Docs Home
Cloudflare v6.0.1 published on Wednesday, Apr 16, 2025 by Pulumi
cloudflare.DnsFirewall
Explore with Pulumi AI
Example Usage
Coming soon!
Coming soon!
Coming soon!
Coming soon!
Coming soon!
resources:
exampleDnsFirewall:
type: cloudflare:DnsFirewall
name: example_dns_firewall
properties:
accountId: 023e105f4ecef8ad9ca31a8372d0c353
name: My Awesome DNS Firewall cluster
upstreamIps:
- 192.0.2.1
- 198.51.100.1
- 2001:DB8:100::CF
attackMitigation:
enabled: true
only_when_upstream_unhealthy: false
deprecateAnyRequests: true
ecsFallback: false
maximumCacheTtl: 900
minimumCacheTtl: 60
negativeCacheTtl: 900
ratelimit: 600
retries: 2
Create DnsFirewall Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new DnsFirewall(name: string, args: DnsFirewallArgs, opts?: CustomResourceOptions);@overload
def DnsFirewall(resource_name: str,
args: DnsFirewallArgs,
opts: Optional[ResourceOptions] = None)
@overload
def DnsFirewall(resource_name: str,
opts: Optional[ResourceOptions] = None,
account_id: Optional[str] = None,
name: Optional[str] = None,
upstream_ips: Optional[Sequence[str]] = None,
attack_mitigation: Optional[DnsFirewallAttackMitigationArgs] = None,
deprecate_any_requests: Optional[bool] = None,
ecs_fallback: Optional[bool] = None,
maximum_cache_ttl: Optional[float] = None,
minimum_cache_ttl: Optional[float] = None,
negative_cache_ttl: Optional[float] = None,
ratelimit: Optional[float] = None,
retries: Optional[float] = None)func NewDnsFirewall(ctx *Context, name string, args DnsFirewallArgs, opts ...ResourceOption) (*DnsFirewall, error)public DnsFirewall(string name, DnsFirewallArgs args, CustomResourceOptions? opts = null)public DnsFirewall(String name, DnsFirewallArgs args)
public DnsFirewall(String name, DnsFirewallArgs args, CustomResourceOptions options)
type: cloudflare:DnsFirewall
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name
This property is required. string - The unique name of the resource.
- args
This property is required. DnsFirewallArgs - The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name
This property is required. str - The unique name of the resource.
- args
This property is required. DnsFirewallArgs - The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name
This property is required. string - The unique name of the resource.
- args
This property is required. DnsFirewallArgs - The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name
This property is required. string - The unique name of the resource.
- args
This property is required. DnsFirewallArgs - The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name
This property is required. String - The unique name of the resource.
- args
This property is required. DnsFirewallArgs - The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var dnsFirewallResource = new Cloudflare.DnsFirewall("dnsFirewallResource", new()
{
AccountId = "string",
Name = "string",
UpstreamIps = new[]
{
"string",
},
AttackMitigation = new Cloudflare.Inputs.DnsFirewallAttackMitigationArgs
{
Enabled = false,
OnlyWhenUpstreamUnhealthy = false,
},
DeprecateAnyRequests = false,
EcsFallback = false,
MaximumCacheTtl = 0,
MinimumCacheTtl = 0,
NegativeCacheTtl = 0,
Ratelimit = 0,
Retries = 0,
});
example, err := cloudflare.NewDnsFirewall(ctx, "dnsFirewallResource", &cloudflare.DnsFirewallArgs{
AccountId: pulumi.String("string"),
Name: pulumi.String("string"),
UpstreamIps: pulumi.StringArray{
pulumi.String("string"),
},
AttackMitigation: &cloudflare.DnsFirewallAttackMitigationArgs{
Enabled: pulumi.Bool(false),
OnlyWhenUpstreamUnhealthy: pulumi.Bool(false),
},
DeprecateAnyRequests: pulumi.Bool(false),
EcsFallback: pulumi.Bool(false),
MaximumCacheTtl: pulumi.Float64(0),
MinimumCacheTtl: pulumi.Float64(0),
NegativeCacheTtl: pulumi.Float64(0),
Ratelimit: pulumi.Float64(0),
Retries: pulumi.Float64(0),
})
var dnsFirewallResource = new DnsFirewall("dnsFirewallResource", DnsFirewallArgs.builder()
.accountId("string")
