Amount of Cloudflare gateway rules affects DNS resolve time

[disposablethought]

I was wondering why I get 443ms DNS probes from the gateway vs 6.6ms from 1.1.1.1.

I disabled the firewall rules on the Cloudflare gateway and the dnsperf seems to drop down to 17ms.

Looks like the amount of rules plays a factor in DNS resolution on the Cloudflare gateway.

[mrrfv]

Thank you for your research, and apologies for the delay. I've done some experimentation and managed to cut down the resolve time to about 100ms (or even lower for you, as my internet isn't as good and I have more firewall rules than just CGPS) using the small OISD list which needs to create only 48 rules. I'll make this the default after some testing as 400ms of latency is unacceptable for DNS.