DNS | Cloudflare API

DNSDNSSEC

resource cloudflare_zone_dnssec

required Expand Collapse

zone_id: String

Identifier.

optional Expand Collapse

dnssec_multi_signer?: Bool

If true, multi-signer DNSSEC is enabled on the zone, allowing multiple providers to serve a DNSSEC-signed zone at the same time. This is required for DNSKEY records (except those automatically generated by Cloudflare) to be added to the zone.

See Multi-signer DNSSEC for details.

dnssec_presigned?: Bool

If true, allows Cloudflare to transfer in a DNSSEC-signed zone including signatures from an external provider, without requiring Cloudflare to sign any records on the fly.

Note that this feature has some limitations. See Cloudflare as Secondary for details.

dnssec_use_nsec3?: Bool

If true, enables the use of NSEC3 together with DNSSEC on the zone. Combined with setting dnssec_presigned to true, this enables the use of NSEC3 records when transferring in from an external provider. If dnssec_presigned is instead set to false (default), NSEC3 records will be generated and signed at request time.

See DNSSEC with NSEC3 for details.

status?: String

Status of DNSSEC, based on user-desired state and presence of necessary records.

computed Expand Collapse

id: String

Identifier.

algorithm: String

Algorithm key code.

digest: String

Digest hash.

digest_algorithm: String

Type of digest algorithm.

digest_type: String

Coded type for digest algorithm.

ds: String

Full DS record.

flags: Float64

Flag for DNSSEC record.

key_tag: Float64

Code for key tag.

key_type: String

Algorithm key type.

modified_on: Time

When DNSSEC was last modified.

public_key: String

Public key for DS record.

cloudflare_zone_dnssec

resource "cloudflare_zone_dnssec" "example_zone_dnssec" {
  zone_id = "023e105f4ecef8ad9ca31a8372d0c353"
  dnssec_multi_signer = false
  dnssec_presigned = true
  dnssec_use_nsec3 = false
  status = "active"
}

data cloudflare_zone_dnssec

required Expand Collapse

zone_id: String

Identifier.

computed Expand Collapse

id: String

Identifier.

algorithm: String

Algorithm key code.

digest: String

Digest hash.

digest_algorithm: String

Type of digest algorithm.

digest_type: String

Coded type for digest algorithm.

dnssec_multi_signer: Bool

If true, multi-signer DNSSEC is enabled on the zone, allowing multiple providers to serve a DNSSEC-signed zone at the same time. This is required for DNSKEY records (except those automatically generated by Cloudflare) to be added to the zone.

See Multi-signer DNSSEC for details.

dnssec_presigned: Bool

If true, allows Cloudflare to transfer in a DNSSEC-signed zone including signatures from an external provider, without requiring Cloudflare to sign any records on the fly.

Note that this feature has some limitations. See Cloudflare as Secondary for details.

dnssec_use_nsec3: Bool

If true, enables the use of NSEC3 together with DNSSEC on the zone. Combined with setting dnssec_presigned to true, this enables the use of NSEC3 records when transferring in from an external provider. If dnssec_presigned is instead set to false (default), NSEC3 records will be generated and signed at request time.

See DNSSEC with NSEC3 for details.

ds: String

Full DS record.

flags: Float64

Flag for DNSSEC record.

key_tag: Float64

Code for key tag.

key_type: String

Algorithm key type.

modified_on: Time

When DNSSEC was last modified.

public_key: String

Public key for DS record.

status: String

Status of DNSSEC, based on user-desired state and presence of necessary records.

cloudflare_zone_dnssec

data "cloudflare_zone_dnssec" "example_zone_dnssec" {
  zone_id = "023e105f4ecef8ad9ca31a8372d0c353"
}

DNSRecords

resource cloudflare_dns_record

required Expand Collapse

zone_id: String

Identifier.

Complete DNS record name, including the zone name, in Punycode.

type: String

Record type.

optional Expand Collapse

comment?: String

Comments or notes about the DNS record. This field has no effect on DNS responses.

content?: String

A valid IPv4 address.

priority?: Float64

Required for MX and URI records; ignored for other record types (but may still be returned by the API). Records with lower priorities are preferred. This field is to be deprecated in favor of the priority field within the data map.

data?: Attributes

Components of a CAA record.

flags?: Dynamic Float64 | String

Flags for the CAA record.

tag?: String

Name of the property controlled by this record (e.g.: issue, issuewild, iodef).

value?: String

Value of the record. This field's semantics depend on the chosen tag.

algorithm?: Float64

Algorithm.

certificate?: String

Certificate.

key_tag?: Float64

Key Tag.

type?: Float64

Type.

protocol?: Float64

Protocol.

public_key?: String

Public Key.

digest?: String

Digest.

digest_type?: Float64

Digest Type.

priority?: Float64

Priority.

target?: String

Target.

altitude?: Float64

Altitude of location in meters.

lat_degrees?: Float64

Degrees of latitude.

lat_direction?: String

Latitude direction.

lat_minutes?: Float64

Minutes of latitude.

lat_seconds?: Float64

Seconds of latitude.

long_degrees?: Float64

Degrees of longitude.

long_direction?: String

Longitude direction.

long_minutes?: Float64

Minutes of longitude.

long_seconds?: Float64

Seconds of longitude.

precision_horz?: Float64

Horizontal precision of location.

precision_vert?: Float64

Vertical precision of location.

size?: Float64

Size of location in meters.

order?: Float64

Order.

preference?: Float64

Preference.

regex?: String

Regex.

replacement?: String

Replacement.

service?: String

Service.

matching_type?: Float64

Matching Type.

selector?: Float64

Selector.

usage?: Float64

Usage.

port?: Float64

The port of the service.

weight?: Float64

The record weight.

