Create a test policy

To ensure a smooth deployment, we recommend testing a simple policy before deploying DNS filtering to your organization.

Test a policy in the browser

Go to Gateway > Firewall policies.
Create a policy to block all security categories:
Selector Operator Value Action
Security Categories in All security risks Block
In the browser, go to malware.testcategory.com. You should see a generic Gateway block page.
In Logs > Gateway > DNS, verify that you see the blocked domain.

Selector	Operator	Value	Action
Security Categories	in	All security risks	Block

When testing against frequently-visited sites, you may need to clear the DNS cache in your browser or OS. Otherwise, the DNS lookup will return the locally-cached IP address and bypass your DNS policies.

You have now validated DNS filtering!

Cloudflare Dashboard Discord Community Learning Center Support Portal