Local Domain Fallback
Feature availability
| Operating Systems | WARP mode required | Zero Trust plans |
|---|---|---|
| All systems | WARP with Gateway | All plans |
By default, Cloudflare Zero Trust excludes common top level domains used for local resolution from being sent to Gateway for processings. Excluded domains are listed on the Zero Trust dashboard under Settings > Network > Local Domain Fallback . All domains in that list rely on the local DNS resolver configured for the device on its primary interface or the DNS server specified when you add a new local domain. Domains added to this list are not subject to Gateway DNS policies or DNS logging. The WARP Client proxies these requests directly to the configured fallback servers.
You can add or remove domains from the Local Domains list at any time.
-
On the Zero Trust dashboard, navigate to Settings > Network.
-
Under Local Domain Fallback, click Manage.
-
On this page, you will find a list of domains Cloudflare Zero Trust excludes. You can customize this list to add or remove any items from it. All prefixes under the domain are subject to the local domain fallback rule (for example, all entries are interpreted as
\*.example.com)
Add a domain
On the Local Domains page, enter the domain, the DNS server(s) that should resolve that domain name and an optional description in the relevant fields. Then, click Add domain.
The domain will appear in the list of Local Domain entries.
Specify a DNS server
It is best to always specify at least one DNS server that Local Domain Fallback should use for any domain you add. If a value is not specified, the client will try to identify the DNS server (or servers) used on the device before it started, and use that server for each domain in the Local Domain Fallback list.
Delete a domain
To remove a domain from the list, locate the domain and then click Delete.