Created Default DNS Location by Accident on Zero Trust

I was exploring the zero trust options in the cloudflare dashboard and accidentally created a DNS location. Should I be worried about it pointing back to anything in my local network (home network)? The way it seems is that it takes your current IP address to use for the DNS Location, but I don't really understand what it does. The current configuration does say "No valid IPV4 addresses" but it does contain greyed out DoH and DNSoTLS addresses as well as an IPv6 address. I have no other configurations added at all. I've tried deleting the location but I cannot since it is the default (only) location. I've since cancelled my subscription in hopes of it deleting the zero trust configuration overall but that didn't work since - at least not until a month from now. Do I need to worry about anything security wise, such as external access into my local network? Thank you!
C
Chaika43d ago
You don't need to worry, it doesn't do anything unless you start sending DNS Queries to the IPs/Endpoints for that location, in which they would start being filtered by your settings/rules The reason why it grabbed your source ip/current IP is because the IPv4 DNS Zero Trust addresses are shared, and it needs to know which account requests should flow through when they receive at that IP But again none of that matters unless you configured your devices to use those DNS IPs/Endpoints
M
Murray43d ago
Thank you! I really appreciate that answer. Thankfully I did not apply those addresses to any devices or to dhcp for distribution. I think I understand, so any devices pointed to that DNS server would only flow if their source IP came from the public IP that was configured in the Location?
C
Chaika43d ago
I believe it would still work/respond even if it wasn't setup, but it would only know to collect analytics / send them through your DNS rules/etc if the source IP matched yea. For IPv6, DoT/DoH you get completely unique addresses/hostnames which aren't constrained by that
C
Chaika43d ago
Cloudflare Docs
DNS resolver IPs and hostnames · Cloudflare Zero Trust docs
When you create a DNS location, Gateway assigns IPv4/IPv6 addresses and DoT/DoH hostnames to that location. These are the IP addresses and hostnames …
C
Chaika43d ago
No description
M
Murray43d ago
Awesome okay, ty for the document as well. It didn't make a lot of sense on my first read but your responses helped a lot. I suppose it doesn't really point back to anything, at least not automatically, and mostly filters / blocks based on the rules that are defined and returns blocked pages back to the source (client) that's requesting whatever site.
Want results from more Discord servers?
Add your server
More Posts
How to add "Content-Encoding: br" to Cloudflare R2 StorageI'm trying to serve a Unity WebGL Build compressed to Brotli from R2 Storage but I have no idea how Cloudflare's secrets functionality & Mailjet?Trying to authenticate with Mailjet and finding send mail errors. API key and secret are correct andWhere to find API endpoints to create internal/external hostnames?I have a Cloudflare tunnel setup to my home network for some personal self-hosted services. While lethird party github option for cloudflare pagesIs there a way I could have cf pages pull from forgejo?After clearing all caches, the svg images of 3 URLs cannot be opened.After clicking to clear all caches on cloudflare, the svg images of 3 URLs cannot be opened. Does anHelp setting up worker for discord botHello, I wanted to host a discord bot that embeds tiktok links in my friends server. I found this reRedirect not working when transforming via Workers onError eventHi folks, I have a worker that resizes images; everything works well except when the animated GIF ican i run --force here ?can i run --force here ?Workers KV get throws TypeError: Cannot read properties of undefined (reading 'get')My wrangler.toml file looks like this: ``` kv_namespaces = [ { binding = "BH_API_KEYS", id = "xxxPaid for the Services.Paid for support, my site is under DDOs attacks I would like a dev to help me resolve this issue. passh over cloudlare tunnel with iPhoneHi, I successfully got an ssh connection through a cloudflare tunnel on windows but it worked becausView bandwidth usage by pages website?Is there any way to see how much bandwidth a pages project has used?Exporting WAF Logs on Business planIs it possible to use the API to export the WAF logs and then i can parse and import it to an externWorker Loop and error because or External rendering serviceI face an issue... I use a worker that loads a page on an external site but I see a strange Loop comContacting by chat impossible or nightmare?The support system is not showing any option accessing to the live chat.... Can someone help me or gFeature Request: Route Zone LinkA small dashboard feature that would make things a bit more seamless would be adding a link to the rpricing of web3?Hi guys, I am trying to find the pricing of the ethereum web3 gateway. Since it's a usage-based billWebsite domain stuck at verifying but subdomains workingI have a Pages project and I'm trying to add a domain to it. So the site has been added under Websit