diff --git a/src/content/docs/dns/index.mdx b/src/content/docs/dns/index.mdx index 2085a0a3bfdc9ab..8155bf04aa2e602 100644 --- a/src/content/docs/dns/index.mdx +++ b/src/content/docs/dns/index.mdx @@ -17,6 +17,8 @@ Leverage Cloudflare's global network to deliver excellent performance and reliab Cloudflare DNS is a fast, resilient and easy-to-manage authoritative DNS service. It delivers excellent performance and reliability to your domain while also protecting your business from [DDoS attacks](https://www.cloudflare.com/learning/ddos/what-is-a-ddos-attack/) and [route leaks and hijacking](https://www.cloudflare.com/learning/security/glossary/bgp-hijacking/). To know where to begin, refer to [Get started](/dns/get-started/). +Enterprise customers can also use Cloudflare DNS for their private network with [Internal DNS (Beta)](/dns/internal-dns/). + *** ## Features diff --git a/src/content/docs/dns/internal-dns/dns-views.mdx b/src/content/docs/dns/internal-dns/dns-views.mdx index 1b93301ee61ce92..904910797db40b6 100644 --- a/src/content/docs/dns/internal-dns/dns-views.mdx +++ b/src/content/docs/dns/internal-dns/dns-views.mdx @@ -6,7 +6,7 @@ sidebar: label: Views --- -import { Details, Render } from "~/components"; +import { Details, Render, Tabs, TabItem } from "~/components"; Internal DNS views are logical groupings of [internal DNS zones](/dns/internal-dns/internal-zones/). As explained in the [architecture overview](/dns/internal-dns/#architecture-overview), DNS views are referenced by [Gateway resolver policies](/cloudflare-one/policies/gateway/resolver-policies/) to define how a specific query should be resolved. @@ -20,17 +20,39 @@ When setting up DNS views, observe the following conditions: ## Create a view + + + + + + + Use the [Create Internal DNS View](/api/resources/dns/subresources/settings/subresources/account/subresources/views/methods/create/) endpoint. For each view you create, list all the internal zones that should be grouped under that view. -## Delete a view + -Use the [Delete Internal DNS View](/api/resources/dns/subresources/settings/subresources/account/subresources/views/methods/delete/) endpoint. +## Delete a view DNS views can be deleted even if they still have internal zones linked to them. The internal DNS zones will continue to exist but will be unlinked once the view is deleted. It is also possible to delete a DNS view that is being referenced by a Gateway resolver policy. In this case, queries matching the policy will return SERVFAIL. -## Other actions + + +1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/login) and select your account. +2. Go to **Internal DNS** > **Views**. +3. Find the view you want to delete. +4. Select the three dots in the corresponding row and choose *Delete*. +5. In the confirmation dialog, select **Delete** again to proceed. + + + + +Use the [Delete Internal DNS View](/api/resources/dns/subresources/settings/subresources/account/subresources/views/methods/delete/) endpoint. + + + +## Other API actions - [Update a DNS view](/api/resources/dns/subresources/settings/subresources/account/subresources/views/methods/edit/) (`PATCH`) - [Get view details](/api/resources/dns/subresources/settings/subresources/account/subresources/views/methods/get/) (`GET`) diff --git a/src/content/docs/dns/internal-dns/get-started.mdx b/src/content/docs/dns/internal-dns/get-started.mdx index 1f29d0600b74be0..d2e9b9b87df8da2 100644 --- a/src/content/docs/dns/internal-dns/get-started.mdx +++ b/src/content/docs/dns/internal-dns/get-started.mdx @@ -9,15 +9,12 @@ import { TabItem, Tabs, Details, Example, Render } from "~/components"; Follow this guide to get started with Internal DNS. -Although there are some steps that can be achieved on the dashboard, currently the whole process can only be completed via API. - ## Before you begin - Make sure you have an Enterprise account with access to [Gateway resolver policies](/cloudflare-one/policies/gateway/resolver-policies/) and [Internal DNS](/dns/internal-dns/). - Consider the different ways in which you can [connect to Gateway resolver](/dns/internal-dns/connectivity/). -- If you are not familiar with how to use Cloudflare API, refer to [Fundamentals](/fundamentals/api/get-started/). - If you will be using an API token for authentication, make sure you have the following permissions:
@@ -41,28 +38,64 @@ Although there are some steps that can be achieved on the dashboard, currently t ## 1. Set up your internal DNS zone - + + + + + + + + ### (Optional) Reference a zone from another zone -1. Use the [Update DNS settings](/api/resources/dns/subresources/settings/subresources/zone/methods/edit/) endpoint to add a reference from an internal zone to another internal zone. In `--data`, specify the `internal_dns` object with the parameter `reference_zone_id`. For details, refer to [reference zones](/dns/internal-dns/internal-zones/reference-zones/). + + + + +1. Go to **Internal DNS** and select a zone. +2. Within the selected zone, go to **Reference zone**. +3. Select **Add reference zone**. +4. Find the zone you want to use as reference and choose **Select** in the respective row. + + + +1. Use the [Update DNS settings](/api/resources/dns/subresources/settings/subresources/zone/methods/edit/) endpoint to add a reference from an internal zone to another internal zone. In `--json`, specify the `internal_dns` object with the parameter `reference_zone_id`. + + ## 2. Link your internal zone to a view Since the resolver policy will require a [DNS view](/dns/internal-dns/dns-views/), you must have at least one view to be able to route requests to internal zones. + + + + + + 1. Use the [Create Internal DNS View](/api/resources/dns/subresources/settings/subresources/account/subresources/views/methods/create/) endpoint. For each view you create, list all the internal zones that should be grouped under that view.
