PATTERN Cited by 1 source

Private origin DNS toggle

Enable private-origin routing by setting a boolean flag on a standard proxied DNS record, rather than requiring separate network infrastructure, load balancer pools, or connector deployments.

Shape

1. Customer creates a standard A/AAAA DNS record pointing to a private IP.
2. Customer sets use_private_routing: true (or the equivalent dashboard toggle).
3. The proxy detects the flag and routes the final hop through the customer's existing private connectivity (IPsec/GRE/CNI/Tunnel/Mesh) instead of attempting a public Internet connection.
4. For recognized private IP ranges (RFC 1918/6598/4193), the flag is auto-enabled.

Why it works

The pattern collapses what was previously a multi-step infrastructure change (provision connector, open firewall, configure load balancer pool) into a single-attribute declarative configuration change on an existing DNS record. The proxy already terminates the public connection; the only thing that changes is the destination of the outbound hop.

Seen in

• sources/2026-06-10-cloudflare-route-public-traffic-to-private-applications — Cloudflare's use_private_routing flag on DNS records, auto-enabled for private IP ranges.

(Source: sources/2026-06-10-cloudflare-route-public-traffic-to-private-applications)