.name("string")
.upstreamIps("string")
.attackMitigation(DnsFirewallAttackMitigationArgs.builder()
.enabled(false)
.onlyWhenUpstreamUnhealthy(false)
.build())
.deprecateAnyRequests(false)
.ecsFallback(false)
.maximumCacheTtl(0)
.minimumCacheTtl(0)
.negativeCacheTtl(0)
.ratelimit(0)
.retries(0)
.build());
dns_firewall_resource = cloudflare.DnsFirewall("dnsFirewallResource",
account_id="string",
name="string",
upstream_ips=["string"],
attack_mitigation={
"enabled": False,
"only_when_upstream_unhealthy": False,
},
deprecate_any_requests=False,
ecs_fallback=False,
maximum_cache_ttl=0,
minimum_cache_ttl=0,
negative_cache_ttl=0,
ratelimit=0,
retries=0)
const dnsFirewallResource = new cloudflare.DnsFirewall("dnsFirewallResource", {
accountId: "string",
name: "string",
upstreamIps: ["string"],
attackMitigation: {
enabled: false,
onlyWhenUpstreamUnhealthy: false,
},
deprecateAnyRequests: false,
ecsFallback: false,
maximumCacheTtl: 0,
minimumCacheTtl: 0,
negativeCacheTtl: 0,
ratelimit: 0,
retries: 0,
});
type: cloudflare:DnsFirewall
properties:
accountId: string
attackMitigation:
enabled: false
onlyWhenUpstreamUnhealthy: false
deprecateAnyRequests: false
ecsFallback: false
maximumCacheTtl: 0
minimumCacheTtl: 0
name: string
negativeCacheTtl: 0
ratelimit: 0
retries: 0
upstreamIps:
- string
DnsFirewall Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The DnsFirewall resource accepts the following input properties:
- Account
Id This property is required. string - Identifier
- Name
This property is required. string - DNS Firewall cluster name
- Upstream
Ips This property is required. List<string> - Attack
Mitigation DnsFirewall Attack Mitigation - Attack mitigation settings
- Deprecate
Any boolRequests - Whether to refuse to answer queries for the ANY type
- Ecs
Fallback bool - Whether to forward client IP (resolver) subnet if no EDNS Client Subnet is sent
- Maximum
Cache doubleTtl - Maximum DNS cache TTL This setting sets an upper bound on DNS TTLs for purposes of caching between DNS Firewall and the upstream servers. Higher TTLs will be decreased to the maximum defined here for caching purposes.
- Minimum
Cache doubleTtl - Minimum DNS cache TTL This setting sets a lower bound on DNS TTLs for purposes of caching between DNS Firewall and the upstream servers. Lower TTLs will be increased to the minimum defined here for caching purposes.
- Negative
Cache doubleTtl - Negative DNS cache TTL This setting controls how long DNS Firewall should cache negative responses (e.g., NXDOMAIN) from the upstream servers.
- Ratelimit double
- Ratelimit in queries per second per datacenter (applies to DNS queries sent to the upstream nameservers configured on the cluster)
- Retries double
- Number of retries for fetching DNS responses from upstream nameservers (not counting the initial attempt)
- Account
Id This property is required. string - Identifier
- Name
This property is required. string - DNS Firewall cluster name
- Upstream
Ips This property is required. []string - Attack
Mitigation DnsFirewall Attack Mitigation Args - Attack mitigation settings
- Deprecate
Any boolRequests - Whether to refuse to answer queries for the ANY type
- Ecs
Fallback bool - Whether to forward client IP (resolver) subnet if no EDNS Client Subnet is sent
- Maximum
Cache float64Ttl - Maximum DNS cache TTL This setting sets an upper bound on DNS TTLs for purposes of caching between DNS Firewall and the upstream servers. Higher TTLs will be decreased to the maximum defined here for caching purposes.
- Minimum
Cache float64Ttl - Minimum DNS cache TTL This setting sets a lower bound on DNS TTLs for purposes of caching between DNS Firewall and the upstream servers. Lower TTLs will be increased to the minimum defined here for caching purposes.
- Negative
Cache float64Ttl - Negative DNS cache TTL This setting controls how long DNS Firewall should cache negative responses (e.g., NXDOMAIN) from the upstream servers.