fingerprint?: String

Fingerprint.

private_routing?: Bool

Enables private network routing to the origin.

proxied?: Bool

Whether the record is receiving the performance and security benefits of Cloudflare.

ttl?: Float64

Time To Live (TTL) of the DNS record in seconds. Setting to 1 means 'automatic'. Value must be between 60 and 86400, with the minimum reduced to 30 for Enterprise zones.

tags?: Set[String]

Custom tags for the DNS record. This field has no effect on DNS responses.

settings?: Attributes

Settings for the DNS record.

ipv4_only?: Bool

When enabled, only A records will be generated, and AAAA records will not be created. This setting is intended for exceptional cases. Note that this option only applies to proxied records and it has no effect on whether Cloudflare communicates with the origin using IPv4 or IPv6.

ipv6_only?: Bool

When enabled, only AAAA records will be generated, and A records will not be created. This setting is intended for exceptional cases. Note that this option only applies to proxied records and it has no effect on whether Cloudflare communicates with the origin using IPv4 or IPv6.

flatten_cname?: Bool

If enabled, causes the CNAME record to be resolved externally and the resulting address records (e.g., A and AAAA) to be returned instead of the CNAME record itself. This setting is unavailable for proxied records, since they are always flattened.

computed Expand Collapse

id: String

Identifier.

comment_modified_on: Time

When the record comment was last modified. Omitted if there is no comment.

created_on: Time

When the record was created.

modified_on: Time

When the record was last modified.

proxiable: Bool

Whether the record can be proxied by Cloudflare or not.

tags_modified_on: Time

When the record tags were last modified. Omitted if there are no tags.

meta: JSON

Extra Cloudflare-specific information about the record.

cloudflare_dns_record

resource "cloudflare_dns_record" "example_dns_record" {
  zone_id = "023e105f4ecef8ad9ca31a8372d0c353"
  name = "example.com"
  ttl = 3600
  type = "A"
  comment = "Domain verification record"
  content = "198.51.100.4"
  private_routing = true
  proxied = true
  settings = {
    ipv4_only = true
    ipv6_only = true
  }
  tags = ["owner:dns-team"]
}

data cloudflare_dns_record

required Expand Collapse

zone_id: String

Identifier.

optional Expand Collapse

dns_record_id?: String

Identifier.

filter?: Attributes

comment?: Attributes

absent?: String

If this parameter is present, only records without a comment are returned.

contains?: String

Substring of the DNS record comment. Comment filters are case-insensitive.

endswith?: String

Suffix of the DNS record comment. Comment filters are case-insensitive.

exact?: String

Exact value of the DNS record comment. Comment filters are case-insensitive.

present?: String

If this parameter is present, only records with a comment are returned.

startswith?: String

Prefix of the DNS record comment. Comment filters are case-insensitive.

content?: Attributes

contains?: String

Substring of the DNS record content. Content filters are case-insensitive.

endswith?: String

Suffix of the DNS record content. Content filters are case-insensitive.

exact?: String

Exact value of the DNS record content. Content filters are case-insensitive.

startswith?: String

Prefix of the DNS record content. Content filters are case-insensitive.

direction?: String

Direction to order DNS records in.

match?: String

Whether to match all search requirements or at least one (any). If set to all, acts like a logical AND between filters. If set to any, acts like a logical OR instead. Note that the interaction between tag filters is controlled by the tag-match parameter instead.

name?: Attributes

contains?: String

Substring of the DNS record name. Name filters are case-insensitive.

endswith?: String

Suffix of the DNS record name. Name filters are case-insensitive.

exact?: String

Exact value of the DNS record name. Name filters are case-insensitive.

startswith?: String

Prefix of the DNS record name. Name filters are case-insensitive.

order?: String

Field to order DNS records by.

proxied?: Bool

Whether the record is receiving the performance and security benefits of Cloudflare.

search?: String

Allows searching in multiple properties of a DNS record simultaneously. This parameter is intended for human users, not automation. Its exact behavior is intentionally left unspecified and is subject to change in the future. This parameter works independently of the match setting. For automated searches, please use the other available parameters.

tag?: Attributes

absent?: String

Name of a tag which must not be present on the DNS record. Tag filters are case-insensitive.

contains?: String

A tag and value, of the form <tag-name>:<tag-value>. The API will only return DNS records that have a tag named <tag-name> whose value contains <tag-value>. Tag filters are case-insensitive.

endswith?: String

A tag and value, of the form <tag-name>:<tag-value>. The API will only return DNS records that have a tag named <tag-name> whose value ends with <tag-value>. Tag filters are case-insensitive.

exact?: String

A tag and value, of the form <tag-name>:<tag-value>. The API will only return DNS records that have a tag named <tag-name> whose value is <tag-value>. Tag filters are case-insensitive.

present?: String

Name of a tag which must be present on the DNS record. Tag filters are case-insensitive.

startswith?: String

A tag and value, of the form <tag-name>:<tag-value>. The API will only return DNS records that have a tag named <tag-name> whose value starts with <tag-value>. Tag filters are case-insensitive.

tag_match?: String

Whether to match all tag search requirements or at least one (any). If set to all, acts like a logical AND between tag filters. If set to any, acts like a logical OR instead. Note that the regular match parameter is still used to combine the resulting condition with other filters that aren't related to tags.

type?: String

Record type.

computed Expand Collapse

id: String

Identifier.

comment: String

Comments or notes about the DNS record. This field has no effect on DNS responses.

comment_modified_on: Time

When the record comment was last modified. Omitted if there is no comment.

content: String

A valid IPv4 address.

created_on: Time

When the record was created.

modified_on: Time

When the record was last modified.

