[iDNS] Internal DNS MVP UI release (cloudflare#22632)

RebeccaTamachiro · Maddy-Cloudflare · sdnts · commit ba773265f868 · 2025-07-24T16:06:02.000-04:00
* Add Dash steps for internal zone creation

* Add tabs components and Dash steps to dns-views

* Revise create a view Dash steps

* Add dash instructions for reference zone assignment

* Get-started: remove api-only and add Dash tab placeholder

* Fix broken link

* Add partial for zone creation and replace in relevant pages

* Add reference zone dash steps and intro to get-started

* Create and apply partial for view-create-dash

* Overall review and add conditions to view creation partial

* Overall review and link to iDNS from docs landing page

* Specify reference at the bottom of internal zones and view is API-only

* Add Internal DNS to /products page

* Remove 'descriptive' specification for zone name

* Update get-started to match Gateway resolver UI text

* Fix typo

* Apply suggestions from code review

Co-authored-by: Maddy &lt;130055405+Maddy-Cloudflare@users.noreply.github.com&gt;

* Add missing period and implement some page descriptions

---------

Co-authored-by: Maddy &lt;130055405+Maddy-Cloudflare@users.noreply.github.com&gt;
diff --git a/src/content/docs/dns/index.mdx b/src/content/docs/dns/index.mdx
@@ -17,6 +17,8 @@ Leverage Cloudflare's global network to deliver excellent performance and reliab
 
 Cloudflare DNS is a fast, resilient and easy-to-manage authoritative DNS service. It delivers excellent performance and reliability to your domain while also protecting your business from [DDoS attacks](https://www.cloudflare.com/learning/ddos/what-is-a-ddos-attack/) and [route leaks and hijacking](https://www.cloudflare.com/learning/security/glossary/bgp-hijacking/). To know where to begin, refer to [Get started](/dns/get-started/).
 
+Enterprise customers can also use Cloudflare DNS for their private network with [Internal DNS (Beta)](/dns/internal-dns/).
+
 ***
 
 ## Features
diff --git a/src/content/docs/dns/internal-dns/dns-views.mdx b/src/content/docs/dns/internal-dns/dns-views.mdx
@@ -6,7 +6,7 @@ sidebar:
   label: Views
 ---
 
-import { Details, Render } from "~/components";
+import { Details, Render, Tabs, TabItem } from "~/components";
 
 Internal DNS views are logical groupings of [internal DNS zones](/dns/internal-dns/internal-zones/). As explained in the [architecture overview](/dns/internal-dns/#architecture-overview), DNS views are referenced by [Gateway resolver policies](/cloudflare-one/policies/gateway/resolver-policies/) to define how a specific query should be resolved.
 
@@ -20,17 +20,39 @@ When setting up DNS views, observe the following conditions:
 
 ## Create a view
 
+<Tabs syncKey="dashPlusAPI"> <TabItem label="Dashboard">
+
+<Render file="internal-dns-view-create-dash"/>
+
+</TabItem>
+<TabItem label="API">
+
 Use the [Create Internal DNS View](/api/resources/dns/subresources/settings/subresources/account/subresources/views/methods/create/) endpoint. For each view you create, list all the internal zones that should be grouped under that view.
 
-## Delete a view
+</TabItem> </Tabs>
 
-Use the [Delete Internal DNS View](/api/resources/dns/subresources/settings/subresources/account/subresources/views/methods/delete/) endpoint.
+## Delete a view
 
 DNS views can be deleted even if they still have internal zones linked to them. The internal DNS zones will continue to exist but will be unlinked once the view is deleted.
 
 It is also possible to delete a DNS view that is being referenced by a Gateway resolver policy. In this case, queries matching the policy will return SERVFAIL.
 
