## Create DNS Firewall Cluster `client.DNSFirewall.New(ctx, params) (*DNSFirewallNewResponse, error)` **post** `/accounts/{account_id}/dns_firewall` Create a DNS Firewall cluster ### Parameters - `params DNSFirewallNewParams` - `AccountID param.Field[string]` Path param: Identifier. - `Name param.Field[string]` Body param: DNS Firewall cluster name - `UpstreamIPs param.Field[[]UpstreamIPs]` Body param - `AttackMitigation param.Field[AttackMitigation]` Body param: Attack mitigation settings - `DeprecateAnyRequests param.Field[bool]` Body param: Whether to refuse to answer queries for the ANY type - `ECSFallback param.Field[bool]` Body param: Whether to forward client IP (resolver) subnet if no EDNS Client Subnet is sent - `MaximumCacheTTL param.Field[float64]` Body param: By default, Cloudflare attempts to cache responses for as long as indicated by the TTL received from upstream nameservers. This setting sets an upper bound on this duration. For caching purposes, higher TTLs will be decreased to the maximum value defined by this setting. This setting does not affect the TTL value in the DNS response Cloudflare returns to clients. Cloudflare will always forward the TTL value received from upstream nameservers. - `MinimumCacheTTL param.Field[float64]` Body param: By default, Cloudflare attempts to cache responses for as long as indicated by the TTL received from upstream nameservers. This setting sets a lower bound on this duration. For caching purposes, lower TTLs will be increased to the minimum value defined by this setting. This setting does not affect the TTL value in the DNS response Cloudflare returns to clients. Cloudflare will always forward the TTL value received from upstream nameservers. Note that, even with this setting, there is no guarantee that a response will be cached for at least the specified duration. Cached responses may be removed earlier for capacity or other operational reasons. - `NegativeCacheTTL param.Field[float64]` Body param: This setting controls how long DNS Firewall should cache negative responses (e.g., NXDOMAIN) from the upstream servers. This setting does not affect the TTL value in the DNS response Cloudflare returns to clients. Cloudflare will always forward the TTL value received from upstream nameservers. - `Ratelimit param.Field[float64]` Body param: Ratelimit in queries per second per datacenter (applies to DNS queries sent to the upstream nameservers configured on the cluster) - `Retries param.Field[float64]` Body param: Number of retries for fetching DNS responses from upstream nameservers (not counting the initial attempt) ### Returns - `type DNSFirewallNewResponse struct{…}` - `ID string` Identifier. - `DeprecateAnyRequests bool` Whether to refuse to answer queries for the ANY type - `DNSFirewallIPs []FirewallIPs` - `ECSFallback bool` Whether to forward client IP (resolver) subnet if no EDNS Client Subnet is sent - `MaximumCacheTTL float64` By default, Cloudflare attempts to cache responses for as long as indicated by the TTL received from upstream nameservers. This setting sets an upper bound on this duration. For caching purposes, higher TTLs will be decreased to the maximum value defined by this setting. This setting does not affect the TTL value in the DNS response Cloudflare returns to clients. Cloudflare will always forward the TTL value received from upstream nameservers. - `MinimumCacheTTL float64` By default, Cloudflare attempts to cache responses for as long as indicated by the TTL received from upstream nameservers. This setting sets a lower bound on this duration. For caching purposes, lower TTLs will be increased to the minimum value defined by this setting. This setting does not affect the TTL value in the DNS response Cloudflare returns to clients. Cloudflare will always forward the TTL value received from upstream nameservers. Note that, even with this setting, there is no guarantee that a response will be cached for at least the specified duration. Cached responses may be removed earlier for capacity or other operational reasons. - `ModifiedOn Time` Last modification of DNS Firewall cluster - `Name string` DNS Firewall cluster name - `NegativeCacheTTL float64` This setting controls how long DNS Firewall should cache negative responses (e.g., NXDOMAIN) from the upstream servers. This setting does not affect the TTL value in the DNS response Cloudflare returns to clients. Cloudflare will always forward the TTL value received from upstream nameservers. - `Ratelimit float64` Ratelimit in queries per second per datacenter (applies to DNS queries sent to the upstream nameservers configured on the cluster) - `Retries float64` Number of retries for fetching DNS responses from upstream nameservers (not counting the initial attempt) - `UpstreamIPs []UpstreamIPs` - `AttackMitigation AttackMitigation` Attack mitigation settings - `Enabled bool` When enabled, automatically mitigate random-prefix attacks to protect upstream DNS servers - `OnlyWhenUpstreamUnhealthy bool` Only mitigate attacks when upstream servers seem unhealthy ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/dns_firewall" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) dnsFirewall, err := client.DNSFirewall.New(context.TODO(), dns_firewall.DNSFirewallNewParams{ AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), Name: cloudflare.F("My Awesome DNS Firewall cluster"), UpstreamIPs: cloudflare.F([]dns_firewall.UpstreamIPsParam{"192.0.2.1", "198.51.100.1", "2001:DB8:100::CF"}), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", dnsFirewall.ID) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "success": true, "result": { "id": "023e105f4ecef8ad9ca31a8372d0c353", "deprecate_any_requests": true, "dns_firewall_ips": [ "203.0.113.1", "203.0.113.254", "2001:DB8:AB::CF", "2001:DB8:CD::CF" ], "ecs_fallback": false, "maximum_cache_ttl": 900, "minimum_cache_ttl": 60, "modified_on": "2014-01-01T05:20:00.12345Z", "name": "My Awesome DNS Firewall cluster", "negative_cache_ttl": 900, "ratelimit": 600, "retries": 2, "upstream_ips": [ "192.0.2.1", "198.51.100.1", "2001:DB8:100::CF" ], "attack_mitigation": { "enabled": true, "only_when_upstream_unhealthy": false } } } ```