- Ratelimit float64
- Ratelimit in queries per second per datacenter (applies to DNS queries sent to the upstream nameservers configured on the cluster)
- Retries float64
- Number of retries for fetching DNS responses from upstream nameservers (not counting the initial attempt)
- account
Id This property is required. String - Identifier
- name
This property is required. String - DNS Firewall cluster name
- upstream
Ips This property is required. List<String> - attack
Mitigation DnsFirewall Attack Mitigation - Attack mitigation settings
- deprecate
Any BooleanRequests - Whether to refuse to answer queries for the ANY type
- ecs
Fallback Boolean - Whether to forward client IP (resolver) subnet if no EDNS Client Subnet is sent
- maximum
Cache DoubleTtl - Maximum DNS cache TTL This setting sets an upper bound on DNS TTLs for purposes of caching between DNS Firewall and the upstream servers. Higher TTLs will be decreased to the maximum defined here for caching purposes.
- minimum
Cache DoubleTtl - Minimum DNS cache TTL This setting sets a lower bound on DNS TTLs for purposes of caching between DNS Firewall and the upstream servers. Lower TTLs will be increased to the minimum defined here for caching purposes.
- negative
Cache DoubleTtl - Negative DNS cache TTL This setting controls how long DNS Firewall should cache negative responses (e.g., NXDOMAIN) from the upstream servers.
- ratelimit Double
- Ratelimit in queries per second per datacenter (applies to DNS queries sent to the upstream nameservers configured on the cluster)
- retries Double
- Number of retries for fetching DNS responses from upstream nameservers (not counting the initial attempt)
- account
Id This property is required. string - Identifier
- name
This property is required. string - DNS Firewall cluster name
- upstream
Ips This property is required. string[] - attack
Mitigation DnsFirewall Attack Mitigation - Attack mitigation settings
- deprecate
Any booleanRequests - Whether to refuse to answer queries for the ANY type
- ecs
Fallback boolean - Whether to forward client IP (resolver) subnet if no EDNS Client Subnet is sent
- maximum
Cache numberTtl - Maximum DNS cache TTL This setting sets an upper bound on DNS TTLs for purposes of caching between DNS Firewall and the upstream servers. Higher TTLs will be decreased to the maximum defined here for caching purposes.
- minimum
Cache numberTtl - Minimum DNS cache TTL This setting sets a lower bound on DNS TTLs for purposes of caching between DNS Firewall and the upstream servers. Lower TTLs will be increased to the minimum defined here for caching purposes.
- negative
Cache numberTtl - Negative DNS cache TTL This setting controls how long DNS Firewall should cache negative responses (e.g., NXDOMAIN) from the upstream servers.
- ratelimit number
- Ratelimit in queries per second per datacenter (applies to DNS queries sent to the upstream nameservers configured on the cluster)
- retries number
- Number of retries for fetching DNS responses from upstream nameservers (not counting the initial attempt)
- account_
id This property is required. str - Identifier
- name
This property is required. str - DNS Firewall cluster name
- upstream_
ips This property is required. Sequence[str] - attack_
mitigation DnsFirewall Attack Mitigation Args - Attack mitigation settings
- deprecate_
any_ boolrequests - Whether to refuse to answer queries for the ANY type
- ecs_
fallback bool - Whether to forward client IP (resolver) subnet if no EDNS Client Subnet is sent
- maximum_
cache_ floatttl - Maximum DNS cache TTL This setting sets an upper bound on DNS TTLs for purposes of caching between DNS Firewall and the upstream servers. Higher TTLs will be decreased to the maximum defined here for caching purposes.
- minimum_
cache_ floatttl - Minimum DNS cache TTL This setting sets a lower bound on DNS TTLs for purposes of caching between DNS Firewall and the upstream servers. Lower TTLs will be increased to the minimum defined here for caching purposes.
- negative_
cache_ floatttl - Negative DNS cache TTL This setting controls how long DNS Firewall should cache negative responses (e.g., NXDOMAIN) from the upstream servers.
- ratelimit float
- Ratelimit in queries per second per datacenter (applies to DNS queries sent to the upstream nameservers configured on the cluster)
- retries float
- Number of retries for fetching DNS responses from upstream nameservers (not counting the initial attempt)
- account
Id This property is required. String - Identifier
- name
This property is required. String - DNS Firewall cluster name
- upstream
Ips This property is required. List<String> - attack
Mitigation Property Map - Attack mitigation settings
- deprecate
Any BooleanRequests - Whether to refuse to answer queries for the ANY type
- ecs
Fallback Boolean - Whether to forward client IP (resolver) subnet if no EDNS Client Subnet is sent
- maximum
Cache NumberTtl - Maximum DNS cache TTL This setting sets an upper bound on DNS TTLs for purposes of caching between DNS Firewall and the upstream servers. Higher TTLs will be decreased to the maximum defined here for caching purposes.