Complete DNS record name, including the zone name, in Punycode.

priority: Float64

Required for MX and URI records; ignored for other record types (but may still be returned by the API). Records with lower priorities are preferred. This field is to be deprecated in favor of the priority field within the data map.

private_routing: Bool

Enables private network routing to the origin.

proxiable: Bool

Whether the record can be proxied by Cloudflare or not.

proxied: Bool

Whether the record is receiving the performance and security benefits of Cloudflare.

tags_modified_on: Time

When the record tags were last modified. Omitted if there are no tags.

ttl: Float64

Time To Live (TTL) of the DNS record in seconds. Setting to 1 means 'automatic'. Value must be between 60 and 86400, with the minimum reduced to 30 for Enterprise zones.

type: String

Record type.

tags: Set[String]

Custom tags for the DNS record. This field has no effect on DNS responses.

data: Attributes

Components of a CAA record.

flags: Dynamic Float64 | String

Flags for the CAA record.

tag: String

Name of the property controlled by this record (e.g.: issue, issuewild, iodef).

value: String

Value of the record. This field's semantics depend on the chosen tag.

algorithm: Float64

Algorithm.

certificate: String

Certificate.

key_tag: Float64

Key Tag.

type: Float64

Type.

protocol: Float64

Protocol.

public_key: String

Public Key.

digest: String

Digest.

digest_type: Float64

Digest Type.

priority: Float64

Priority.

target: String

Target.

altitude: Float64

Altitude of location in meters.

lat_degrees: Float64

Degrees of latitude.

lat_direction: String

Latitude direction.

lat_minutes: Float64

Minutes of latitude.

lat_seconds: Float64

Seconds of latitude.

long_degrees: Float64

Degrees of longitude.

long_direction: String

Longitude direction.

long_minutes: Float64

Minutes of longitude.

long_seconds: Float64

Seconds of longitude.

precision_horz: Float64

Horizontal precision of location.

precision_vert: Float64

Vertical precision of location.

size: Float64

Size of location in meters.

order: Float64

Order.

preference: Float64

Preference.

regex: String

Regex.

replacement: String

Replacement.

service: String

Service.

matching_type: Float64

Matching Type.

selector: Float64

Selector.

usage: Float64

Usage.

port: Float64

The port of the service.

weight: Float64

The record weight.

fingerprint: String

Fingerprint.

settings: Attributes

Settings for the DNS record.

ipv4_only: Bool

When enabled, only A records will be generated, and AAAA records will not be created. This setting is intended for exceptional cases. Note that this option only applies to proxied records and it has no effect on whether Cloudflare communicates with the origin using IPv4 or IPv6.

ipv6_only: Bool

When enabled, only AAAA records will be generated, and A records will not be created. This setting is intended for exceptional cases. Note that this option only applies to proxied records and it has no effect on whether Cloudflare communicates with the origin using IPv4 or IPv6.

flatten_cname: Bool

If enabled, causes the CNAME record to be resolved externally and the resulting address records (e.g., A and AAAA) to be returned instead of the CNAME record itself. This setting is unavailable for proxied records, since they are always flattened.

meta: JSON

Extra Cloudflare-specific information about the record.

cloudflare_dns_record

data "cloudflare_dns_record" "example_dns_record" {
  zone_id = "023e105f4ecef8ad9ca31a8372d0c353"
  dns_record_id = "023e105f4ecef8ad9ca31a8372d0c353"
}

data cloudflare_dns_records

required Expand Collapse

zone_id: String

Identifier.

optional Expand Collapse

search?: String

Allows searching in multiple properties of a DNS record simultaneously. This parameter is intended for human users, not automation. Its exact behavior is intentionally left unspecified and is subject to change in the future. This parameter works independently of the match setting. For automated searches, please use the other available parameters.

type?: String

Record type.

comment?: Attributes

absent?: String

If this parameter is present, only records without a comment are returned.

contains?: String

Substring of the DNS record comment. Comment filters are case-insensitive.

endswith?: String

Suffix of the DNS record comment. Comment filters are case-insensitive.

exact?: String

Exact value of the DNS record comment. Comment filters are case-insensitive.

present?: String

If this parameter is present, only records with a comment are returned.

startswith?: String

Prefix of the DNS record comment. Comment filters are case-insensitive.

content?: Attributes

contains?: String

Substring of the DNS record content. Content filters are case-insensitive.

endswith?: String

Suffix of the DNS record content. Content filters are case-insensitive.

exact?: String

Exact value of the DNS record content. Content filters are case-insensitive.

startswith?: String

Prefix of the DNS record content. Content filters are case-insensitive.

name?: Attributes

contains?: String

Substring of the DNS record name. Name filters are case-insensitive.

endswith?: String

Suffix of the DNS record name. Name filters are case-insensitive.

exact?: String

Exact value of the DNS record name. Name filters are case-insensitive.

startswith?: String

Prefix of the DNS record name. Name filters are case-insensitive.

tag?: Attributes

absent?: String

Name of a tag which must not be present on the DNS record. Tag filters are case-insensitive.

contains?: String

A tag and value, of the form <tag-name>:<tag-value>. The API will only return DNS records that have a tag named <tag-name> whose value contains <tag-value>. Tag filters are case-insensitive.

endswith?: String

A tag and value, of the form <tag-name>:<tag-value>. The API will only return DNS records that have a tag named <tag-name> whose value ends with <tag-value>. Tag filters are case-insensitive.

exact?: String

A tag and value, of the form <tag-name>:<tag-value>. The API will only return DNS records that have a tag named <tag-name> whose value is <tag-value>. Tag filters are case-insensitive.

present?: String

Name of a tag which must be present on the DNS record. Tag filters are case-insensitive.

startswith?: String

A tag and value, of the form <tag-name>:<tag-value>. The API will only return DNS records that have a tag named <tag-name> whose value starts with <tag-value>. Tag filters are case-insensitive.