+ + + ## 3. Configure Gateway policies :::note @@ -76,7 +109,7 @@ Besides selecting an internal DNS view when setting up your resolver policies, y 1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **Gateway** > **Resolver policies**. 2. Select **Add a policy** and enter a name and description. 3. Create an expression for the traffic you wish to route. For guidance about selectors, operators, and values, refer to [Gateway](/cloudflare-one/policies/gateway/resolver-policies/#selectors). -4. Select **Use DNS view**. In the dropdown, choose the view that queries matching the expression should be sent to. +4. Select **Use Internal DNS**. Choose the view that queries matching the expression should be sent to. 5. (Optional) Adjust the option to **fallback through public DNS** according to your use case. - Off: Gateway DNS resolver returns the response as-is to the client. - On: In case the response from the internal zone is REFUSED, NXDOMAIN, or a response with a CNAME type, Gateway DNS resolver sends the query to Cloudflare 1.1.1.1 public resolver and tries to resolve the query via public DNS. @@ -91,4 +124,6 @@ Use the rule settings object to define `resolve_dns_internally`, specifying `vie - `none`: Gateway DNS resolver returns the response as-is to the client. - `public_dns`: In case the response from the internal zone is REFUSED, NXDOMAIN, or a response with a CNAME type, Gateway DNS resolver sends the query to Cloudflare 1.1.1.1 public resolver and tries to resolve the query via public DNS. - \ No newline at end of file + + +Once you add the Gateway resolver policy, it will be listed in the respective internal view under **Resolver policies referencing this view**. \ No newline at end of file diff --git a/src/content/docs/dns/internal-dns/index.mdx b/src/content/docs/dns/internal-dns/index.mdx index 678cad05702fa06..32b8f75af33013a 100644 --- a/src/content/docs/dns/internal-dns/index.mdx +++ b/src/content/docs/dns/internal-dns/index.mdx @@ -21,7 +21,7 @@ Simplify private network management with Cloudflare DNS for your internal resour -Manage DNS records that should only be accessible within your private network. Internal DNS [zones](/dns/internal-dns/internal-zones/) and [views](/dns/internal-dns/dns-views/) pair up with [Gateway resolver policies](/cloudflare-one/policies/gateway/resolver-policies/) so that you can control how a DNS query should be responded to according to the query context, such as its source IP. +Manage DNS records that should only be accessible within your private network. Internal DNS [zones](/dns/internal-dns/internal-zones/) and [views](/dns/internal-dns/dns-views/) pair up with [Gateway resolver policies](/cloudflare-one/policies/gateway/resolver-policies/) so that you can control how a DNS query should be responded to according to query context, such as query source IP. diff --git a/src/content/docs/dns/internal-dns/internal-zones/index.mdx b/src/content/docs/dns/internal-dns/internal-zones/index.mdx index 3c37c6ff73d4c69..ad7e7ac2e2c0363 100644 --- a/src/content/docs/dns/internal-dns/internal-zones/index.mdx +++ b/src/content/docs/dns/internal-dns/internal-zones/index.mdx @@ -1,6 +1,7 @@ --- pcx_content_type: concept title: Internal zones +description: Explore internal DNS zones in Cloudflare. These zones organize DNS records for resources accessible only within your private network, queried via Cloudflare Gateway. sidebar: order: 2 group: diff --git a/src/content/docs/dns/internal-dns/internal-zones/internal-dns-records.mdx b/src/content/docs/dns/internal-dns/internal-zones/internal-dns-records.mdx index a048db2f1722103..775fc1e02d89835 100644 --- a/src/content/docs/dns/internal-dns/internal-zones/internal-dns-records.mdx +++ b/src/content/docs/dns/internal-dns/internal-zones/internal-dns-records.mdx @@ -1,6 +1,7 @@ --- pcx_content_type: concept title: Manage internal DNS records +description: Manage internal DNS records in Cloudflare. Learn about supported DNS record types and CNAME flattening. sidebar: order: 4 label: Internal DNS records @@ -16,7 +17,7 @@ Refer to [Manage DNS records](/dns/manage-dns-records/how-to/create-dns-records/ ## CNAME flattening in Internal DNS -With CNAME flattening, Cloudflare finds the final target content that a CNAME points to and then returns this content instead of a CNAME record. With Internal DNS, CNAME flattening is applied by default and cannot be turned off. +With [CNAME flattening](/dns/cname-flattening/), Cloudflare finds the final target content that a CNAME points to and then returns this content instead of a CNAME record. With Internal DNS, CNAME flattening is applied by default and