- minimum
Cache NumberTtl - Minimum DNS cache TTL This setting sets a lower bound on DNS TTLs for purposes of caching between DNS Firewall and the upstream servers. Lower TTLs will be increased to the minimum defined here for caching purposes.
- negative
Cache NumberTtl - Negative DNS cache TTL This setting controls how long DNS Firewall should cache negative responses (e.g., NXDOMAIN) from the upstream servers.
- ratelimit Number
- Ratelimit in queries per second per datacenter (applies to DNS queries sent to the upstream nameservers configured on the cluster)
- retries Number
- Number of retries for fetching DNS responses from upstream nameservers (not counting the initial attempt)
Outputs
All input properties are implicitly available as output properties. Additionally, the DnsFirewall resource produces the following output properties:
- Dns
Firewall List<string>Ips - Id string
- The provider-assigned unique ID for this managed resource.
- Modified
On string - Last modification of DNS Firewall cluster
- Dns
Firewall []stringIps - Id string
- The provider-assigned unique ID for this managed resource.
- Modified
On string - Last modification of DNS Firewall cluster
- dns
Firewall List<String>Ips - id String
- The provider-assigned unique ID for this managed resource.
- modified
On String - Last modification of DNS Firewall cluster
- dns
Firewall string[]Ips - id string
- The provider-assigned unique ID for this managed resource.
- modified
On string - Last modification of DNS Firewall cluster
- dns_
firewall_ Sequence[str]ips - id str
- The provider-assigned unique ID for this managed resource.
- modified_
on str - Last modification of DNS Firewall cluster
- dns
Firewall List<String>Ips - id String
- The provider-assigned unique ID for this managed resource.
- modified
On String - Last modification of DNS Firewall cluster
Look up Existing DnsFirewall Resource
Get an existing DnsFirewall resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: DnsFirewallState, opts?: CustomResourceOptions): DnsFirewall@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
account_id: Optional[str] = None,
attack_mitigation: Optional[DnsFirewallAttackMitigationArgs] = None,
deprecate_any_requests: Optional[bool] = None,
dns_firewall_ips: Optional[Sequence[str]] = None,
ecs_fallback: Optional[bool] = None,
maximum_cache_ttl: Optional[float] = None,
minimum_cache_ttl: Optional[float] = None,
modified_on: Optional[str] = None,
name: Optional[str] = None,
negative_cache_ttl: Optional[float] = None,
ratelimit: Optional[float] = None,
retries: Optional[float] = None,
upstream_ips: Optional[Sequence[str]] = None) -> DnsFirewallfunc GetDnsFirewall(ctx *Context, name string, id IDInput, state *DnsFirewallState, opts ...ResourceOption) (*DnsFirewall, error)public static DnsFirewall Get(string name, Input<string> id, DnsFirewallState? state, CustomResourceOptions? opts = null)public static DnsFirewall get(String name, Output<String> id, DnsFirewallState state, CustomResourceOptions options)resources: _: type: cloudflare:DnsFirewall get: id: ${id}- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
The following state arguments are supported:
- Account
Id string - Identifier
- Attack
Mitigation DnsFirewall Attack Mitigation - Attack mitigation settings
- Deprecate
Any boolRequests - Whether to refuse to answer queries for the ANY type
- Dns
Firewall List<string>Ips - Ecs
Fallback bool - Whether to forward client IP (resolver) subnet if no EDNS Client Subnet is sent
- Maximum
Cache doubleTtl - Maximum DNS cache TTL This setting sets an upper bound on DNS TTLs for purposes of caching between DNS Firewall and the upstream servers. Higher TTLs will be decreased to the maximum defined here for caching purposes.
- Minimum
Cache doubleTtl - Minimum DNS cache TTL This setting sets a lower bound on DNS TTLs for purposes of caching between DNS Firewall and the upstream servers. Lower TTLs will be increased to the minimum defined here for caching purposes.
- Modified
On string - Last modification of DNS Firewall cluster
- Name string
- DNS Firewall cluster name
- Negative
Cache doubleTtl - Negative DNS cache TTL This setting controls how long DNS Firewall should cache negative responses (e.g., NXDOMAIN) from the upstream servers.