-## Other actions
+<Tabs syncKey="dashPlusAPI"> <TabItem label="Dashboard">
+
+1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/login) and select your account.
+2. Go to **Internal DNS** > **Views**.
+3. Find the view you want to delete.
+4. Select the three dots in the corresponding row and choose *Delete*.
+5. In the confirmation dialog, select **Delete** again to proceed.
+
+</TabItem>
+<TabItem label="API">
+
+Use the [Delete Internal DNS View](/api/resources/dns/subresources/settings/subresources/account/subresources/views/methods/delete/) endpoint.
+
+</TabItem> </Tabs>
+
+## Other API actions
 
 - [Update a DNS view](/api/resources/dns/subresources/settings/subresources/account/subresources/views/methods/edit/) (`PATCH`)
 - [Get view details](/api/resources/dns/subresources/settings/subresources/account/subresources/views/methods/get/) (`GET`)
diff --git a/src/content/docs/dns/internal-dns/get-started.mdx b/src/content/docs/dns/internal-dns/get-started.mdx
@@ -9,15 +9,12 @@ import { TabItem, Tabs, Details, Example, Render } from "~/components";
 
 Follow this guide to get started with Internal DNS.
 
-Although there are some steps that can be achieved on the dashboard, currently the whole process can only be completed via API.
-
 ## Before you begin
 
 <Render file="internal-dns-beta-note" />
 
 - Make sure you have an Enterprise account with access to [Gateway resolver policies](/cloudflare-one/policies/gateway/resolver-policies/) and [Internal DNS](/dns/internal-dns/).
 - Consider the different ways in which you can [connect to Gateway resolver](/dns/internal-dns/connectivity/).
-- If you are not familiar with how to use Cloudflare API, refer to [Fundamentals](/fundamentals/api/get-started/).
 - If you will be using an API token for authentication, make sure you have the following permissions:
 
 <Details header="API token configuration">
@@ -41,28 +38,64 @@ Although there are some steps that can be achieved on the dashboard, currently t
 
 ## 1. Set up your internal DNS zone
 
-<Render file="internal-zone-create" params={{
+<Tabs syncKey="dashPlusAPI"> <TabItem label="Dashboard">
+
+<Render file="internal-zone-create-dash" params={{
+	conditional: "get-started-detail"}}
+/>
+
+</TabItem> <TabItem label="API">
+
+<Render file="internal-zone-create-api" params={{
 	conditional: "get-started-detail"}}
 />
 
+</TabItem> </Tabs>
+
 ### (Optional) Reference a zone from another zone
 
-1. Use the [Update DNS settings](/api/resources/dns/subresources/settings/subresources/zone/methods/edit/) endpoint to add a reference from an internal zone to another internal zone. In `--data`, specify the `internal_dns` object with the parameter `reference_zone_id`. For details, refer to [reference zones](/dns/internal-dns/internal-zones/reference-zones/).
+<Render file="internal-reference-zone-intro" params={{
+	conditional: "get-started-link"}}
+/>
+
+<Tabs syncKey="dashPlusAPI"> <TabItem label="Dashboard">
+
+1. Go to **Internal DNS** and select a zone.
+2. Within the selected zone, go to **Reference zone**.
+3. Select **Add reference zone**.
+4. Find the zone you want to use as reference and choose **Select** in the respective row.
+
+</TabItem> <TabItem label="API">
+
+1. Use the [Update DNS settings](/api/resources/dns/subresources/settings/subresources/zone/methods/edit/) endpoint to add a reference from an internal zone to another internal zone. In `--json`, specify the `internal_dns` object with the parameter `reference_zone_id`.
 
 <Example>
 <Render file="internal-reference-zone-api"/>
 </ Example>
 
+</TabItem> </Tabs>
+
 ## 2. Link your internal zone to a view
 
 Since the resolver policy will require a [DNS view](/dns/internal-dns/dns-views/), you must have at least one view to be able to route requests to internal zones.
 
+<Tabs syncKey="dashPlusAPI"> <TabItem label="Dashboard">
+
+<Render file="internal-dns-view-create-dash" params={{
+	conditional: "get-started-detail"}}
+/>
+
+</TabItem> <TabItem label="API">
+
 1. Use the [Create Internal DNS View](/api/resources/dns/subresources/settings/subresources/account/subresources/views/methods/create/) endpoint. For each view you create, list all the internal zones that should be grouped under that view.
 