cannot be turned off. Cloudflare will try to flatten the CNAME record considering both the specified [DNS view](/dns/internal-dns/dns-views/) and any existing [reference zones](/dns/internal-dns/internal-zones/reference-zones/). If the reference zone then has another CNAME, the record will again be considered from the perspective of the original view. diff --git a/src/content/docs/dns/internal-dns/internal-zones/reference-zones.mdx b/src/content/docs/dns/internal-dns/internal-zones/reference-zones.mdx index 8433d484ac47442..f4705ece9329dac 100644 --- a/src/content/docs/dns/internal-dns/internal-zones/reference-zones.mdx +++ b/src/content/docs/dns/internal-dns/internal-zones/reference-zones.mdx @@ -1,16 +1,17 @@ --- pcx_content_type: how-to title: Reference zones +description: Learn about reference zones. Cloudflare Internal DNS allows zones to reference others for query resolution when no direct record is found. sidebar: order: 4 --- -import { Example, Render } from "~/components"; +import { Example, Render, Tabs, TabItem } from "~/components"; -During an [internal DNS query resolution](/dns/internal-dns/#architecture-overview), if no internal record is found within a matching internal zone, Cloudflare will check if the matching internal zone is referencing another internal zone. Successive references can be followed with a maximum of five references in a chain. + :::note -A wildcard record (`*.example.local`) in the matching internal zone will take precedence over an exact match in a referenced zone. +A wildcard record (`*.example.local`) in the matching internal zone will take precedence over an exact match in a reference zone. ::: ## Configuration conditions @@ -22,11 +23,24 @@ A wildcard record (`*.example.local`) in the matching internal zone will take pr ## Set up -To set up a reference zone, use the [Update DNS settings](/api/resources/dns/subresources/settings/subresources/zone/methods/edit/) endpoint. In `--data`, specify the `internal_dns` object with the parameter `reference_zone_id`. + + +1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/login) and select your account. +2. Go to **Internal DNS** and select a zone. +3. Within the selected zone, go to **Reference zone**. +4. Select **Add reference zone**. If your zone already has a reference zone set up, you must first remove it. As explained in the [configuration conditions](#configuration-conditions), each internal zone can only reference one other zone at a time. +5. Find the zone you want to use as reference and choose **Select** in the respective row. + + + + +Use the [Update DNS settings](/api/resources/dns/subresources/settings/subresources/zone/methods/edit/) endpoint. In `--json`, specify the `internal_dns` object with the parameter `reference_zone_id`. A third zone (C) could also point to zone B as a reference, but zone A cannot add another zone as a reference while also having zone B configured as its reference zone. - \ No newline at end of file + + + \ No newline at end of file diff --git a/src/content/docs/dns/internal-dns/internal-zones/setup.mdx b/src/content/docs/dns/internal-dns/internal-zones/setup.mdx index 9f9c667c69e425f..986767bf5a4cc88 100644 --- a/src/content/docs/dns/internal-dns/internal-zones/setup.mdx +++ b/src/content/docs/dns/internal-dns/internal-zones/setup.mdx @@ -1,11 +1,12 @@ --- pcx_content_type: how-to title: Manage internal zones +description: Understand how to set up and manage internal DNS zones with Cloudflare. Explore configuration conditions, zone creation, and available API endpoints. sidebar: order: 2 --- -import { Example, Render } from "~/components"; +import { Example, Render, Tabs, TabItem } from "~/components"; Refer to the following sections to learn how to manage your [internal DNS zones](/dns/internal-dns/internal-zones/). @@ -17,9 +18,18 @@ When setting up internal zones, observe the following conditions: ## Create an internal zone - + -## Other actions + + + + + + + + + +## Other API actions The API endpoints to manage internal zones are the same as for managing public zones. The main difference is that the zone type must be set to `internal`. Refer to the API documentation below for details: diff --git a/src/content/partials/dns/internal-dns-view-create-dash.mdx b/src/content/partials/dns/internal-dns-view-create-dash.mdx new file mode 100644 index 000000000000000..f81190342208de2 --- /dev/null +++ b/src/content/partials/dns/internal-dns-view-create-dash.mdx @@ -0,0 +1,21 @@ +--- +params: + - conditional? +--- + +import { Details, Render } from "~/components"; + +1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/login) and select your account. +2. Go to **Internal DNS** > **Views**. +3. Select **Create a view**. +4. Give your view a descriptive name. + +{ props.conditional === "get-started-detail" && ( +
