Analytics and logs
Consider the sections below to learn how to access analytics and logs for your DNS Firewall.
Use the GraphQL API to access DNS Firewall analytics. Refer to the GraphQL Analytics API documentation for guidance on how to get started.
The DNS Firewall analytics has two schemas:
dnsFirewallAnalyticsAdaptive: Retrieve information about individual DNS Firewall queries.dnsFirewallAnalyticsAdaptiveGroups: Get reports on aggregate information only.
You can also use the DNS Firewall API reports endpoint.
You can set up Logpush to deliver DNS Firewall logs to a storage service, SIEM, or log management provider.
When analyzing why Cloudflare DNS Firewall responded in one way or another to a specific query, consider the responseReason log field.
The following table provides a description for each of the values that might be returned as a response reason:
| Value | Description |
|---|---|
success | Response was successfully served, either from Cloudflare cache or forwarded from the upstream. |
upstream_failure | Response could not be fetched from the upstream due to the upstream failing to respond. |
upstream_servfail | Response could not be fetched from the upstream due to the upstream responding with SERVFAIL. |
invalid_query | Query is invalid and cannot be processed. |
any_type_blocked | Query of type ANY was blocked according to your DNS Firewall settings (RFC 8482 ↗). |
rate_limit | Query was rate limited according to your DNS Firewall settings. |
chaos_success | Response for Chaos class ↗ was successfully served. |
attack_mitigation_block | Query was blocked as part of random prefix attack mitigation. |
unknown | There was an unknown error. |
Was this helpful?
- Resources
- API
- New to Cloudflare?
- Products
- Sponsorships
- Open Source
- Support
- Help Center
- System Status
- Compliance
- GDPR
- Company
- cloudflare.com
- Our team
- Careers
- 2025 Cloudflare, Inc.
- Privacy Policy
- Terms of Use
- Report Security Issues
- Trademark