Set up DNS Firewall
Prior to setting up DNS Firewall, you need:
- Account access to DNS Firewall (provided by your Enterprise account team).
- Access to DNS Administrator or Super Administrator privileges on your account.
- Newly updated IP addresses for your nameservers (protects against previously compromised IP addresses).
Configure DNS Firewall
Create a DNS Firewall cluster
Using the dashboard
- Log in to the with DNS Firewall.
- On the account homepage, click DNS Firewall.
- Click Add Firewall Cluster.
- Fill out the required fields, including:
- IP Addresses: The upstream IPv4 and/or IPv6 addresses of your authoritative nameservers.
- Minimum Cache TTL: Recommended setting of 30 seconds.
- Maximum Cache TTL: Recommended setting of 1 hour. Larger values increase the cache hit ratio, but also increase the time required for DNS changes to propagate.
- ANY queries: Recommended setting is Off because these are often used as part of DDoS attacks. Also refer to this .
- Click Continue.
- On the following screen, save the values for Your new DNS Firewall IP Addresses.
Using the API
Update registrar settings
A/AAAA glue records for your nameserver hostnames at your registrar with your DNS Firewall cluster IP addresses.
Update DNS servers
At your DNS servers, update the
A/AAAA records for your nameserver hostnames in your DNS zone file with your DNS Firewall cluster IP addresses.
Test DNS resolution
Confirm that your nameservers are functioning correctly by running a