{"id":2627,"date":"2019-10-22T17:29:40","date_gmt":"2019-10-22T09:29:40","guid":{"rendered":"https:\/\/www.mondoze.com\/guide\/?post_type=kb&#038;p=2627"},"modified":"2022-10-05T08:02:43","modified_gmt":"2022-10-05T00:02:43","slug":"configuring-dns-firewall","status":"publish","type":"kb","link":"https:\/\/www.mondoze.com\/guide\/kb\/configuring-dns-firewall","title":{"rendered":"Configuring DNS Firewall"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"2627\" class=\"elementor elementor-2627\" data-elementor-settings=\"[]\">\n\t\t\t\t\t\t<div class=\"elementor-inner\">\n\t\t\t\t\t\t\t<div class=\"elementor-section-wrap\">\n\t\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-2243c4d5 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"2243c4d5\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t\t\t<div class=\"elementor-row\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-22086722\" data-id=\"22086722\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-column-wrap elementor-element-populated\">\n\t\t\t\t\t\t\t<div class=\"elementor-widget-wrap\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-a86fffa elementor-widget elementor-widget-heading\" data-id=\"a86fffa\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">How To Configure DNS Firewall<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-452e2c39 elementor-widget elementor-widget-text-editor\" data-id=\"452e2c39\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t<div class=\"elementor-text-editor elementor-clearfix\">\n\t\t\t\t<h3><strong>Prerequisites<\/strong><\/h3><ul><li>Your CloudFlare account team must enable\u00a0<strong>DNS Firewall<\/strong>\u00a0for your account.<\/li><li>Change the IP addresses of your nameservers.<\/li><\/ul><p>If changing nameserver IP addresses prior to implementing <strong>DNS Firewall<\/strong>\u00a0will prevent attacks from circumventing the\u00a0<strong>DNS Firewall<\/strong>.<\/p><hr \/><h3><strong>Configuring the DNS Firewall<\/strong><\/h3><p>1. Log in to the Cloudflare dashboard.<\/p><p>2. Click the appropriate Cloudflare account where\u00a0<strong>DNS Firewall<\/strong> is enable.<\/p><p>3. Click\u00a0<strong>Configurations<\/strong>\u00a0in the second navigation bar from the top.<\/p><p>4. Click\u00a0<strong>DNS Firewall<\/strong>\u00a0from the navigation bar on the left side of the UI.<\/p><p>5. Click\u00a0<strong>Add DNS Firewall Cluster<\/strong>.<\/p><p>* A <strong>DNS Firewall Cluster<\/strong>\u00a0is a group of nameservers that all store the same DNS zone data.<\/p><p>6. In the\u00a0<strong>Setup a DNS Firewall Cluster<\/strong>\u00a0popup, enter the\u00a0<strong>DNS Cluster Name<\/strong>.<\/p><p>7. Enter your nameserver\u00a0<strong>IP addresses<\/strong>.<\/p><p>*Cloudflare is recommends to supplying at least two IPv4 and two IPv6 nameserver IP addresses.<\/p><p>8. Set the\u00a0<strong>Minimum Cache TTL<\/strong>\u00a0and\u00a0<strong>Maximum Cache TTL<\/strong>\u00a0that should be respected on any DNS record proxied from your nameservers.<\/p><p>* Cloudflare recommends a minimum TTL of 30 seconds and a maximum TTL of 1 hour.<\/p><p>9. Choose whether the DNS Firewall should answer\u00a0<strong>ANY Queries<\/strong>.<\/p><p>The DNS Firewall responds to ANY with the following. For example, HINFO is record if the <strong>ANY Queries<\/strong>\u00a0toggle is set to\u00a0<em>Off<\/em>:<\/p><pre>cloudflare.com.  3788  IN  HINFO  \"Please stop asking for ANY\" \"See draft-ietf-dnsop-refuse-any\"<\/pre><p>10. Click\u00a0<strong>Continue<\/strong>.<\/p><p>11. Denote the Cloudflare designated IPv4 and IPv6 nameserver addresses within the\u00a0<strong>Your new DNS Firewall IP Addresses<\/strong>\u00a0window.<\/p><p>*Cloudflare&#8217;s designated nameserver addresses become effective worldwide after one hour.<\/p><p>12. After waiting one hour:<\/p><ul><li>Verify that the Cloudflare nameservers respond to DNS queries.<\/li><li>Confirm the Cloudflare nameservers provide correct DNS responses.<\/li><li>Switch your nameservers to the new Cloudflare nameserver IP addresses.<\/li><\/ul><hr \/><h3><strong>How can I add multiple members to manage the DNS Firewall?<\/strong><\/h3><p>The\u00a0<strong>DNS Firewall<\/strong>\u00a0supports multi-user access. Contact your Cloudflare account team to enable\u00a0multi-user access.<\/p><p><strong>DNS Administrator<\/strong>\u00a0or\u00a0<strong>Super Administrator<\/strong> permissions are require to view and manage the\u00a0<strong>DNS Firewall<\/strong>.<\/p>\t\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>How To Configure DNS Firewall Prerequisites Your CloudFlare account team must enable\u00a0DNS Firewall\u00a0for your account. Change the IP addresses of your nameservers. If changing nameserver IP addresses prior to implementing DNS Firewall\u00a0will prevent attacks from circumventing the\u00a0DNS Firewall. Configuring the DNS Firewall 1. Log in to the Cloudflare dashboard. 2. Click the appropriate Cloudflare account &hellip;<\/p>\n<p class=\"read-more\"> <a class=\"\" href=\"https:\/\/www.mondoze.com\/guide\/kb\/configuring-dns-firewall\"> <span class=\"screen-reader-text\">Configuring DNS Firewall<\/span> Read More \u00bb<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""}}},"kbtopic":[53],"kbtag":[110],"mkb_version":[],"_links":{"self":[{"href":"https:\/\/www.mondoze.com\/guide\/wp-json\/wp\/v2\/kb\/2627"}],"collection":[{"href":"https:\/\/www.mondoze.com\/guide\/wp-json\/wp\/v2\/kb"}],"about":[{"href":"https:\/\/www.mondoze.com\/guide\/wp-json\/wp\/v2\/types\/kb"}],"author":[{"embeddable":true,"href":"https:\/\/www.mondoze.com\/guide\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.mondoze.com\/guide\/wp-json\/wp\/v2\/comments?post=2627"}],"version-history":[{"count":6,"href":"https:\/\/www.mondoze.com\/guide\/wp-json\/wp\/v2\/kb\/2627\/revisions"}],"predecessor-version":[{"id":19261,"href":"https:\/\/www.mondoze.com\/guide\/wp-json\/wp\/v2\/kb\/2627\/revisions\/19261"}],"wp:attachment":[{"href":"https:\/\/www.mondoze.com\/guide\/wp-json\/wp\/v2\/media?parent=2627"}],"wp:term":[{"taxonomy":"kbtopic","embeddable":true,"href":"https:\/\/www.mondoze.com\/guide\/wp-json\/wp\/v2\/kbtopic?post=2627"},{"taxonomy":"kbtag","embeddable":true,"href":"https:\/\/www.mondoze.com\/guide\/wp-json\/wp\/v2\/kbtag?post=2627"},{"taxonomy":"mkb_version","embeddable":true,"href":"https:\/\/www.mondoze.com\/guide\/wp-json\/wp\/v2\/mkb_version?post=2627"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}