direction?: String

Direction to order DNS records in.

match?: String

Whether to match all search requirements or at least one (any). If set to all, acts like a logical AND between filters. If set to any, acts like a logical OR instead. Note that the interaction between tag filters is controlled by the tag-match parameter instead.

order?: String

Field to order DNS records by.

proxied?: Bool

Whether the record is receiving the performance and security benefits of Cloudflare.

tag_match?: String

Whether to match all tag search requirements or at least one (any). If set to all, acts like a logical AND between tag filters. If set to any, acts like a logical OR instead. Note that the regular match parameter is still used to combine the resulting condition with other filters that aren't related to tags.

max_items?: Int64

Max items to fetch, default: 1000

computed Expand Collapse

result: List[Attributes]

The items returned by the data source

Complete DNS record name, including the zone name, in Punycode.

ttl: Float64

Time To Live (TTL) of the DNS record in seconds. Setting to 1 means 'automatic'. Value must be between 60 and 86400, with the minimum reduced to 30 for Enterprise zones.

type: String

Record type.

comment: String

Comments or notes about the DNS record. This field has no effect on DNS responses.

content: String

A valid IPv4 address.

private_routing: Bool

Enables private network routing to the origin.

proxied: Bool

Whether the record is receiving the performance and security benefits of Cloudflare.

settings: Attributes

Settings for the DNS record.

ipv4_only: Bool

When enabled, only A records will be generated, and AAAA records will not be created. This setting is intended for exceptional cases. Note that this option only applies to proxied records and it has no effect on whether Cloudflare communicates with the origin using IPv4 or IPv6.

ipv6_only: Bool

When enabled, only AAAA records will be generated, and A records will not be created. This setting is intended for exceptional cases. Note that this option only applies to proxied records and it has no effect on whether Cloudflare communicates with the origin using IPv4 or IPv6.

flatten_cname: Bool

If enabled, causes the CNAME record to be resolved externally and the resulting address records (e.g., A and AAAA) to be returned instead of the CNAME record itself. This setting is unavailable for proxied records, since they are always flattened.

tags: Set[String]

Custom tags for the DNS record. This field has no effect on DNS responses.

id: String

Identifier.

created_on: Time

When the record was created.

meta: JSON

Extra Cloudflare-specific information about the record.

modified_on: Time

When the record was last modified.

proxiable: Bool

Whether the record can be proxied by Cloudflare or not.

comment_modified_on: Time

When the record comment was last modified. Omitted if there is no comment.

tags_modified_on: Time

When the record tags were last modified. Omitted if there are no tags.

priority: Float64

Required for MX and URI records; ignored for other record types (but may still be returned by the API). Records with lower priorities are preferred. This field is to be deprecated in favor of the priority field within the data map.

data: Attributes

Components of a CAA record.

flags: Dynamic Float64 | String

Flags for the CAA record.

tag: String

Name of the property controlled by this record (e.g.: issue, issuewild, iodef).

value: String

Value of the record. This field's semantics depend on the chosen tag.

algorithm: Float64

Algorithm.

certificate: String

Certificate.

key_tag: Float64

Key Tag.

type: Float64

Type.

protocol: Float64

Protocol.

public_key: String

Public Key.

digest: String

Digest.

digest_type: Float64

Digest Type.

priority: Float64

Priority.

target: String

Target.

altitude: Float64

Altitude of location in meters.

lat_degrees: Float64

Degrees of latitude.

lat_direction: String

Latitude direction.

lat_minutes: Float64

Minutes of latitude.

lat_seconds: Float64

Seconds of latitude.

long_degrees: Float64

Degrees of longitude.

long_direction: String

Longitude direction.

long_minutes: Float64

Minutes of longitude.

long_seconds: Float64

Seconds of longitude.

precision_horz: Float64

Horizontal precision of location.

precision_vert: Float64

Vertical precision of location.

size: Float64

Size of location in meters.

order: Float64

Order.

preference: Float64

Preference.

regex: String

Regex.

replacement: String

Replacement.

service: String

Service.

matching_type: Float64

Matching Type.

selector: Float64

Selector.

usage: Float64

Usage.

port: Float64

The port of the service.

weight: Float64

The record weight.

fingerprint: String

Fingerprint.

cloudflare_dns_records

data "cloudflare_dns_records" "example_dns_records" {
  zone_id = "023e105f4ecef8ad9ca31a8372d0c353"
  comment = {
    absent = "absent"
    contains = "ello, worl"
    endswith = "o, world"
    exact = "Hello, world"
    present = "present"
    startswith = "Hello, w"
  }
  content = {
    contains = "7.0.0."
    endswith = ".0.1"
    exact = "127.0.0.1"
    startswith = "127.0."
  }
  name = {
    contains = "w.example."
    endswith = ".example.com"
    exact = "www.example.com"
    startswith = "www.example"
  }
  search = "www.cloudflare.com"
  tag = {
    absent = "important"
    contains = "greeting:ello, worl"
    endswith = "greeting:o, world"
    exact = "greeting:Hello, world"
    present = "important"
    startswith = "greeting:Hello, w"
  }
  type = "A"
}

DNSSettingsZone

resource cloudflare_zone_dns_settings

required Expand Collapse

zone_id: String

Identifier.

optional Expand Collapse

flatten_all_cnames?: Bool

Whether to flatten all CNAME records in the zone. Note that, due to DNS limitations, a CNAME record at the zone apex will always be flattened.

foundation_dns?: Bool

Whether to enable Foundation DNS Advanced Nameservers on the zone.

multi_provider?: Bool

Whether to enable multi-provider DNS, which causes Cloudflare to activate the zone even when non-Cloudflare NS records exist, and to respect NS records at the zone apex during outbound zone transfers.

