DNS Firewall

dns_firewall

Methods

Create DNS Firewall Cluster -> Envelope<{ id, deprecate_any_requests, dns_firewall_ips, 10 more... }>
post/accounts/{account_id}/dns_firewall

Create a DNS Firewall cluster

Security
API Email + API Key

The previous authorization scheme for interacting with the Cloudflare API, used in conjunction with a Global API key.

Example: X-Auth-Email: user@example.com

The previous authorization scheme for interacting with the Cloudflare API. When possible, use API tokens instead of Global API keys.

Example: X-Auth-Key: 144c9defac04969c7bfad8efaa8ea194

Accepted Permissions (at least one required)

DNS Firewall Write

path Parameters
account_id: string
(maxLength: 32)

Identifier.

Body parameters
name: string
(maxLength: 160, minLength: 1)

DNS Firewall cluster name

upstream_ips: Array<>
(minLength: 1)
attack_mitigation:
Optional

Attack mitigation settings

deprecate_any_requests: boolean
Optional

Whether to refuse to answer queries for the ANY type

ecs_fallback: boolean
Optional

Whether to forward client IP (resolver) subnet if no EDNS Client Subnet is sent

maximum_cache_ttl: number
Optional
(maximum: 36000, minimum: 30, default: 900)

Maximum DNS cache TTL This setting sets an upper bound on DNS TTLs for purposes of caching between DNS Firewall and the upstream servers. Higher TTLs will be decreased to the maximum defined here for caching purposes.

minimum_cache_ttl: number
Optional
(maximum: 36000, minimum: 30, default: 60)

Minimum DNS cache TTL This setting sets a lower bound on DNS TTLs for purposes of caching between DNS Firewall and the upstream servers. Lower TTLs will be increased to the minimum defined here for caching purposes.

negative_cache_ttl: number
Optional
(maximum: 36000, minimum: 30)

Negative DNS cache TTL This setting controls how long DNS Firewall should cache negative responses (e.g., NXDOMAIN) from the upstream servers.

ratelimit: number
Optional
(maximum: 1000000000, minimum: 100)

Ratelimit in queries per second per datacenter (applies to DNS queries sent to the upstream nameservers configured on the cluster)

retries: number
Optional
(maximum: 2, minimum: 0, default: 2)

Number of retries for fetching DNS responses from upstream nameservers (not counting the initial attempt)

Response fields
errors: Array<{ code, message, documentation_url, 1 more... }>
messages: Array<{ code, message, documentation_url, 1 more... }>
success: true

Whether the API call was successful.

result: { id, deprecate_any_requests, dns_firewall_ips, 10 more... }
Optional
Request example
200Example
Delete DNS Firewall Cluster -> Envelope<{ id }>
delete/accounts/{account_id}/dns_firewall/{dns_firewall_id}

Delete a DNS Firewall cluster

Update DNS Firewall Cluster -> Envelope<{ id, deprecate_any_requests, dns_firewall_ips, 10 more... }>
patch/accounts/{account_id}/dns_firewall/{dns_firewall_id}

Modify the configuration of a DNS Firewall cluster

DNS Firewall Cluster Details -> Envelope<{ id, deprecate_any_requests, dns_firewall_ips, 10 more... }>
get/accounts/{account_id}/dns_firewall/{dns_firewall_id}

Show a single DNS Firewall cluster for an account

List DNS Firewall Clusters -> V4PagePaginationArray<{ id, deprecate_any_requests, dns_firewall_ips, 10 more... }>
get/accounts/{account_id}/dns_firewall

List DNS Firewall clusters for an account

Domain types

AttackMitigation = { enabled, only_when_upstream_unhealthy }

Attack mitigation settings

FirewallIPs = string

Cloudflare-assigned DNS IPv4 address

UpstreamIPs = string

Upstream DNS Server IPv4 address

DNS Firewall

Analytics

dns_firewall.analytics

dns_firewall.analytics.reports

Methods

Table -> Envelope<>
get/accounts/{account_id}/dns_firewall/{dns_firewall_id}/dns_analytics/report

Retrieves a list of summarised aggregate metrics over a given time period.

See Analytics API properties for detailed information about the available query parameters.

dns_firewall.analytics.reports.bytimes

Methods

By Time -> Envelope<>
get/accounts/{account_id}/dns_firewall/{dns_firewall_id}/dns_analytics/report/bytime

Retrieves a list of aggregate metrics grouped by time interval.

See Analytics API properties for detailed information about the available query parameters.

DNS Firewall

Reverse DNS

dns_firewall.reverse_dns

Methods

Update DNS Firewall Cluster Reverse DNS -> Envelope<{ ptr }>
patch/accounts/{account_id}/dns_firewall/{dns_firewall_id}/reverse_dns

Update reverse DNS configuration (PTR records) for a DNS Firewall cluster

Show DNS Firewall Cluster Reverse DNS -> Envelope<{ ptr }>
get/accounts/{account_id}/dns_firewall/{dns_firewall_id}/reverse_dns

Show reverse DNS configuration (PTR records) for a DNS Firewall cluster