{"id":2627,"date":"2019-10-22T17:29:40","date_gmt":"2019-10-22T09:29:40","guid":{"rendered":"https:\/\/www.mondoze.com\/guide\/?post_type=kb&p=2627"},"modified":"2022-10-05T08:02:43","modified_gmt":"2022-10-05T00:02:43","slug":"configuring-dns-firewall","status":"publish","type":"kb","link":"https:\/\/www.mondoze.com\/guide\/kb\/configuring-dns-firewall","title":{"rendered":"Configuring DNS Firewall"},"content":{"rendered":"\t\t
If changing nameserver IP addresses prior to implementing DNS Firewall<\/strong>\u00a0will prevent attacks from circumventing the\u00a0DNS Firewall<\/strong>.<\/p> 1. Log in to the Cloudflare dashboard.<\/p> 2. Click the appropriate Cloudflare account where\u00a0DNS Firewall<\/strong> is enable.<\/p> 3. Click\u00a0Configurations<\/strong>\u00a0in the second navigation bar from the top.<\/p> 4. Click\u00a0DNS Firewall<\/strong>\u00a0from the navigation bar on the left side of the UI.<\/p> 5. Click\u00a0Add DNS Firewall Cluster<\/strong>.<\/p> * A DNS Firewall Cluster<\/strong>\u00a0is a group of nameservers that all store the same DNS zone data.<\/p> 6. In the\u00a0Setup a DNS Firewall Cluster<\/strong>\u00a0popup, enter the\u00a0DNS Cluster Name<\/strong>.<\/p> 7. Enter your nameserver\u00a0IP addresses<\/strong>.<\/p> *Cloudflare is recommends to supplying at least two IPv4 and two IPv6 nameserver IP addresses.<\/p> 8. Set the\u00a0Minimum Cache TTL<\/strong>\u00a0and\u00a0Maximum Cache TTL<\/strong>\u00a0that should be respected on any DNS record proxied from your nameservers.<\/p> * Cloudflare recommends a minimum TTL of 30 seconds and a maximum TTL of 1 hour.<\/p> 9. Choose whether the DNS Firewall should answer\u00a0ANY Queries<\/strong>.<\/p> The DNS Firewall responds to ANY with the following. For example, HINFO is record if the ANY Queries<\/strong>\u00a0toggle is set to\u00a0Off<\/em>:<\/p> 10. Click\u00a0Continue<\/strong>.<\/p> 11. Denote the Cloudflare designated IPv4 and IPv6 nameserver addresses within the\u00a0Your new DNS Firewall IP Addresses<\/strong>\u00a0window.<\/p> *Cloudflare’s designated nameserver addresses become effective worldwide after one hour.<\/p> 12. After waiting one hour:<\/p> The\u00a0DNS Firewall<\/strong>\u00a0supports multi-user access. Contact your Cloudflare account team to enable\u00a0multi-user access.<\/p> DNS Administrator<\/strong>\u00a0or\u00a0Super Administrator<\/strong> permissions are require to view and manage the\u00a0DNS Firewall<\/strong>.<\/p>\t\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":" How To Configure DNS Firewall Prerequisites Your CloudFlare account team must enable\u00a0DNS Firewall\u00a0for your account. Change the IP addresses of your nameservers. If changing nameserver IP addresses prior to implementing DNS Firewall\u00a0will prevent attacks from circumventing the\u00a0DNS Firewall. Configuring the DNS Firewall 1. Log in to the Cloudflare dashboard. 2. Click the appropriate Cloudflare account …<\/p>\nConfiguring the DNS Firewall<\/strong><\/h3>
cloudflare.com. 3788 IN HINFO \"Please stop asking for ANY\" \"See draft-ietf-dnsop-refuse-any\"<\/pre>
How can I add multiple members to manage the DNS Firewall?<\/strong><\/h3>