ns_ttl?: Float64

The time to live (TTL) of the zone's nameserver (NS) records.

secondary_overrides?: Bool

Allows a Secondary DNS zone to use (proxied) override records and CNAME flattening at the zone apex.

zone_mode?: String

Whether the zone mode is a regular or CDN/DNS only zone.

internal_dns?: Attributes

Settings for this internal zone.

reference_zone_id?: String

The ID of the zone to fallback to.

nameservers?: Attributes

Settings determining the nameservers through which the zone should be available.

ns_set?: Int64

Configured nameserver set to be used for this zone

type?: String

Nameserver type

soa?: Attributes

Components of the zone's SOA record.

expire?: Float64

Time in seconds of being unable to query the primary server after which secondary servers should stop serving the zone.

min_ttl?: Float64

The time to live (TTL) for negative caching of records within the zone.

mname?: String

The primary nameserver, which may be used for outbound zone transfers. If null, a Cloudflare-assigned value will be used.

refresh?: Float64

Time in seconds after which secondary servers should re-check the SOA record to see if the zone has been updated.

retry?: Float64

Time in seconds after which secondary servers should retry queries after the primary server was unresponsive.

rname?: String

The email address of the zone administrator, with the first label representing the local part of the email address.

ttl?: Float64

The time to live (TTL) of the SOA record itself.

cloudflare_zone_dns_settings

resource "cloudflare_zone_dns_settings" "example_zone_dns_settings" {
  zone_id = "023e105f4ecef8ad9ca31a8372d0c353"
  flatten_all_cnames = false
  foundation_dns = false
  internal_dns = {
    reference_zone_id = "reference_zone_id"
  }
  multi_provider = false
  nameservers = {
    ns_set = 1
    type = "cloudflare.standard"
  }
  ns_ttl = 86400
  secondary_overrides = false
  soa = {
    expire = 604800
    min_ttl = 1800
    mname = "kristina.ns.cloudflare.com"
    refresh = 10000
    retry = 2400
    rname = "admin.example.com"
    ttl = 3600
  }
  zone_mode = "dns_only"
}

data cloudflare_zone_dns_settings

required Expand Collapse

zone_id: String

Identifier.

computed Expand Collapse

flatten_all_cnames: Bool

Whether to flatten all CNAME records in the zone. Note that, due to DNS limitations, a CNAME record at the zone apex will always be flattened.

foundation_dns: Bool

Whether to enable Foundation DNS Advanced Nameservers on the zone.

multi_provider: Bool

Whether to enable multi-provider DNS, which causes Cloudflare to activate the zone even when non-Cloudflare NS records exist, and to respect NS records at the zone apex during outbound zone transfers.

ns_ttl: Float64

The time to live (TTL) of the zone's nameserver (NS) records.

secondary_overrides: Bool

Allows a Secondary DNS zone to use (proxied) override records and CNAME flattening at the zone apex.

zone_mode: String

Whether the zone mode is a regular or CDN/DNS only zone.

internal_dns: Attributes

Settings for this internal zone.

reference_zone_id: String

The ID of the zone to fallback to.

nameservers: Attributes

Settings determining the nameservers through which the zone should be available.

type: String

Nameserver type

ns_set: Int64

Configured nameserver set to be used for this zone

soa: Attributes

Components of the zone's SOA record.

expire: Float64

Time in seconds of being unable to query the primary server after which secondary servers should stop serving the zone.

min_ttl: Float64

The time to live (TTL) for negative caching of records within the zone.

mname: String

The primary nameserver, which may be used for outbound zone transfers. If null, a Cloudflare-assigned value will be used.

refresh: Float64

Time in seconds after which secondary servers should re-check the SOA record to see if the zone has been updated.

retry: Float64

Time in seconds after which secondary servers should retry queries after the primary server was unresponsive.

rname: String

The email address of the zone administrator, with the first label representing the local part of the email address.

ttl: Float64

The time to live (TTL) of the SOA record itself.

cloudflare_zone_dns_settings

data "cloudflare_zone_dns_settings" "example_zone_dns_settings" {
  zone_id = "023e105f4ecef8ad9ca31a8372d0c353"
}

DNSSettingsAccount

resource cloudflare_account_dns_settings

required Expand Collapse

account_id: String

Identifier.

optional Expand Collapse

zone_defaults?: Attributes

flatten_all_cnames?: Bool

Whether to flatten all CNAME records in the zone. Note that, due to DNS limitations, a CNAME record at the zone apex will always be flattened.

foundation_dns?: Bool

Whether to enable Foundation DNS Advanced Nameservers on the zone.

internal_dns?: Attributes

Settings for this internal zone.

reference_zone_id?: String

The ID of the zone to fallback to.

multi_provider?: Bool

Whether to enable multi-provider DNS, which causes Cloudflare to activate the zone even when non-Cloudflare NS records exist, and to respect NS records at the zone apex during outbound zone transfers.

nameservers?: Attributes

Settings determining the nameservers through which the zone should be available.

type?: String

Nameserver type

ns_ttl?: Float64

The time to live (TTL) of the zone's nameserver (NS) records.

secondary_overrides?: Bool

Allows a Secondary DNS zone to use (proxied) override records and CNAME flattening at the zone apex.

soa?: Attributes

Components of the zone's SOA record.

expire?: Float64

Time in seconds of being unable to query the primary server after which secondary servers should stop serving the zone.

min_ttl?: Float64

The time to live (TTL) for negative caching of records within the zone.

mname?: String

The primary nameserver, which may be used for outbound zone transfers. If null, a Cloudflare-assigned value will be used.

refresh?: Float64

Time in seconds after which secondary servers should re-check the SOA record to see if the zone has been updated.

