Legacy Gateway DNS Policies Missing

Uh, where are my old DNS policies?


Mine stuck around for a while, but they’re deprecated being replaced by the new DNS policies (to me, that still means deprecated/no longer supported, though still functional). So I deleted mine and now that link is gone from my account.

Did I miss a communication that legacy DNS policies would be completely removed on date X?

Also, it appears my legacy policies are still applied to my traffic so…ya, this is a problem.

Hi @ucdscott we haven’t deprecated legacy policies. We introduced the new DNS policy engine (the tab with “DNS New”) to allow customers to migrate their policies without a requirement to do so by a specific date. We won’t forcefully delete existing policies or auto-migrate policies since that could cause issues for each customer’s production traffic.

When you migrate a policy, the WireFilter-based rules in the new tab take priority over any legacy policies (meaning if the traffic would match both policies, it will match against the new rules first). You can delete legacy policies after you migrate them without worrying about downtime or exposure to security threats.

When you delete all legacy DNS policies, the legacy tab is removed from the UI leaving you with the “DNS New” tab. We will not remove the legacy tab from the UI unless it contains no policies.


Cool, thanks for that explanation and also to whomever at Cloudflare restored my legacy DNS tab:


1 Like