Created Default DNS Location by Accident on Zero Trust

I was exploring the zero trust options in the cloudflare dashboard and accidentally created a DNS location. Should I be worried about it pointing back to anything in my local network (home network)? The way it seems is that it takes your current IP address to use for the DNS Location, but I don't really understand what it does. The current configuration does say "No valid IPV4 addresses" but it does contain greyed out DoH and DNSoTLS addresses as well as an IPv6 address. I have no other configurations added at all. I've tried deleting the location but I cannot since it is the default (only) location. I've since cancelled my subscription in hopes of it deleting the zero trust configuration overall but that didn't work since - at least not until a month from now. Do I need to worry about anything security wise, such as external access into my local network? Thank you!
6 Replies
Chaika
Chaika10mo ago
You don't need to worry, it doesn't do anything unless you start sending DNS Queries to the IPs/Endpoints for that location, in which they would start being filtered by your settings/rules The reason why it grabbed your source ip/current IP is because the IPv4 DNS Zero Trust addresses are shared, and it needs to know which account requests should flow through when they receive at that IP But again none of that matters unless you configured your devices to use those DNS IPs/Endpoints
Murray
MurrayOP10mo ago
Thank you! I really appreciate that answer. Thankfully I did not apply those addresses to any devices or to dhcp for distribution. I think I understand, so any devices pointed to that DNS server would only flow if their source IP came from the public IP that was configured in the Location?
Chaika
Chaika10mo ago
I believe it would still work/respond even if it wasn't setup, but it would only know to collect analytics / send them through your DNS rules/etc if the source IP matched yea. For IPv6, DoT/DoH you get completely unique addresses/hostnames which aren't constrained by that
Chaika
Chaika10mo ago
Cloudflare Docs
DNS resolver IPs and hostnames · Cloudflare Zero Trust docs
When you create a DNS location, Gateway assigns IPv4/IPv6 addresses and DoT/DoH hostnames to that location. These are the IP addresses and hostnames …
Chaika
Chaika10mo ago
No description
Murray
MurrayOP10mo ago
Awesome okay, ty for the document as well. It didn't make a lot of sense on my first read but your responses helped a lot. I suppose it doesn't really point back to anything, at least not automatically, and mostly filters / blocks based on the rules that are defined and returns blocked pages back to the source (client) that's requesting whatever site.
Want results from more Discord servers?
Add your server