 <Details header="DNS view configuration conditions">
 <Render file="internal-dns-view-conditions" />
 </Details>
 
+</TabItem> </Tabs>
+
+
 ## 3. Configure Gateway policies
 
 :::note
@@ -76,7 +109,7 @@ Besides selecting an internal DNS view when setting up your resolver policies, y
 1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **Gateway** > **Resolver policies**.
 2. Select **Add a policy** and enter a name and description.
 3. Create an expression for the traffic you wish to route. For guidance about selectors, operators, and values, refer to [Gateway](/cloudflare-one/policies/gateway/resolver-policies/#selectors).
-4. Select **Use DNS view**. In the dropdown, choose the view that queries matching the expression should be sent to.
+4. Select **Use Internal DNS**. Choose the view that queries matching the expression should be sent to.
 5. (Optional) Adjust the option to **fallback through public DNS** according to your use case.
 - Off: Gateway DNS resolver returns the response as-is to the client.
 - On: In case the response from the internal zone is REFUSED, NXDOMAIN, or a response with a CNAME type, Gateway DNS resolver sends the query to Cloudflare 1.1.1.1 public resolver and tries to resolve the query via public DNS.
@@ -91,4 +124,6 @@ Use the rule settings object to define `resolve_dns_internally`, specifying `vie
 - `none`: Gateway DNS resolver returns the response as-is to the client.
 - `public_dns`: In case the response from the internal zone is REFUSED, NXDOMAIN, or a response with a CNAME type, Gateway DNS resolver sends the query to Cloudflare 1.1.1.1 public resolver and tries to resolve the query via public DNS.
 
-</TabItem> </Tabs>
+</TabItem> </Tabs>
+
+Once you add the Gateway resolver policy, it will be listed in the respective internal view under **Resolver policies referencing this view**.
diff --git a/src/content/docs/dns/internal-dns/index.mdx b/src/content/docs/dns/internal-dns/index.mdx
@@ -21,7 +21,7 @@ Simplify private network management with Cloudflare DNS for your internal resour
 
 <Plan type="enterprise" />
 
-Manage DNS records that should only be accessible within your private network. Internal DNS [zones](/dns/internal-dns/internal-zones/) and [views](/dns/internal-dns/dns-views/) pair up with [Gateway resolver policies](/cloudflare-one/policies/gateway/resolver-policies/) so that you can control how a DNS query should be responded to according to the query context, such as its source IP.
+Manage DNS records that should only be accessible within your private network. Internal DNS [zones](/dns/internal-dns/internal-zones/) and [views](/dns/internal-dns/dns-views/) pair up with [Gateway resolver policies](/cloudflare-one/policies/gateway/resolver-policies/) so that you can control how a DNS query should be responded to according to query context, such as query source IP.
 
 <Render file="internal-dns-beta-note" />
 
diff --git a/src/content/docs/dns/internal-dns/internal-zones/index.mdx b/src/content/docs/dns/internal-dns/internal-zones/index.mdx
@@ -1,6 +1,7 @@
 ---
 pcx_content_type: concept
 title: Internal zones
+description: Explore internal DNS zones in Cloudflare. These zones organize DNS records for resources accessible only within your private network, queried via Cloudflare Gateway.
 sidebar:
   order: 2
   group:
diff --git a/src/content/docs/dns/internal-dns/internal-zones/internal-dns-records.mdx b/src/content/docs/dns/internal-dns/internal-zones/internal-dns-records.mdx
@@ -1,6 +1,7 @@
 ---
 pcx_content_type: concept
 title: Manage internal DNS records
+description: Manage internal DNS records in Cloudflare. Learn about supported DNS record types and CNAME flattening.
 sidebar:
   order: 4
   label: Internal DNS records
@@ -16,7 +17,7 @@ Refer to [Manage DNS records](/dns/manage-dns-records/how-to/create-dns-records/
 
 ## CNAME flattening in Internal DNS
 
-With CNAME flattening, Cloudflare finds the final target content that a CNAME points to and then returns this content instead of a CNAME record. With Internal DNS, CNAME flattening is applied by default and cannot be turned off.
+With [CNAME flattening](/dns/cname-flattening/), Cloudflare finds the final target content that a CNAME points to and then returns this content instead of a CNAME record. With Internal DNS, CNAME flattening is applied by default and cannot be turned off.
 
