## Update DNS Firewall Cluster

`client.dnsFirewall.edit(stringdnsFirewallId, DNSFirewallEditParamsparams, RequestOptionsoptions?): DNSFirewallEditResponse`

**patch** `/accounts/{account_id}/dns_firewall/{dns_firewall_id}`

Modify the configuration of a DNS Firewall cluster

### Parameters

- `dnsFirewallId: string`

  Identifier.

- `params: DNSFirewallEditParams`

  - `account_id: string`

    Path param: Identifier.

  - `attack_mitigation?: AttackMitigation | null`

    Body param: Attack mitigation settings

    - `enabled?: boolean`

      When enabled, automatically mitigate random-prefix attacks to protect upstream DNS servers

    - `only_when_upstream_unhealthy?: boolean`

      Only mitigate attacks when upstream servers seem unhealthy

  - `deprecate_any_requests?: boolean`

    Body param: Whether to refuse to answer queries for the ANY type

  - `ecs_fallback?: boolean`

    Body param: Whether to forward client IP (resolver) subnet if no EDNS Client Subnet is sent

  - `maximum_cache_ttl?: number`

    Body param: By default, Cloudflare attempts to cache responses for as long as
    indicated by the TTL received from upstream nameservers. This setting
    sets an upper bound on this duration. For caching purposes, higher TTLs
    will be decreased to the maximum value defined by this setting.

    This setting does not affect the TTL value in the DNS response
    Cloudflare returns to clients. Cloudflare will always forward the TTL
    value received from upstream nameservers.

  - `minimum_cache_ttl?: number`

    Body param: By default, Cloudflare attempts to cache responses for as long as
    indicated by the TTL received from upstream nameservers. This setting
    sets a lower bound on this duration. For caching purposes, lower TTLs
    will be increased to the minimum value defined by this setting.

    This setting does not affect the TTL value in the DNS response
    Cloudflare returns to clients. Cloudflare will always forward the TTL
    value received from upstream nameservers.

    Note that, even with this setting, there is no guarantee that a
    response will be cached for at least the specified duration. Cached
    responses may be removed earlier for capacity or other operational
    reasons.

  - `name?: string`

    Body param: DNS Firewall cluster name

  - `negative_cache_ttl?: number | null`

    Body param: This setting controls how long DNS Firewall should cache negative
    responses (e.g., NXDOMAIN) from the upstream servers.

    This setting does not affect the TTL value in the DNS response
    Cloudflare returns to clients. Cloudflare will always forward the TTL
    value received from upstream nameservers.

  - `ratelimit?: number | null`

    Body param: Ratelimit in queries per second per datacenter (applies to DNS queries sent to the upstream nameservers configured on the cluster)

  - `retries?: number`

    Body param: Number of retries for fetching DNS responses from upstream nameservers (not counting the initial attempt)

  - `upstream_ips?: Array<UpstreamIPs>`

    Body param

### Returns

- `DNSFirewallEditResponse`

  - `id: string`

    Identifier.

  - `deprecate_any_requests: boolean`

    Whether to refuse to answer queries for the ANY type

  - `dns_firewall_ips: Array<FirewallIPs>`

  - `ecs_fallback: boolean`

    Whether to forward client IP (resolver) subnet if no EDNS Client Subnet is sent

  - `maximum_cache_ttl: number`

    By default, Cloudflare attempts to cache responses for as long as
    indicated by the TTL received from upstream nameservers. This setting
    sets an upper bound on this duration. For caching purposes, higher TTLs
    will be decreased to the maximum value defined by this setting.

    This setting does not affect the TTL value in the DNS response
    Cloudflare returns to clients. Cloudflare will always forward the TTL
    value received from upstream nameservers.

  - `minimum_cache_ttl: number`

    By default, Cloudflare attempts to cache responses for as long as
    indicated by the TTL received from upstream nameservers. This setting
    sets a lower bound on this duration. For caching purposes, lower TTLs
    will be increased to the minimum value defined by this setting.

    This setting does not affect the TTL value in the DNS response
    Cloudflare returns to clients. Cloudflare will always forward the TTL
    value received from upstream nameservers.

    Note that, even with this setting, there is no guarantee that a
    response will be cached for at least the specified duration. Cached
    responses may be removed earlier for capacity or other operational
    reasons.

  - `modified_on: string`

    Last modification of DNS Firewall cluster

  - `name: string`

    DNS Firewall cluster name

  - `negative_cache_ttl: number | null`

    This setting controls how long DNS Firewall should cache negative
    responses (e.g., NXDOMAIN) from the upstream servers.

    This setting does not affect the TTL value in the DNS response
    Cloudflare returns to clients. Cloudflare will always forward the TTL
    value received from upstream nameservers.

  - `ratelimit: number | null`

    Ratelimit in queries per second per datacenter (applies to DNS queries sent to the upstream nameservers configured on the cluster)

  - `retries: number`

    Number of retries for fetching DNS responses from upstream nameservers (not counting the initial attempt)

  - `upstream_ips: Array<UpstreamIPs>`

  - `attack_mitigation?: AttackMitigation | null`

    Attack mitigation settings

    - `enabled?: boolean`

      When enabled, automatically mitigate random-prefix attacks to protect upstream DNS servers

    - `only_when_upstream_unhealthy?: boolean`

      Only mitigate attacks when upstream servers seem unhealthy

### Example

```node
import Cloudflare from 'cloudflare';

const client = new Cloudflare({
  apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted
});

const response = await client.dnsFirewall.edit('023e105f4ecef8ad9ca31a8372d0c353', {
  account_id: '023e105f4ecef8ad9ca31a8372d0c353',
});

console.log(response.id);
```

#### Response

```json
{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "success": true,
  "result": {
    "id": "023e105f4ecef8ad9ca31a8372d0c353",
    "deprecate_any_requests": true,
    "dns_firewall_ips": [
      "203.0.113.1",
      "203.0.113.254",
      "2001:DB8:AB::CF",
      "2001:DB8:CD::CF"
    ],
    "ecs_fallback": false,
    "maximum_cache_ttl": 900,
    "minimum_cache_ttl": 60,
    "modified_on": "2014-01-01T05:20:00.12345Z",
    "name": "My Awesome DNS Firewall cluster",
    "negative_cache_ttl": 900,
    "ratelimit": 600,
    "retries": 2,
    "upstream_ips": [
      "192.0.2.1",
      "198.51.100.1",
      "2001:DB8:100::CF"
    ],
    "attack_mitigation": {
      "enabled": true,
      "only_when_upstream_unhealthy": false
    }
  }
}
```