An error occurred when setting the DNS policy

There is a problem with DNS policy in Firewall policies.
Whenever I save a policy with “host” in Traffic and “Override” in Action and then change the order in which the policies are applied, I get an error message "This policy uses features that cannot be displayed in the Zero Trust Dashboard.

Can confirm. I am seeing the same thing. I already opened a ticket for this. There are some more qirks to this:

  • DNS override policies no longer work - at all. The return 0.0.0.0 instead of the override address
  • After moving one of those policies around, I am getting the same error (This policy uses features that cannot be displayed in the Zero Trust Dashboard.)
  • Once a rule has errored out like that, it can no longer be edited (the “configure” button is missing and the “edit” option in the overflow menu is missing as well)

This is completely broken. Not just the UI, but the underlying function as well.

If you need to create a new policy in a hurry, try the following steps

  1. Create a dummy policy with the Action “Allow”.
  2. Change the order of the created policies (if necessary).
  3. Change the Action of the created policy to “Override”.

This should temporarily give you the intended control.
It is recommended that you refrain from reordering existing policies until Cloudflare announces a fix.

Thanks. So this is a confirmed bug?

Sorry, I don’t know about that.
I’m a hobbyist user with a free plan, so I can’t contact support.
If there’s a proper point of contact, I’ll try to contact them myself.

The ticket I opened a couple of days ago has now been escalated to the engineering team and they will take a look at it.

1 Like

Cloudflare has deployed a fix so that moving rules around no longer produces error messages. However, the underlying functionality, e. g. overrides, are still entirely broken and still don’t work.

At this time I have confirmed that this problem has been fixed in my environment.

I understand you’re encountering an error when setting DNS policies with ‘host’ traffic and ‘Override’ action, specifically when reordering those policies. This seems to be a known issue that Cloudflare is currently addressing.