- Ratelimit double
- Ratelimit in queries per second per datacenter (applies to DNS queries sent to the upstream nameservers configured on the cluster)
- Retries double
- Number of retries for fetching DNS responses from upstream nameservers (not counting the initial attempt)
- Upstream
Ips List<string>
- Account
Id string - Identifier
- Attack
Mitigation DnsFirewall Attack Mitigation Args - Attack mitigation settings
- Deprecate
Any boolRequests - Whether to refuse to answer queries for the ANY type
- Dns
Firewall []stringIps - Ecs
Fallback bool - Whether to forward client IP (resolver) subnet if no EDNS Client Subnet is sent
- Maximum
Cache float64Ttl - Maximum DNS cache TTL This setting sets an upper bound on DNS TTLs for purposes of caching between DNS Firewall and the upstream servers. Higher TTLs will be decreased to the maximum defined here for caching purposes.
- Minimum
Cache float64Ttl - Minimum DNS cache TTL This setting sets a lower bound on DNS TTLs for purposes of caching between DNS Firewall and the upstream servers. Lower TTLs will be increased to the minimum defined here for caching purposes.
- Modified
On string - Last modification of DNS Firewall cluster
- Name string
- DNS Firewall cluster name
- Negative
Cache float64Ttl - Negative DNS cache TTL This setting controls how long DNS Firewall should cache negative responses (e.g., NXDOMAIN) from the upstream servers.
- Ratelimit float64
- Ratelimit in queries per second per datacenter (applies to DNS queries sent to the upstream nameservers configured on the cluster)
- Retries float64
- Number of retries for fetching DNS responses from upstream nameservers (not counting the initial attempt)
- Upstream
Ips []string
- account
Id String - Identifier
- attack
Mitigation DnsFirewall Attack Mitigation - Attack mitigation settings
- deprecate
Any BooleanRequests - Whether to refuse to answer queries for the ANY type
- dns
Firewall List<String>Ips - ecs
Fallback Boolean - Whether to forward client IP (resolver) subnet if no EDNS Client Subnet is sent
- maximum
Cache DoubleTtl - Maximum DNS cache TTL This setting sets an upper bound on DNS TTLs for purposes of caching between DNS Firewall and the upstream servers. Higher TTLs will be decreased to the maximum defined here for caching purposes.
- minimum
Cache DoubleTtl - Minimum DNS cache TTL This setting sets a lower bound on DNS TTLs for purposes of caching between DNS Firewall and the upstream servers. Lower TTLs will be increased to the minimum defined here for caching purposes.
- modified
On String - Last modification of DNS Firewall cluster
- name String
- DNS Firewall cluster name
- negative
Cache DoubleTtl - Negative DNS cache TTL This setting controls how long DNS Firewall should cache negative responses (e.g., NXDOMAIN) from the upstream servers.
- ratelimit Double
- Ratelimit in queries per second per datacenter (applies to DNS queries sent to the upstream nameservers configured on the cluster)
- retries Double
- Number of retries for fetching DNS responses from upstream nameservers (not counting the initial attempt)
- upstream
Ips List<String>
- account
Id string - Identifier
- attack
Mitigation DnsFirewall Attack Mitigation - Attack mitigation settings
- deprecate
Any booleanRequests - Whether to refuse to answer queries for the ANY type
- dns
Firewall string[]Ips - ecs
Fallback boolean - Whether to forward client IP (resolver) subnet if no EDNS Client Subnet is sent
- maximum
Cache numberTtl - Maximum DNS cache TTL This setting sets an upper bound on DNS TTLs for purposes of caching between DNS Firewall and the upstream servers. Higher TTLs will be decreased to the maximum defined here for caching purposes.
- minimum
Cache numberTtl - Minimum DNS cache TTL This setting sets a lower bound on DNS TTLs for purposes of caching between DNS Firewall and the upstream servers. Lower TTLs will be increased to the minimum defined here for caching purposes.
- modified
On string - Last modification of DNS Firewall cluster
- name string
- DNS Firewall cluster name
- negative
Cache numberTtl - Negative DNS cache TTL This setting controls how long DNS Firewall should cache negative responses (e.g., NXDOMAIN) from the upstream servers.
