Cloudflare has introduced a new feature that allows routing traffic to Cloudflare Tunnel based on hostnames or domains, eliminating the dependence on ever-changing IP addresses and simplifying the process of implementing zero-trust security policies. This development aligns with the shift encouraged by the National Institute of Standards and Technology (NIST) towards a Zero Trust model, which involves granting access to specific resources rather than broad network permissions, thereby enhancing security by minimizing potential attack surfaces. The feature enables organizations to create precise, per-resource authorization policies without needing to manage complex and brittle IP lists. It also addresses the challenges of modern cloud environments where IP addresses are often unstable due to factors like dynamic load balancing and ephemeral infrastructure. By using hostname routing, Cloudflare facilitates secure connections to both private and third-party services, helping users enforce user-based zero-trust policies effectively. The functionality is built on a "synthetic IP" mechanism that tags traffic based on DNS queries, allowing decisions to be made at the network layer before seeing application-level data. This new capability is integrated into Cloudflare Tunnel and is available for all Cloudflare One customers, representing a significant step in making zero-trust architecture more intuitive and accessible.