
-- Query for `abc.example.local` with view ID 111. +- Query for the `A` record on `abc.example.local` with view ID 111. - Zone 600 references zone 700, which is not linked to any view. ```mermaid @@ -39,6 +39,7 @@ subgraph View 111 - London subgraph Zone 600 - example.local X["@ A 192.0.2.1"] Y["abc CNAME xyz.net"] +U["def TXT 15192-51"] Z["def A 192.0.2.9"] end end @@ -47,7 +48,7 @@ end After finding the CNAME record that points to `xyz.net`, Cloudflare cannot resolve it within zone 600. However, since this zone is referencing zone 700, this will be considered in the resolution. -The record in zone 700 then points to `def.example.local`, which Cloudflare will then try to resolve in the original view. As an `A` record can be found for `def.example.local`, Cloudflare will return the IP address `192.0.2.9`. +The record in zone 700 points to `def.example.local`, which Cloudflare will then try to resolve in the original view. As an `A` record can be found for `def.example.local`, Cloudflare will return the corresponding IP address - in this example, `192.0.2.9`.
From 814d7edfbe7a4db487b05838a5fa5c906044aaad Mon Sep 17 00:00:00 2001 From: Rebecca Tamachiro Date: Wed, 26 Mar 2025 12:58:25 +0000 Subject: [PATCH 18/18] Link to more context around Gateway resolver in iDNS --- .../dns/internal-dns/internal-zones/internal-dns-records.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/content/docs/dns/internal-dns/internal-zones/internal-dns-records.mdx b/src/content/docs/dns/internal-dns/internal-zones/internal-dns-records.mdx index bc7e4fd46f4d758..a048db2f1722103 100644 --- a/src/content/docs/dns/internal-dns/internal-zones/internal-dns-records.mdx +++ b/src/content/docs/dns/internal-dns/internal-zones/internal-dns-records.mdx @@ -54,7 +54,7 @@ The record in zone 700 points to `def.example.local`, which Cloudflare will then If it is not possible to flatten the CNAME record, the following will happen: -1. The CNAME record is returned to Gateway resolver as-is. +1. The CNAME record is returned to [Gateway resolver](/dns/internal-dns/#architecture-overview) as-is. 2. Gateway resolver will process the returned record, depending on the **Fallback through public DNS** configuration: - On: Gateway will try to resolve the query by sending it to Cloudflare's public DNS resolver ([1.1.1.1](/1.1.1.1/)). - Off: Gateway will return the response as-is to the client. \ No newline at end of file