Onboard DNS for a network
2 min read
The fastest way to start filtering DNS queries is to change your DNS resolver to use a specific Gateway endpoint. You can make this change at the browser, OS, or router level.
Choose this option if:
- You want to try out DNS filtering without installing software.
- You do not need to filter by user identity.
- You want to apply blanket DNS policies to all devices in a physical location, such as a retail store or office.
 Change DNS resolver in browser
To configure your browser to send traffic to Gateway:
- Obtain your DNS over HTTPS (DoH) address: - Go to Gateway > DNS Locations.
- Select Add a location.
- Enter a name for the location.
- Turn on Set as Default DNS Location.
- Select Add location.
- Copy your DNS over HTTPS hostname: https://<YOUR_DOH_SUBDOMAIN>.cloudflare-gateway.com/dns-query
 
- Follow the configuration instructions for your browser: - Mozilla Firefox- In Firefox, go to Settings.
- In Privacy & Security, go to DNS over HTTPS.
- Under Enable secure DNS using, select Max Protection.
- In Choose provider, choose Custom.
- In the field, enter https://<YOUR_DOH_SUBDOMAIN>.cloudflare-gateway.com/dns-query.
 - Firefox is now configured to use your DoH endpoint. For more information on configuring DoH settings in Firefox, refer to Mozilla’s documentation. - Google Chrome- In Chrome, go to Settings > Privacy and security > Security.
- Scroll down and turn on Use secure DNS.
- Select With Custom.
- In the Enter custom provider field, enter https://<YOUR_DOH_SUBDOMAIN>.cloudflare-gateway.com/dns-query.
 - Read more about enabling DNS over HTTPS on Chrome. - Microsoft Edge- In Microsoft Edge, go to Settings.
- Select Privacy, Search, and Services, and scroll down to Security.
- Turn on Use secure DNS.
- Select Choose a service provider.
- In the Enter custom provider field, enter https://<YOUR_DOH_SUBDOMAIN>.cloudflare-gateway.com/dns-query.
 - Brave- In Brave, go to Settings > Security and Privacy > Security.
- Turn on Use secure DNS.
- Select With Custom.
- In the Enter custom provider field, enter https://<YOUR_DOH_SUBDOMAIN>.cloudflare-gateway.com/dns-query.
 - SafariCurrently, Safari does not support DNS over HTTPS.
- Verify that third-party firewall or TLS decryption software does not inspect or block traffic to the DoH endpoint: - https://<YOUR_DOH_SUBDOMAIN>.cloudflare-gateway.com/dns-query.
DNS filtering is now turned on for this browser.
To configure your router or OS, or to add additional DNS endpoints, refer to DNS locations.