retry?: Float64

Time in seconds after which secondary servers should retry queries after the primary server was unresponsive.

rname?: String

The email address of the zone administrator, with the first label representing the local part of the email address.

ttl?: Float64

The time to live (TTL) of the SOA record itself.

zone_mode?: String

Whether the zone mode is a regular or CDN/DNS only zone.

cloudflare_account_dns_settings

resource "cloudflare_account_dns_settings" "example_account_dns_settings" {
  account_id = "023e105f4ecef8ad9ca31a8372d0c353"
  zone_defaults = {
    flatten_all_cnames = false
    foundation_dns = false
    internal_dns = {
      reference_zone_id = "reference_zone_id"
    }
    multi_provider = false
    nameservers = {
      type = "cloudflare.standard"
    }
    ns_ttl = 86400
    secondary_overrides = false
    soa = {
      expire = 604800
      min_ttl = 1800
      mname = "kristina.ns.cloudflare.com"
      refresh = 10000
      retry = 2400
      rname = "admin.example.com"
      ttl = 3600
    }
    zone_mode = "dns_only"
  }
}

data cloudflare_account_dns_settings

required Expand Collapse

account_id: String

Identifier.

computed Expand Collapse

zone_defaults: Attributes

flatten_all_cnames: Bool

Whether to flatten all CNAME records in the zone. Note that, due to DNS limitations, a CNAME record at the zone apex will always be flattened.

foundation_dns: Bool

Whether to enable Foundation DNS Advanced Nameservers on the zone.

internal_dns: Attributes

Settings for this internal zone.

reference_zone_id: String

The ID of the zone to fallback to.

multi_provider: Bool

Whether to enable multi-provider DNS, which causes Cloudflare to activate the zone even when non-Cloudflare NS records exist, and to respect NS records at the zone apex during outbound zone transfers.

nameservers: Attributes

Settings determining the nameservers through which the zone should be available.

type: String

Nameserver type

ns_ttl: Float64

The time to live (TTL) of the zone's nameserver (NS) records.

secondary_overrides: Bool

Allows a Secondary DNS zone to use (proxied) override records and CNAME flattening at the zone apex.

soa: Attributes

Components of the zone's SOA record.

expire: Float64

Time in seconds of being unable to query the primary server after which secondary servers should stop serving the zone.

min_ttl: Float64

The time to live (TTL) for negative caching of records within the zone.

mname: String

The primary nameserver, which may be used for outbound zone transfers. If null, a Cloudflare-assigned value will be used.

refresh: Float64

Time in seconds after which secondary servers should re-check the SOA record to see if the zone has been updated.

retry: Float64

Time in seconds after which secondary servers should retry queries after the primary server was unresponsive.

rname: String

The email address of the zone administrator, with the first label representing the local part of the email address.

ttl: Float64

The time to live (TTL) of the SOA record itself.

zone_mode: String

Whether the zone mode is a regular or CDN/DNS only zone.

cloudflare_account_dns_settings

data "cloudflare_account_dns_settings" "example_account_dns_settings" {
  account_id = "023e105f4ecef8ad9ca31a8372d0c353"
}

DNSSettingsAccountViews

resource cloudflare_account_dns_settings_internal_view

required Expand Collapse

account_id: String

Identifier.

The name of the view.

zones: Set[String]

The list of zones linked to this view.

computed Expand Collapse

id: String

Identifier.

created_time: Time

When the view was created.

modified_time: Time

When the view was last modified.

cloudflare_account_dns_settings_internal_view

resource "cloudflare_account_dns_settings_internal_view" "example_account_dns_settings_internal_view" {
  account_id = "023e105f4ecef8ad9ca31a8372d0c353"
  name = "my view"
  zones = ["372e67954025e0ba6aaa6d586b9e0b59"]
}

data cloudflare_account_dns_settings_internal_view

required Expand Collapse

account_id: String

Identifier.

optional Expand Collapse

view_id?: String

Identifier.

filter?: Attributes

direction?: String

Direction to order DNS views in.

match?: String

Whether to match all search requirements or at least one (any). If set to all, acts like a logical AND between filters. If set to any, acts like a logical OR instead.

name?: Attributes

contains?: String

Substring of the DNS view name.

endswith?: String

Suffix of the DNS view name.

exact?: String

Exact value of the DNS view name.

startswith?: String

Prefix of the DNS view name.

order?: String

Field to order DNS views by.

zone_id?: String

A zone ID that exists in the zones list for the view.

zone_name?: String

A zone name that exists in the zones list for the view.

computed Expand Collapse

id: String

Identifier.

created_time: Time

When the view was created.

modified_time: Time

When the view was last modified.

The name of the view.

zones: Set[String]

The list of zones linked to this view.

cloudflare_account_dns_settings_internal_view

data "cloudflare_account_dns_settings_internal_view" "example_account_dns_settings_internal_view" {
  account_id = "023e105f4ecef8ad9ca31a8372d0c353"
  view_id = "023e105f4ecef8ad9ca31a8372d0c353"
}

data cloudflare_account_dns_settings_internal_views

required Expand Collapse

account_id: String

Identifier.

optional Expand Collapse

order?: String

Field to order DNS views by.

zone_id?: String

A zone ID that exists in the zones list for the view.

zone_name?: String

A zone name that exists in the zones list for the view.

name?: Attributes

contains?: String

Substring of the DNS view name.

endswith?: String

Suffix of the DNS view name.

exact?: String

Exact value of the DNS view name.

startswith?: String

Prefix of the DNS view name.

direction?: String

Direction to order DNS views in.

match?: String

Whether to match all search requirements or at least one (any). If set to all, acts like a logical AND between filters. If set to any, acts like a logical OR instead.

max_items?: Int64

Max items to fetch, default: 1000

computed Expand Collapse

result: List[Attributes]

The items returned by the data source

id: String

Identifier.

created_time: Time

When the view was created.

modified_time: Time

When the view was last modified.

