WARP Split tunnels - allow all subdomains


I’ve started configuring Cloudflare WARP and I’ve configured some domains in the Split Tunnels functionality.

In my company, we have our internal domain, let’s alfa.org.

If I add *.alfa.org to the split tunnel, I can correctly access whatever.alfa.org, but the name gamma.beta.alfa.org is not being resolved.

I also tried to add alfa.org (without *.), but it doesn’t work in that case either.

As we have tens (if not hundreds) of 4th level subdomains (gamma.beta.alfa.org, teta.gamma.alfa.org, etc.), I’d like to configure all subdomains with a single rule. Is this possible?

If it’s currently not possible, will it be introduced soon? We are evaluating WARP in our company, but this would be a huge drawback if it can’t be performed.



I’ve never seen a double-deep wildcard work for anything DNS-related at Cloudflare. As you probably suspect, I bet a big list of wildcards for *.alpha, *.beta, etc will be required.

Hello sdayman,

thanks for your answer. Just to be clearer in the case I wasn’t enough, I’m referring to the “Cloudflare for Teams” - Split Tunnels configuration:

The way DNS works, if I have a wildcard entry for *.alfa.org, and I perform a nslookup of gamma.beta.alfa.org, it should always match the wildcard entry (unless there are any RFC-mandated exceptions, of course, which is not the case).

By the way, this is the behavior I have for DNS domains hosted on CF itself (and for other DNS providers as well), so I’m not sure why it doesn’t work here to be honest.