ACL on DNS resolution level

Hi there,
is it somehow possible to black/whitelist specific IP addresses from resolving domains? I’m searching for a function like the Firewall ruleset, but for DNS resolution traffic. Using HTTP, the Firewall ruleset works, but not when I “dig” a specific domain. Is that possible?

This is possible if you operate your own DNS server (assuming it supports ECS Client-Subnet) using Cloudflare’s DNS Firewall product. If you are an existing Enterprise customer you can contact your account team for more information otherwise you can use the ‘Contact our team’ link here:

1 Like

To do this you would need control over the authoritative nameservers from Cloudflare which you haven’t.

You’d need to run your own DNS Servers

1 Like

This topic was automatically closed after 30 days. New replies are no longer allowed.