diff --git a/src/assets/images/cloudflare-one/connections/get-unique-subdomain.png b/src/assets/images/cloudflare-one/connections/get-unique-subdomain.png
deleted file mode 100644
index 7eed99349bfb815..000000000000000
Binary files a/src/assets/images/cloudflare-one/connections/get-unique-subdomain.png and /dev/null differ
diff --git a/src/content/docs/cloudflare-one/connections/connect-devices/agentless/dns/dns-over-https.mdx b/src/content/docs/cloudflare-one/connections/connect-devices/agentless/dns/dns-over-https.mdx
index 3620e268d7a0c2a..7b3f599e084c18b 100644
--- a/src/content/docs/cloudflare-one/connections/connect-devices/agentless/dns/dns-over-https.mdx
+++ b/src/content/docs/cloudflare-one/connections/connect-devices/agentless/dns/dns-over-https.mdx
@@ -13,7 +13,7 @@ Location-based policies require that you send DNS requests to a [location-specif
## Filter DoH requests by location
-Location-based policies require that you send DNS requests to a unique DoH endpoint assigned to the location:
+Location-based policies require that you send DNS queries to a unique DoH endpoint assigned to the location:
```txt
https://.cloudflare-gateway.com/dns-query
@@ -105,6 +105,17 @@ For more information, refer to [Microsoft's DoH guide](https://learn.microsoft.c
+### Use generic DoH endpoint
+
+You can send DoH requests to the generic Cloudflare DoH endpoint, `dns.cloudflare-gateway.com`. To specify a location in your request, include a header named `cf-dns-location` with a value of your location's DoH subdomain. For example:
+
+```http
+GET /dns-query?name=example.com&type=A HTTP/2
+Host: dns.cloudflare-gateway.com
+cf-dns-location: 9y65g5srsm
+Accept: application/dns-message
+```
+
## Filter DoH requests by user
In order to filter DoH queries based on user identity, each query must include a user-specific authentication token. If you have several devices per user and want to apply device-specific policies, you will need to map each device to a different email.
diff --git a/src/content/docs/cloudflare-one/connections/connect-devices/agentless/dns/dns-over-tls.mdx b/src/content/docs/cloudflare-one/connections/connect-devices/agentless/dns/dns-over-tls.mdx
index c501e7bcf594323..c365c19af18a78a 100644
--- a/src/content/docs/cloudflare-one/connections/connect-devices/agentless/dns/dns-over-tls.mdx
+++ b/src/content/docs/cloudflare-one/connections/connect-devices/agentless/dns/dns-over-tls.mdx
@@ -7,35 +7,40 @@ sidebar:
By default, DNS is sent over a plaintext connection. DNS over TLS (DoT) is a standard for encrypting DNS queries to keep them secure and private. DoT uses the same security protocol, TLS, that HTTPS websites use to encrypt and authenticate communications.
-Cloudflare supports DoT on standard port `853` and is compliant with [RFC7858](https://tools.ietf.org/html/rfc7858).
+Cloudflare supports DoT on standard port `853` over TLS 1.2 and TLS 1.3 in compliance with [RFC7858](https://tools.ietf.org/html/rfc7858).
-## 1. Obtain your DoT hostname
+## Configure DoT queries
+
+### 1. Obtain your DoT hostname
Each Gateway DNS location has a unique DoT hostname. DNS locations and corresponding DoT hostnames have policies associated with them.
1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **Gateway** > **DNS locations**.
-2. If you have more than one location set up, you will see a list of all your locations.
-3. Expand the location card for the location whose DoT hostname you'd like to retrieve.
-4. Get the **DoT hostname** for the location.
-
-In the example below, the DoT hostname is: `9y65g5srsm.cloudflare-gateway.com`.
+2. [Add a new location](/cloudflare-one/connections/connect-devices/agentless/dns/locations/) or select an existing location from the list.
+3. Under **DoT endpoint**, copy the value in **DoT addresses**.
-
+The DoT hostname contains your unique location name. For example, if the DoT hostname is `9y65g5srsm.cloudflare-gateway.com`, the location name is `9y65g5srsm`.
-Next, configure your DoT client with the DoT hostname.
+### 2. Configure your DoT client
-## 2. Configure your DoT client
+To configure a DoT client such as `dig`, specify the IP address and the DoT hostname for your location in your query. For example:
-Depending on your operating system, you can choose from a variety of standalone DoT clients.
+```txt
+Hostname: 9y65g5srsm.cloudflare-gateway.com
+IP address: 162.159.36.5
+```
-To configure your DoT client, enter the following IP address and the DoT hostname for your location (for example, `9y65g5srsm.cloudflare-gateway.com`):
+Alternatively, you can use the generic DoT endpoint (`dns.cloudflare-gateway.com`) and include an `OPT` record with code `65011`. You can select a specific location for the value of the `OPT` record. For example:
```txt
-Hostname:
+Hostname: dns.cloudflare-gateway.com
IP address: 162.159.36.5
+OPT Record:
+ - Code: 65011
+ - Value: 9y65g5srsm
```
-Alternatively, stub resolvers (e.g., Unbound) support DoT natively. An example configuration is shown below.
+Some stub resolvers support DoT natively. For example, you can configure Unbound to send a DoT query:
```txt
# Unbound TLS Config
@@ -44,15 +49,6 @@ tls-cert-bundle: "/etc/ssl/cert.pem"
forward-zone:
name: "."
forward-tls-upstream: yes
- forward-addr: 172.64.36.1@853#9y65g5srsm.cloudflare-gateway.com
- forward-addr: #
+ forward-addr: 162.159.36.5@853#9y65g5srsm.cloudflare-gateway.com
+ forward-addr: 2001:db8:abcd::1234#9y65g5srsm.cloudflare-gateway.com
```
-
-:::note
-
-Each DNS location has a unique DoT hostname and IPv6 address. Remember to substitute your location's values into the `` and `` fields.
-:::
-
-## Supported TLS versions
-
-Cloudflare's DNS over TLS supports TLS 1.3 and TLS 1.2.