Hello!

I need help. I would like to configure Zero Trust so that selected DNS records are only visible to selected hosts.

For example. I have the following DNS addresses:
A: intranet.n1.example.com --> 1.0.0.42
A: intranet.epsilon.example.com --> 1.0.0.62
A: intranet.gamma.example.com --> 1.0.0.69

I would like these DNS to only be visible to devices with the selected IP address.

For example:
✅ My machine is trying to connect to the database at intranet.n1.example.com
❌ A person outside the whitelist tries to view the IP of the intranet.n1.example.com record

Of course, I have a firewall configured, but I don't want the internal addresses to be visible to the public. I would like to ask for help. Is it possible? Can I do this without tunneling? I'm a student, I don't have much knowledge.

Thank you in advance for any help! 🎉

The closest thing would be a DNS Policy set to Override
https://developers.cloudflare.com/cloudflare-one/policies/gateway/dns-policies/#override
Would require all your devices to use Gateway/CF DNS, wouldn't have anything to do with the authoritive side of DNS at all

I think most people would just either not care about it pointing towards internal addresses or use a seperate internal dns though