CD
Cloudflare Developers5mo ago
Murray

Created Default DNS Location by Accident on Zero Trust

I was exploring the zero trust options in the cloudflare dashboard and accidentally created a DNS location. Should I be worried about it pointing back to anything in my local network (home network)? The way it seems is that it takes your current IP address to use for the DNS Location, but I don't really understand what it does. The current configuration does say "No valid IPV4 addresses" but it does contain greyed out DoH and DNSoTLS addresses as well as an IPv6 address. I have no other configurations added at all. I've tried deleting the location but I cannot since it is the default (only) location. I've since cancelled my subscription in hopes of it deleting the zero trust configuration overall but that didn't work since - at least not until a month from now. Do I need to worry about anything security wise, such as external access into my local network? Thank you!
6 Replies
Chaika
Chaika5mo ago
You don't need to worry, it doesn't do anything unless you start sending DNS Queries to the IPs/Endpoints for that location, in which they would start being filtered by your settings/rules The reason why it grabbed your source ip/current IP is because the IPv4 DNS Zero Trust addresses are shared, and it needs to know which account requests should flow through when they receive at that IP But again none of that matters unless you configured your devices to use those DNS IPs/Endpoints
Murray
Murray5mo ago
Thank you! I really appreciate that answer. Thankfully I did not apply those addresses to any devices or to dhcp for distribution. I think I understand, so any devices pointed to that DNS server would only flow if their source IP came from the public IP that was configured in the Location?
Chaika
Chaika5mo ago
I believe it would still work/respond even if it wasn't setup, but it would only know to collect analytics / send them through your DNS rules/etc if the source IP matched yea. For IPv6, DoT/DoH you get completely unique addresses/hostnames which aren't constrained by that
Chaika
Chaika5mo ago
https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/agentless/dns/locations/dns-resolver-ips/#source-ip
Cloudflare Docs
DNS resolver IPs and hostnames · Cloudflare Zero Trust docs
When you create a DNS location, Gateway assigns IPv4/IPv6 addresses and DoT/DoH hostnames to that location. These are the IP addresses and hostnames …
Chaika
Chaika5mo ago
No description
Murray
Murray5mo ago
Awesome okay, ty for the document as well. It didn't make a lot of sense on my first read but your responses helped a lot. I suppose it doesn't really point back to anything, at least not automatically, and mostly filters / blocks based on the rules that are defined and returns blocked pages back to the source (client) that's requesting whatever site.
Want results from more Discord servers?
Add your server
More Posts
How to add "Content-Encoding: br" to Cloudflare R2 StorageI'm trying to serve a Unity WebGL Build compressed to Brotli from R2 Storage but I have no idea how Cloudflare's secrets functionality & Mailjet?Trying to authenticate with Mailjet and finding send mail errors. API key and secret are correct andWhere to find API endpoints to create internal/external hostnames?I have a Cloudflare tunnel setup to my home network for some personal self-hosted services. While lethird party github option for cloudflare pagesIs there a way I could have cf pages pull from forgejo?After clearing all caches, the svg images of 3 URLs cannot be opened.After clicking to clear all caches on cloudflare, the svg images of 3 URLs cannot be opened. Does anHelp setting up worker for discord botHello, I wanted to host a discord bot that embeds tiktok links in my friends server. I found this reRedirect not working when transforming via Workers onError eventHi folks, I have a worker that resizes images; everything works well except when the animated GIF ican i run --force here ?can i run --force here ?Workers KV get throws TypeError: Cannot read properties of undefined (reading 'get')My wrangler.toml file looks like this: ``` kv_namespaces = [ { binding = "BH_API_KEYS", id = "xxx`````` const { env, cf, ctx } = getRequestContext(); Warning: The function cannot be called in code fro