Cloudflare Docs
Logs
Cloudflare Docs
Logs
Edit this page
Report an issue with this page
Log into the Cloudflare dashboard
Set theme to dark (⇧+D)
  1. Products
  2. Logs
  3. ...
  4. ...
  5. Account-scoped datasets
  6. Gateway DNS

Gateway DNS

The descriptions below detail the fields available for gateway_dns.

​​ ApplicationID

Type: int

ID of the application the domain belongs to (for example, 1, 2). Set to 0 when no ApplicationID is matched.

​​ ColoCode

Type: string

The name of the colo that received the DNS query (for example, ‘SJC’, ‘MIA’, ‘IAD’).

​​ ColoID

Type: int

The ID of the colo that received the DNS query (for example, 46, 72, 397).

​​ CustomResolveDurationMs

Type: int

The time it took for the custom resolver to respond.

​​ CustomResolverAddress

Type: string

IP and port combo used to resolve the custom dns resolver query, if any.

​​ CustomResolverPolicyID

Type: string

Custom resolver policy UUID, if matched.

​​ CustomResolverPolicyName

Type: string

Custom resolver policy name, if matched.

​​ CustomResolverResponse

Type: string

Status of the custom resolver response.

​​ Datetime

Type: int or string

The date and time the corresponding DNS request was made (for example, ‘2021-07-27T00:01:07Z’).

​​ DeviceID

Type: string

UUID of the device where the HTTP request originated from (for example, ‘dad71818-0429-11ec-a0dc-000000000000’).

​​ DeviceName

Type: string

The name of the device where the HTTP request originated from (for example, ‘Laptop MB810’).

​​ DstIP

Type: string

The destination IP address the DNS query was made to (for example, ‘104.16.132.2290’).

​​ DstPort

Type: int

The destination port used at the edge. The port changes based on the protocol used by the DNS query (for example, 0).

​​ Email

Type: string

Email used to authenticate the client (for example, ‘user@test.com’).

​​ IsResponseCached

Type: bool

Response comes from cache or not.

​​ Location

Type: string

Name of the location the DNS request is coming from. Location is created by the customer (for example, ‘Office NYC’).

​​ LocationID

Type: string

UUID of the location the DNS request is coming from. Location is created by the customer (for example, ‘7bdc7a9c-81d3-4816-8e56-000000000000’).

​​ MatchedCategoryIDs

Type: array[int]

ID or IDs of category that the domain was matched with the policy (for example, [7,12,28,122,129,163]).

​​ MatchedCategoryNames

Type: array[string]

Name or names of category that the domain was matched with the policy (for example, [‘Photography’, ‘Weather’]).

​​ MatchedIndicatorFeedIDs

Type: array[int]

ID or IDs of indicator feed(s) that the domain was matched with the policy (for example, [7,12]).

​​ MatchedIndicatorFeedNames

Type: array[string]

Name or names of indicator feed(s) that the domain was matched with the policy (for example, [‘Vendor Malware Feed’, ‘Vendor CoC Feed’]).

​​ Policy

Type: string

Name of the policy that was applied (if any) (for example, ‘7bdc7a9c-81d3-4816-8e56-de1acad3dec5’).

​​ PolicyID

Type: string

ID of the policy/rule that was applied (if any).

​​ Protocol

Type: string

The protocol used for the DNS query by the client (for example, ‘udp’).

​​ QueryCategoryIDs

Type: array[int]

ID or IDs of category that the domain belongs to (for example, [7,12,28,122,129,163]).

​​ QueryCategoryNames

Type: array[string]

Name or names of category that the domain belongs to (for example, [‘Photography’, ‘Weather’]).

​​ QueryIndicatorFeedIDs

Type: array[int]

ID or IDs of indicator feed(s) that the domain belongs to (for example, [7,12,28]).

​​ QueryIndicatorFeedNames

Type: array[string]

Name or names of indicator feed(s) that the domain belongs to (for example, [‘Vendor Malware Feed’, ‘Vendor CoC Feed’, ‘Vendor Phishing Feed’]).

​​ QueryName

Type: string

The query name (for example, ’example.com’). Cloudflare will surface ‘.’ for root server queries in your logs.

​​ QueryNameReversed

Type: string

Query name in reverse (for example, ‘com.example’). Cloudflare will surface ‘.’ for root server queries in your logs.

​​ QuerySize

Type: int

The size of the DNS request in bytes (for example, 151).

​​ QueryType

Type: int

The type of DNS query (for example, 1, 28, 15, or 16).

​​ QueryTypeName

Type: string

The type of DNS query (for example, ‘A’, ‘AAAA’, ‘MX’, or ‘TXT’).

​​ RCode

Type: int

The return code sent back by the DNS resolver.

​​ RData

Type: array[object]

The rdata objects (for example, {“type”:“5”,“data”:“dns-packet-placeholder…”}).

​​ ResolvedIPs

Type: array[string]

The resolved IPs in the response, if any (for example [‘203.0.113.1’, ‘203.0.113.2’]).

​​ ResolverDecision

Type: string

Result of the DNS query (for example, ‘overrideForSafeSearch’).

​​ SrcIP

Type: string

The source IP address making the DNS query (for example, ‘104.16.132.229’).

​​ SrcPort

Type: int

The port used by the client when they sent the DNS request (for example, 0).

​​ TimeZone

Type: string

Time zone used to calculate the current time, if a matched rule was scheduled with it.

​​ TimeZoneInferredMethod

Type: string

Method used to pick the time zone for the schedule (from rule/ from user ip/ from local time).

​​ UserID

Type: string

User identity where the HTTP request originated from (for example, ‘00000000-0000-0000-0000-000000000000’).