 Cloudflare will try to flatten the CNAME record considering both the specified [DNS view](/dns/internal-dns/dns-views/) and any existing [reference zones](/dns/internal-dns/internal-zones/reference-zones/). If the reference zone then has another CNAME, the record will again be considered from the perspective of the original view.
 
diff --git a/src/content/docs/dns/internal-dns/internal-zones/reference-zones.mdx b/src/content/docs/dns/internal-dns/internal-zones/reference-zones.mdx
@@ -1,16 +1,17 @@
 ---
 pcx_content_type: how-to
 title: Reference zones
+description: Learn about reference zones. Cloudflare Internal DNS allows zones to reference others for query resolution when no direct record is found.
 sidebar:
   order: 4
 ---
 
-import { Example, Render } from "~/components";
+import { Example, Render, Tabs, TabItem } from "~/components";
 
-During an [internal DNS query resolution](/dns/internal-dns/#architecture-overview), if no internal record is found within a matching internal zone, Cloudflare will check if the matching internal zone is referencing another internal zone. Successive references can be followed with a maximum of five references in a chain.
+<Render file="internal-reference-zone-intro"/>
 
 :::note
-A wildcard record (`*.example.local`) in the matching internal zone will take precedence over an exact match in a referenced zone.
+A wildcard record (`*.example.local`) in the matching internal zone will take precedence over an exact match in a reference zone.
 :::
 
 ## Configuration conditions
@@ -22,11 +23,24 @@ A wildcard record (`*.example.local`) in the matching internal zone will take pr
 
 ## Set up
 
-To set up a reference zone, use the [Update DNS settings](/api/resources/dns/subresources/settings/subresources/zone/methods/edit/) endpoint. In `--data`, specify the `internal_dns` object with the parameter `reference_zone_id`.
+<Tabs syncKey="dashPlusAPI"> <TabItem label="Dashboard">
+
+1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/login) and select your account.
+2. Go to **Internal DNS** and select a zone.
+3. Within the selected zone, go to **Reference zone**.
+4. Select **Add reference zone**. If your zone already has a reference zone set up, you must first remove it. As explained in the [configuration conditions](#configuration-conditions), each internal zone can only reference one other zone at a time.
+5. Find the zone you want to use as reference and choose **Select** in the respective row.
+
+</TabItem>
+<TabItem label="API">
+
+Use the [Update DNS settings](/api/resources/dns/subresources/settings/subresources/zone/methods/edit/) endpoint. In `--json`, specify the `internal_dns` object with the parameter `reference_zone_id`.
 
 <Example>
 <Render file="internal-reference-zone-api"/>
 
 A third zone (C) could also point to zone B as a reference, but zone A cannot add another zone as a reference while also having zone B configured as its reference zone.
 
-</ Example>
+</ Example>
+
+</TabItem> </Tabs>
diff --git a/src/content/docs/dns/internal-dns/internal-zones/setup.mdx b/src/content/docs/dns/internal-dns/internal-zones/setup.mdx
@@ -1,11 +1,12 @@
 ---
 pcx_content_type: how-to
 title: Manage internal zones
+description: Understand how to set up and manage internal DNS zones with Cloudflare. Explore configuration conditions, zone creation, and available API endpoints.
 sidebar:
   order: 2
 ---
 
-import { Example, Render } from "~/components";
+import { Example, Render, Tabs, TabItem } from "~/components";
 
 Refer to the following sections to learn how to manage your [internal DNS zones](/dns/internal-dns/internal-zones/).
 
@@ -17,9 +18,18 @@ When setting up internal zones, observe the following conditions:
 
 ## Create an internal zone
 
-<Render file="internal-zone-create" />
+<Tabs syncKey="dashPlusAPI"> <TabItem label="Dashboard">
 
-## Other actions
+<Render file="internal-zone-create-dash" />
+
+</TabItem>
+<TabItem label="API">
+
+<Render file="internal-zone-create-api" />
+
+</TabItem> </Tabs>
+
+## Other API actions
 
