Skip to content

Private networks in gateway resolver #25178

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 12 commits into from
Sep 15, 2025
Merged

Private networks in gateway resolver #25178

Changes from 10 commits
Commits
Show all changes
12 commits
Select commit Hold shift + click to select a range
e8324c4
Adding new BYOIP changelog entry for Gateway
Aug 21, 2025
3b6cc71
Discard changes to package-lock.json
maxvp Aug 21, 2025
fa0f55b
Discard changes to tsconfig.json
maxvp Aug 21, 2025
b12afa0
Update procedure
maxvp Aug 21, 2025
89ef8bc
Update link
maxvp Aug 21, 2025
686fb1f
Update alt text
maxvp Aug 21, 2025
810f72e
adding new changelog for private network in gateway resolver
Sep 15, 2025
31067fc
updated blurb and title
Sep 15, 2025
d2ed012
Merge branch 'cloudflare:production' into private-networks-in-gateway…
NuelEdeh Sep 15, 2025
dd6de07
Apply suggestions from code review
maxvp Sep 15, 2025
7d2348c
Update src/content/changelog/gateway/2025-09-11-dns-filtering-for-pri…
maxvp Sep 15, 2025
cb049c4
Apply suggestions from code review
maxvp Sep 15, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 15 additions & 0 deletions ...tent/changelog/gateway/2025-09-11-dns-filtering-for-private-network-onramps.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
---
title: DNS filtering for private network onramps.
description: Magic WAN and WARP Connector traffic can now privately route DNS queries to the Gateway resolver without public Internet exposure.
products:
- gateway
- magic-wan
- cloudflare-tunnel
date: "2025-09-11"
---

[Magic WAN](/magic-wan/zero-trust/cloudflare-gateway/#dns-filtering) and [WARP Connector](/cloudflare-one/connections/connect-networks/private-net/warp-connector/site-to-internet/#configure-dns-resolver-on-devices) users can now securely route their DNS traffic to the Gateway resolver without exposing traffic to the public Internet.

Routing DNS traffic to the Gateway resolver allows DNS resolution and filtering for traffic coming from private networks while preserving source internal IP visibility. This ensures Magic WAN users have full integration with our Cloudflare One features, including [Internal DNS](/cloudflare-one/policies/gateway/resolver-policies/#internal-dns) and [hostname-based policies](/cloudflare-one/policies/gateway/egress-policies/#selector-prerequisites).

To configure DNS filtering, change your Magic WAN or WARP Connector DNS settings to use Cloudflare's shared resolver IPs, `172.64.36.1` and `172.64.36.2`. Once you configure DNS resolution and filtering, you can use _Source Internal IP_ as a traffic selector in your [resolver policies](/cloudflare-one/policies/gateway/resolver-policies/) for routing private DNS traffic to your [Internal DNS](/dns/internal-dns/).