[Cloudflare One] DNS Policies ELI5

[Oxyjun]

Improves clarity across the 4 pages in /cloudflare-one/traffic-policies/dns-policies/ by adding inline definitions, spelling out acronyms, and surfacing non-obvious behavior. Generated via ELI5 analysis of all sections.

index.mdx

• Add a plain-language opening paragraph explaining what DNS policies are and why they matter
• Link to Gateway overview on first mention
• Define the three evaluation phases (Before/During/After DNS resolution) that appear in every selector table but were never explained
• Rewrite the Allow action description to clarify its purpose as an exception mechanism, not a redundant pass-through
• Fix the grammatically broken Override action description ("respond to all DNS queries for a given domain to another destination" → "replace the real DNS answer with a destination you specify")
• Add inline DNSSEC definition before the validation toggle
• Annotate A/AAAA record types with (IPv4)/(IPv6) in the block page section
• Spell out EDNS, DoH, DoT on first use
• Clarify the authoritative nameserver selector (remove redundant "IP address of the IP address")
• Rewrite fallback DNS limitation to explain the bypass mechanism

common-policies.mdx

• Spell out EAR, OFAC, ITAR acronyms on first use
• Add EDNS definition in the dynamic categories section
• Define TLDs inline ("the last segment of a domain name, such as .com or .ru")
• Replace "egress to the origin server" with "when Gateway connects to the destination server"
• Annotate Force IPv4/IPv6 with the record types being blocked

test-dns-filtering.mdx

• Expand prerequisites to distinguish WARP vs DNS-only deployments
• Define dig and nslookup tools for readers unfamiliar with them
• Correct "answer section" to "header line" for where REFUSED/NOERROR appear in dig output
• Add inline definitions for REFUSED and NOERROR DNS response codes
• Define EDNS client subnet before the EDNS test section
• Spell out DoH on first use

timed-policies.mdx

• Add use-case examples to the opening paragraph (work-hours blocking, maintenance windows)
• Add a :::caution callout for the non-obvious duration timer behavior (absolute end time, not a pausable countdown)
• Add a :::note callout for VPN/proxy timezone inference pitfall
• Fix "we will fall back" → "it will fall back" (consistent third-person voice)

[github-actions]

This pull request requires reviews from CODEOWNERS as it changes files that match the following patterns:

Pattern	Owners
/src/content/docs/cloudflare-one/traffic-policies/	@cloudflare/pcx-technical-writing

[github-actions]

Preview URL: https://a7e5bc3a.preview.developers.cloudflare.com
Preview Branch URL: https://cf1-jun-traffic-policies-dns-eli5.preview.developers.cloudflare.com

Files with changes (up to 15)

Original Link	Updated Link
https://developers.cloudflare.com/cloudflare-one/traffic-policies/dns-policies/	https://cf1-jun-traffic-policies-dns-eli5.preview.developers.cloudflare.com/cloudflare-one/traffic-policies/dns-policies/
https://developers.cloudflare.com/cloudflare-one/traffic-policies/dns-policies/test-dns-filtering/	https://cf1-jun-traffic-policies-dns-eli5.preview.developers.cloudflare.com/cloudflare-one/traffic-policies/dns-policies/test-dns-filtering/
https://developers.cloudflare.com/cloudflare-one/traffic-policies/dns-policies/common-policies/	https://cf1-jun-traffic-policies-dns-eli5.preview.developers.cloudflare.com/cloudflare-one/traffic-policies/dns-policies/common-policies/
https://developers.cloudflare.com/cloudflare-one/traffic-policies/dns-policies/timed-policies/	https://cf1-jun-traffic-policies-dns-eli5.preview.developers.cloudflare.com/cloudflare-one/traffic-policies/dns-policies/timed-policies/