The name of the view.

zones: Set[String]

The list of zones linked to this view.

cloudflare_account_dns_settings_internal_views

data "cloudflare_account_dns_settings_internal_views" "example_account_dns_settings_internal_views" {
  account_id = "023e105f4ecef8ad9ca31a8372d0c353"
  name = {
    contains = "view"
    endswith = "ew"
    exact = "my view"
    startswith = "my"
  }
  order = "name"
  zone_id = "ae29bea30e2e427ba9cd8d78b628177b"
  zone_name = "www.example.com"
}

DNSZone TransfersIncoming

resource cloudflare_dns_zone_transfers_incoming

required Expand Collapse

zone_id: String

Zone name.

peers: Set[String]

A list of peer tags.

optional Expand Collapse

auto_refresh_seconds?: Float64

How often should a secondary zone auto refresh regardless of DNS NOTIFY. Not applicable for primary zones.

computed Expand Collapse

id: String

checked_time: String

The time for a specific event.

created_time: String

The time for a specific event.

modified_time: String

The time for a specific event.

soa_serial: Float64

The serial number of the SOA for the given zone.

cloudflare_dns_zone_transfers_incoming

resource "cloudflare_dns_zone_transfers_incoming" "example_dns_zone_transfers_incoming" {
  zone_id = "269d8f4853475ca241c4e730be286b20"
  auto_refresh_seconds = 86400
  name = "www.example.com."
  peers = ["23ff594956f20c2a721606e94745a8aa", "00920f38ce07c2e2f4df50b1f61d4194"]
}

data cloudflare_dns_zone_transfers_incoming

required Expand Collapse

zone_id: String

computed Expand Collapse

id: String

auto_refresh_seconds: Float64

How often should a secondary zone auto refresh regardless of DNS NOTIFY. Not applicable for primary zones.

checked_time: String

The time for a specific event.

created_time: String

The time for a specific event.

modified_time: String

The time for a specific event.

Zone name.

soa_serial: Float64

The serial number of the SOA for the given zone.

peers: Set[String]

A list of peer tags.

cloudflare_dns_zone_transfers_incoming

data "cloudflare_dns_zone_transfers_incoming" "example_dns_zone_transfers_incoming" {
  zone_id = "269d8f4853475ca241c4e730be286b20"
}

DNSZone TransfersOutgoing

resource cloudflare_dns_zone_transfers_outgoing

required Expand Collapse

zone_id: String

Zone name.

peers: Set[String]

A list of peer tags.

computed Expand Collapse

id: String

checked_time: String

The time for a specific event.

created_time: String

The time for a specific event.

last_transferred_time: String

The time for a specific event.

soa_serial: Float64

The serial number of the SOA for the given zone.

cloudflare_dns_zone_transfers_outgoing

resource "cloudflare_dns_zone_transfers_outgoing" "example_dns_zone_transfers_outgoing" {
  zone_id = "269d8f4853475ca241c4e730be286b20"
  name = "www.example.com."
  peers = ["23ff594956f20c2a721606e94745a8aa", "00920f38ce07c2e2f4df50b1f61d4194"]
}

data cloudflare_dns_zone_transfers_outgoing

required Expand Collapse

zone_id: String

computed Expand Collapse

id: String

checked_time: String

The time for a specific event.

created_time: String

The time for a specific event.

last_transferred_time: String

The time for a specific event.

Zone name.

soa_serial: Float64

The serial number of the SOA for the given zone.

peers: Set[String]

A list of peer tags.

cloudflare_dns_zone_transfers_outgoing

data "cloudflare_dns_zone_transfers_outgoing" "example_dns_zone_transfers_outgoing" {
  zone_id = "269d8f4853475ca241c4e730be286b20"
}

DNSZone TransfersACLs

resource cloudflare_dns_zone_transfers_acl

required Expand Collapse

account_id: String

ip_range: String

Allowed IPv4/IPv6 address range of primary or secondary nameservers. This will be applied for the entire account. The IP range is used to allow additional NOTIFY IPs for secondary zones and IPs Cloudflare allows AXFR/IXFR requests from for primary zones. CIDRs are limited to a maximum of /24 for IPv4 and /64 for IPv6 respectively.

The name of the acl.

computed Expand Collapse

id: String

cloudflare_dns_zone_transfers_acl

resource "cloudflare_dns_zone_transfers_acl" "example_dns_zone_transfers_acl" {
  account_id = "01a7362d577a6c3019a474fd6f485823"
  ip_range = "192.0.2.53/28"
  name = "my-acl-1"
}

data cloudflare_dns_zone_transfers_acl

required Expand Collapse

acl_id: String

account_id: String

computed Expand Collapse

id: String

ip_range: String

Allowed IPv4/IPv6 address range of primary or secondary nameservers. This will be applied for the entire account. The IP range is used to allow additional NOTIFY IPs for secondary zones and IPs Cloudflare allows AXFR/IXFR requests from for primary zones. CIDRs are limited to a maximum of /24 for IPv4 and /64 for IPv6 respectively.

The name of the acl.

cloudflare_dns_zone_transfers_acl

data "cloudflare_dns_zone_transfers_acl" "example_dns_zone_transfers_acl" {
  account_id = "01a7362d577a6c3019a474fd6f485823"
  acl_id = "23ff594956f20c2a721606e94745a8aa"
}

data cloudflare_dns_zone_transfers_acls

required Expand Collapse

account_id: String

optional Expand Collapse

max_items?: Int64

Max items to fetch, default: 1000

computed Expand Collapse

result: List[Attributes]

The items returned by the data source

id: String

ip_range: String

Allowed IPv4/IPv6 address range of primary or secondary nameservers. This will be applied for the entire account. The IP range is used to allow additional NOTIFY IPs for secondary zones and IPs Cloudflare allows AXFR/IXFR requests from for primary zones. CIDRs are limited to a maximum of /24 for IPv4 and /64 for IPv6 respectively.