+ +
+ ) +} + +5. Select **Manage zones** to add zones to your view. Select the internal zones that should be used to resolve queries sent by Gateway resolver to this view. +6. Choose **Save** to confirm. \ No newline at end of file diff --git a/src/content/partials/dns/internal-reference-zone-intro.mdx b/src/content/partials/dns/internal-reference-zone-intro.mdx new file mode 100644 index 000000000000000..71d7c7621b8fda4 --- /dev/null +++ b/src/content/partials/dns/internal-reference-zone-intro.mdx @@ -0,0 +1,14 @@ +--- +params: + - conditional? +--- + +During an [internal DNS query resolution](/dns/internal-dns/#architecture-overview), if no internal record is found within a matching internal zone, Cloudflare will check if the matching internal zone is referencing another internal zone. Successive references can be followed with a maximum of five references in a chain. + + +{ props.conditional === "get-started-link" && ( +

+ For details, refer to reference zones. +

+ ) +} \ No newline at end of file diff --git a/src/content/partials/dns/internal-zone-create.mdx b/src/content/partials/dns/internal-zone-create-api.mdx similarity index 100% rename from src/content/partials/dns/internal-zone-create.mdx rename to src/content/partials/dns/internal-zone-create-api.mdx diff --git a/src/content/partials/dns/internal-zone-create-dash.mdx b/src/content/partials/dns/internal-zone-create-dash.mdx new file mode 100644 index 000000000000000..7e92cac6e1f3bde --- /dev/null +++ b/src/content/partials/dns/internal-zone-create-dash.mdx @@ -0,0 +1,26 @@ +--- +params: + - conditional? +--- + +import { Details, Render } from "~/components"; + +1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/login) and select your account. +2. Go to **Internal DNS** and select **Create an internal zone**. +3. Give your internal zone a name. + +{ props.conditional === "get-started-detail" && ( +
+ +
+ ) +} + +4. Add DNS records to your internal zone using your preferred option: +- [Import](/dns/manage-dns-records/how-to/import-and-export/) a formatted BIND file. +- Select **Add a record** and choose **Create** under the record type you want to add. Refer to [DNS record types](/dns/manage-dns-records/reference/dns-record-types/) for details. +5. Repeat this process for each internal zone you wish to add. + +:::note +Creating multiple internal DNS records in batch is currently only supported via API. +::: \ No newline at end of file diff --git a/src/content/partials/dns/internal-zones-conditions.mdx b/src/content/partials/dns/internal-zones-conditions.mdx index 30e5dd0b6359ea7..df6451d558f38a8 100644 --- a/src/content/partials/dns/internal-zones-conditions.mdx +++ b/src/content/partials/dns/internal-zones-conditions.mdx @@ -5,6 +5,8 @@ - Internal zones can contain the same [DNS record types](/dns/manage-dns-records/reference/dns-record-types/) that Cloudflare supports for public zones. - An internal zone can have the same name as a public zone in the same account. -- Each internal zone can be linked to multiple [views](/dns/internal-dns/dns-views/). +- Each internal zone can be linked to multiple [views](/dns/internal-dns/dns-views/)[^20]. - There can be several internal zones with the same name in one account. However, two internal zones with the same name cannot be linked to the same view. -- Internal zones are not subject to any top-level domain (TLD) restrictions. This means that an internal zone can be created if its TLD is not registered publicly (for example, `xyz.local`), if it is created on the TLD itself (`local`), or even if on the root (`.`). \ No newline at end of file +- Internal zones are not subject to any top-level domain (TLD) restrictions. This means that an internal zone can be created if its TLD is not registered publicly (for example, `xyz.local`), if it is created on the TLD itself (`local`), or even if on the root (`.`). + +[^20]: Logical groupings of internal DNS zones that are referenced by Gateway resolver policies to define how a specific query should be resolved. \ No newline at end of file diff --git a/src/content/products/internal-dns.yaml b/src/content/products/internal-dns.yaml new file mode 100644 index 000000000000000..e4c6711a39d7d95 --- /dev/null +++ b/src/content/products/internal-dns.yaml @@ -0,0 +1,9 @@ +name: Internal DNS + +product: + title: Internal DNS + group: Application performance + url: /dns/internal-dns/ + +meta: + description: Use Cloudflare DNS for your internal resources.