All Topics
All Topics
Technology
Technology
AI
AI
Business
Business
Entertainment
Entertainment
News
News
Programming
Programming
Security
Security
Science
Science
Design
Design
Environment
Environment
Finance
Finance
Crypto
Crypto
Politics
Politics
Sports
Sports
Education
Education
Gaming
Gaming
Art
Art
Music
Music
Health
Health
Books
Books
Food
Food
Travel
Travel
Personal
Personal
Bluesky
Twitter

DNS - Account-level enforce DNS-only

2mo ago

Source

CloudflareDNS - Account-level enforce DNS-onlycloudflare.com
Snippet from the RSS feed
You can now disable Cloudflare's reverse proxy across all zones in your account simultaneously using the new enforce_dns_only setting. When enabled, Cloudflare responds to DNS queries for all proxied records with your origin IP addresses instead of Cloudflare's anycast IPs. This account-level kill switch is designed for incident response scenarios where you need to quickly route traffic directly to your origin servers. Warning Enabling this setting exposes your origin IP addresses and removes all Cloudflare protections — including DDoS mitigation, WAF, caching, and all other proxy-based features — for every zone in your account. Use with extreme caution and only after proper preparations . Key characteristics Account-level — Affects all zones in the account simultaneously with a single API call. Non-destructive — Does not modify your DNS records. Disabling the setting restores normal proxy behavior. API-only — Available through the API only, not in the Cloudflare dashboard. What's affected Included: Standard proxied A, AAAA, and CNAME records, Load Balancing records, and records matching Worker routes. Excluded: Spectrum applications, Cloudflare Tunnel CNAMEs, R2 custom domains, Web3 gateways, and Workers custom domains continue to operate normally. Before you enable Verify your origin servers can handle direct traffic without Cloudflare's caching and filtering. Review which origin IPs will become publicly visible through DNS queries. Test the API in a staging account before relying on it for incident response. Availability Available via API to all Cloudflare customers. For information on how to use it, refer to Enforce DNS-only developer documentation .

You might also wanna read

Comments

Sign in to join the conversation.

No comments yet. Be the first.