-
Notifications
You must be signed in to change notification settings - Fork 10.4k
PDNS Secure Location Management New User Role #21049
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
maxvp
merged 8 commits into
cloudflare:production
from
NuelEdeh:pdns-locations-new-branch
Mar 26, 2025
+21
−0
Merged
Changes from 6 commits
Commits
Show all changes
8 commits
Select commit
Hold shift + click to select a range
c1840e7
test commit
e52c0a2
pdns DNS locations management role
1f5d3dd
PDNS Locations Management User Role
a8da21c
Discard changes to package-lock.json
maxvp 8ed8881
Discard changes to package.json
maxvp 3f59fc1
Update src/content/changelog/gateway/2025-03-21-pdns-user-locations-r…
maxvp 0e8d178
Update 2025-03-21-pdns-user-locations-role.mdx
NuelEdeh a7bc392
Update 2025-03-21-pdns-user-locations-role.mdx
NuelEdeh File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
28 changes: 28 additions & 0 deletions
28
src/content/changelog/gateway/2025-03-21-pdns-user-locations-role.mdx
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,28 @@ | ||
| --- | ||
| title: PDNS locations Management User Role | ||
| description: Create secure DNS locations using the new Cloudflare Zero Trust Locations Write role. | ||
| date: 2025-03-21T13:50:40Z | ||
| products: [] | ||
| hidden: false | ||
| --- | ||
|
|
||
| We’re excited to introduce [Cloudflare Zero Trust Secure DNS Locations role](/cloudflare-one/connections/connect-devices/agentless/dns/locations/#secure-dns-locations), designed to give | ||
| government customers granular control over third-party access while configuring their protective DNS (PDNS) solutions. | ||
NuelEdeh marked this conversation as resolved.
Outdated
Show resolved
Hide resolved
|
||
|
|
||
| This new role enables IT administrators to grant external service partners targeted permissions for managing DNS locations, ensuring that highest security standards are upheld. | ||
NuelEdeh marked this conversation as resolved.
Outdated
Show resolved
Hide resolved
|
||
|
|
||
| #### What makes a DNS location secure? | ||
NuelEdeh marked this conversation as resolved.
Outdated
Show resolved
Hide resolved
|
||
|
|
||
| - Mandatory [BYO IPv4/v6](/cloudflare-one/connections/connect-devices/agentless/dns/locations/dns-resolver-ips/#bring-your-own-dns-resolver-ip) usage if available on the account. | ||
NuelEdeh marked this conversation as resolved.
Outdated
Show resolved
Hide resolved
|
||
| - Source network filtering for IPv4/IPv6/DoT endpoints; token authentication OR source network filtering for the DoH endpoint. | ||
| - All enabled location endpoints must comply with the above security policies. | ||
NuelEdeh marked this conversation as resolved.
Outdated
Show resolved
Hide resolved
|
||
| - Non-compliant edits (e.g., disabling authentication, using shared IPs when BYO IPv4/v6 is available) will be blocked and error messages displayed. | ||
NuelEdeh marked this conversation as resolved.
Outdated
Show resolved
Hide resolved
|
||
| - Users with this role must use their [Global API Key](/fundamentals/api/get-started/keys/); dedicated API tokens currently are unsupported. | ||
NuelEdeh marked this conversation as resolved.
Outdated
Show resolved
Hide resolved
|
||
|
|
||
| #### Notes for Admins | ||
|
|
||
| - **Role Assignment**: | ||
| - Assign via Cloudflare Dashboard (`Member Management > All domains`) or API. | ||
| - Requires `Cloudflare Secure DNS Locations Write Role` to view all DNS locations but only create/edit secure ones. | ||
| - Users need `Cloudflare Zero Trust Read Only` role to access the dashboard. | ||
| - **Avoid Conflicts**: Do not combine this role with [other roles](/cloudflare-one/roles-permissions/#footnote-label) containing broader permissions (e.g., `Administrator`,`Super Administrator`,`Cloudflare Zero Trust Write` and `Cloudflare Gateway`) to maintain security constraints. | ||
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.