- ratelimit number
- Ratelimit in queries per second per datacenter (applies to DNS queries sent to the upstream nameservers configured on the cluster)
- retries number
- Number of retries for fetching DNS responses from upstream nameservers (not counting the initial attempt)
- upstream
Ips string[]
- account_
id str - Identifier
- attack_
mitigation DnsFirewall Attack Mitigation Args - Attack mitigation settings
- deprecate_
any_ boolrequests - Whether to refuse to answer queries for the ANY type
- dns_
firewall_ Sequence[str]ips - ecs_
fallback bool - Whether to forward client IP (resolver) subnet if no EDNS Client Subnet is sent
- maximum_
cache_ floatttl - Maximum DNS cache TTL This setting sets an upper bound on DNS TTLs for purposes of caching between DNS Firewall and the upstream servers. Higher TTLs will be decreased to the maximum defined here for caching purposes.
- minimum_
cache_ floatttl - Minimum DNS cache TTL This setting sets a lower bound on DNS TTLs for purposes of caching between DNS Firewall and the upstream servers. Lower TTLs will be increased to the minimum defined here for caching purposes.
- modified_
on str - Last modification of DNS Firewall cluster
- name str
- DNS Firewall cluster name
- negative_
cache_ floatttl - Negative DNS cache TTL This setting controls how long DNS Firewall should cache negative responses (e.g., NXDOMAIN) from the upstream servers.
- ratelimit float
- Ratelimit in queries per second per datacenter (applies to DNS queries sent to the upstream nameservers configured on the cluster)
- retries float
- Number of retries for fetching DNS responses from upstream nameservers (not counting the initial attempt)
- upstream_
ips Sequence[str]
- account
Id String - Identifier
- attack
Mitigation Property Map - Attack mitigation settings
- deprecate
Any BooleanRequests - Whether to refuse to answer queries for the ANY type
- dns
Firewall List<String>Ips - ecs
Fallback Boolean - Whether to forward client IP (resolver) subnet if no EDNS Client Subnet is sent
- maximum
Cache NumberTtl - Maximum DNS cache TTL This setting sets an upper bound on DNS TTLs for purposes of caching between DNS Firewall and the upstream servers. Higher TTLs will be decreased to the maximum defined here for caching purposes.
- minimum
Cache NumberTtl - Minimum DNS cache TTL This setting sets a lower bound on DNS TTLs for purposes of caching between DNS Firewall and the upstream servers. Lower TTLs will be increased to the minimum defined here for caching purposes.
- modified
On String - Last modification of DNS Firewall cluster
- name String
- DNS Firewall cluster name
- negative
Cache NumberTtl - Negative DNS cache TTL This setting controls how long DNS Firewall should cache negative responses (e.g., NXDOMAIN) from the upstream servers.
- ratelimit Number
- Ratelimit in queries per second per datacenter (applies to DNS queries sent to the upstream nameservers configured on the cluster)
- retries Number
- Number of retries for fetching DNS responses from upstream nameservers (not counting the initial attempt)
- upstream
Ips List<String>
Supporting Types
DnsFirewallAttackMitigation, DnsFirewallAttackMitigationArgs
, DnsFirewallAttackMitigationArgs
- Enabled bool
- When enabled, automatically mitigate random-prefix attacks to protect upstream DNS servers
- Only
When boolUpstream Unhealthy - Only mitigate attacks when upstream servers seem unhealthy
- Enabled bool
- When enabled, automatically mitigate random-prefix attacks to protect upstream DNS servers
- Only
When boolUpstream Unhealthy - Only mitigate attacks when upstream servers seem unhealthy
- enabled Boolean
- When enabled, automatically mitigate random-prefix attacks to protect upstream DNS servers
- only
When BooleanUpstream Unhealthy - Only mitigate attacks when upstream servers seem unhealthy
- enabled boolean
- When enabled, automatically mitigate random-prefix attacks to protect upstream DNS servers
- only
When booleanUpstream Unhealthy - Only mitigate attacks when upstream servers seem unhealthy
- enabled bool
- When enabled, automatically mitigate random-prefix attacks to protect upstream DNS servers
- only_
when_ boolupstream_ unhealthy - Only mitigate attacks when upstream servers seem unhealthy
- enabled Boolean
- When enabled, automatically mitigate random-prefix attacks to protect upstream DNS servers
- only
When BooleanUpstream Unhealthy - Only mitigate attacks when upstream servers seem unhealthy
Import
$ pulumi import cloudflare:index/dnsFirewall:DnsFirewall example '<account_id>/<dns_firewall_id>'
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Cloudflare pulumi/pulumi-cloudflare
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
cloudflareTerraform Provider.