The name of the acl.

cloudflare_dns_zone_transfers_acls

data "cloudflare_dns_zone_transfers_acls" "example_dns_zone_transfers_acls" {
  account_id = "01a7362d577a6c3019a474fd6f485823"
}

DNSZone TransfersPeers

resource cloudflare_dns_zone_transfers_peer

required Expand Collapse

account_id: String

The name of the peer.

optional Expand Collapse

ip?: String

IPv4/IPv6 address of primary or secondary nameserver, depending on what zone this peer is linked to. For primary zones this IP defines the IP of the secondary nameserver Cloudflare will NOTIFY upon zone changes. For secondary zones this IP defines the IP of the primary nameserver Cloudflare will send AXFR/IXFR requests to.

ixfr_enable?: Bool

Enable IXFR transfer protocol, default is AXFR. Only applicable to secondary zones.

port?: Float64

DNS port of primary or secondary nameserver, depending on what zone this peer is linked to.

tsig_id?: String

TSIG authentication will be used for zone transfer if configured.

computed Expand Collapse

id: String

cloudflare_dns_zone_transfers_peer

resource "cloudflare_dns_zone_transfers_peer" "example_dns_zone_transfers_peer" {
  account_id = "01a7362d577a6c3019a474fd6f485823"
  name = "my-peer-1"
}

data cloudflare_dns_zone_transfers_peer

required Expand Collapse

peer_id: String

account_id: String

computed Expand Collapse

id: String

ip: String

IPv4/IPv6 address of primary or secondary nameserver, depending on what zone this peer is linked to. For primary zones this IP defines the IP of the secondary nameserver Cloudflare will NOTIFY upon zone changes. For secondary zones this IP defines the IP of the primary nameserver Cloudflare will send AXFR/IXFR requests to.

ixfr_enable: Bool

Enable IXFR transfer protocol, default is AXFR. Only applicable to secondary zones.

The name of the peer.

port: Float64

DNS port of primary or secondary nameserver, depending on what zone this peer is linked to.

tsig_id: String

TSIG authentication will be used for zone transfer if configured.

cloudflare_dns_zone_transfers_peer

data "cloudflare_dns_zone_transfers_peer" "example_dns_zone_transfers_peer" {
  account_id = "01a7362d577a6c3019a474fd6f485823"
  peer_id = "23ff594956f20c2a721606e94745a8aa"
}

data cloudflare_dns_zone_transfers_peers

required Expand Collapse

account_id: String

optional Expand Collapse

max_items?: Int64

Max items to fetch, default: 1000

computed Expand Collapse

result: List[Attributes]

The items returned by the data source

id: String

The name of the peer.

ip: String

IPv4/IPv6 address of primary or secondary nameserver, depending on what zone this peer is linked to. For primary zones this IP defines the IP of the secondary nameserver Cloudflare will NOTIFY upon zone changes. For secondary zones this IP defines the IP of the primary nameserver Cloudflare will send AXFR/IXFR requests to.

ixfr_enable: Bool

Enable IXFR transfer protocol, default is AXFR. Only applicable to secondary zones.

port: Float64

DNS port of primary or secondary nameserver, depending on what zone this peer is linked to.

tsig_id: String

TSIG authentication will be used for zone transfer if configured.

cloudflare_dns_zone_transfers_peers

data "cloudflare_dns_zone_transfers_peers" "example_dns_zone_transfers_peers" {
  account_id = "01a7362d577a6c3019a474fd6f485823"
}

DNSZone TransfersTSIGs

resource cloudflare_dns_zone_transfers_tsig

required Expand Collapse

account_id: String

algo: String

TSIG algorithm.

TSIG key name.

secret: String

TSIG secret.

computed Expand Collapse

id: String

cloudflare_dns_zone_transfers_tsig

resource "cloudflare_dns_zone_transfers_tsig" "example_dns_zone_transfers_tsig" {
  account_id = "01a7362d577a6c3019a474fd6f485823"
  algo = "hmac-sha512."
  name = "tsig.customer.cf."
  secret = "caf79a7804b04337c9c66ccd7bef9190a1e1679b5dd03d8aa10f7ad45e1a9dab92b417896c15d4d007c7c14194538d2a5d0feffdecc5a7f0e1c570cfa700837c"
}

data cloudflare_dns_zone_transfers_tsig

required Expand Collapse

tsig_id: String

account_id: String

computed Expand Collapse

id: String

algo: String

TSIG algorithm.

TSIG key name.

secret: String

TSIG secret.

cloudflare_dns_zone_transfers_tsig

data "cloudflare_dns_zone_transfers_tsig" "example_dns_zone_transfers_tsig" {
  account_id = "01a7362d577a6c3019a474fd6f485823"
  tsig_id = "69cd1e104af3e6ed3cb344f263fd0d5a"
}

data cloudflare_dns_zone_transfers_tsigs

required Expand Collapse

account_id: String

optional Expand Collapse

max_items?: Int64

Max items to fetch, default: 1000

computed Expand Collapse

result: List[Attributes]

The items returned by the data source

id: String

algo: String

TSIG algorithm.

TSIG key name.

secret: String

TSIG secret.

cloudflare_dns_zone_transfers_tsigs

data "cloudflare_dns_zone_transfers_tsigs" "example_dns_zone_transfers_tsigs" {
  account_id = "01a7362d577a6c3019a474fd6f485823"
}