 The API endpoints to manage internal zones are the same as for managing public zones. The main difference is that the zone type must be set to `internal`. Refer to the API documentation below for details:
 
diff --git a/src/content/partials/dns/internal-dns-view-create-dash.mdx b/src/content/partials/dns/internal-dns-view-create-dash.mdx
@@ -0,0 +1,21 @@
+---
+params:
+  - conditional?
+---
+
+import { Details, Render } from "~/components";
+
+1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/login) and select your account.
+2. Go to **Internal DNS** > **Views**.
+3. Select **Create a view**.
+4. Give your view a descriptive name.
+
+{ props.conditional === "get-started-detail" && (
+<Details header="DNS view configuration conditions">
+<Render file="internal-dns-view-conditions" />
+</Details>
+	)
+}
+
+5. Select **Manage zones** to add zones to your view. Select the internal zones that should be used to resolve queries sent by Gateway resolver to this view.
+6. Choose **Save** to confirm.
diff --git a/src/content/partials/dns/internal-reference-zone-intro.mdx b/src/content/partials/dns/internal-reference-zone-intro.mdx
@@ -0,0 +1,14 @@
+---
+params:
+  - conditional?
+---
+
+During an [internal DNS query resolution](/dns/internal-dns/#architecture-overview), if no internal record is found within a matching internal zone, Cloudflare will check if the matching internal zone is referencing another internal zone. Successive references can be followed with a maximum of five references in a chain.
+
+
+{ props.conditional === "get-started-link" && (
+	<p>
+	For details, refer to <a href="/dns/internal-dns/internal-zones/reference-zones/">reference zones</a>.
+	</p>
+	)
+}
diff --git a/src/content/partials/dns/internal-zone-create-api.mdx b/src/content/partials/dns/internal-zone-create-api.mdx
diff --git a/src/content/partials/dns/internal-zone-create-dash.mdx b/src/content/partials/dns/internal-zone-create-dash.mdx
@@ -0,0 +1,26 @@
+---
+params:
+  - conditional?
+---
+
+import { Details, Render } from "~/components";
+
+1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/login) and select your account.
+2. Go to **Internal DNS** and select **Create an internal zone**.
+3. Give your internal zone a name.
+
+{ props.conditional === "get-started-detail" && (
+<Details header="Internal zone configuration conditions">
+<Render file="internal-zones-conditions" />
+</Details>
+	)
+}
+
+4. Add DNS records to your internal zone using your preferred option:
+- [Import](/dns/manage-dns-records/how-to/import-and-export/) a formatted BIND file.
+- Select **Add a record** and choose **Create** under the record type you want to add. Refer to [DNS record types](/dns/manage-dns-records/reference/dns-record-types/) for details.
+5. Repeat this process for each internal zone you wish to add.
+
+:::note
+Creating multiple internal DNS records in batch is currently only supported via API.
+:::
diff --git a/src/content/partials/dns/internal-zones-conditions.mdx b/src/content/partials/dns/internal-zones-conditions.mdx
@@ -5,6 +5,8 @@
 
 - Internal zones can contain the same [DNS record types](/dns/manage-dns-records/reference/dns-record-types/) that Cloudflare supports for public zones.
 - An internal zone can have the same name as a public zone in the same account.
-- Each internal zone can be linked to multiple [views](/dns/internal-dns/dns-views/).
+- Each internal zone can be linked to multiple [views](/dns/internal-dns/dns-views/)[^20].
 - There can be several internal zones with the same name in one account. However, two internal zones with the same name cannot be linked to the same view.
-- Internal zones are not subject to any top-level domain (TLD) restrictions. This means that an internal zone can be created if its TLD is not registered publicly (for example, `xyz.local`), if it is created on the TLD itself (`local`), or even if on the root (`.`).
+- Internal zones are not subject to any top-level domain (TLD) restrictions. This means that an internal zone can be created if its TLD is not registered publicly (for example, `xyz.local`), if it is created on the TLD itself (`local`), or even if on the root (`.`).
+
+[^20]: Logical groupings of internal DNS zones that are referenced by Gateway resolver policies to define how a specific query should be resolved.
diff --git a/src/content/products/internal-dns.yaml b/src/content/products/internal-dns.yaml
@@ -0,0 +1,9 @@
+name: Internal DNS
+
+product:
+  title: Internal DNS
+  group: Application performance
+  url: /dns/internal-dns/
+
+meta:
+  description: Use Cloudflare DNS for your internal resources.
