Document Gateway's blocking behaviour for DNS queries other than A/AAAA (cloudflare#22789)

Co-authored-by: Max Phillips <[email protected]>

Author: 2 people

src/content/docs/cloudflare-one/policies/gateway/block-page.mdx

@@ -123,6 +123,10 @@ If your users receive a security risk warning in their browser when visiting a b
 
 For more information on fixing certificate issues, refer to [Troubleshooting](/cloudflare-one/faq/troubleshooting/#as-of-february-2-2025-my-end-user-devices-browser-is-returning-a-your-connection-is-not-private-warning).
 
+### Incompatible DNS record types
+
+<Render file="gateway/block-page-dns-records" product="cloudflare-one" />
+
 ### Third-party filtering conflict
 
 <Render file="gateway/third-party-warning" />

src/content/docs/cloudflare-one/policies/gateway/dns-policies/index.mdx

@@ -144,6 +144,8 @@ When choosing the Block action, turn on **Modify Gateway block behavior** to res
 
 If the block page is turned off for a policy, Gateway will respond to queries blocked at the DNS level with an `A` record of `0.0.0.0` for IPv4 destinations, or with an `AAAA` record of `::` for IPv6 destinations. The browser will display its default connection error page.
 
+<Render file="gateway/block-page-dns-records" product="cloudflare-one" />
+
 #### WARP client block notifications
 
 <Render

src/content/partials/cloudflare-one/gateway/block-page-dns-records.mdx

@@ -0,0 +1,5 @@
+---
+{}
+---
+
+To block the resolution of queries for DNS records with types other than `A` or `AAAA`, Gateway will respond with the `REFUSED (RCODE:5)` DNS return code. Gateway will block the request but will not display a block page.