cloudflare.DnsFirewall
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as cloudflare from "@pulumi/cloudflare";
const exampleDnsFirewall = new cloudflare.DnsFirewall("example_dns_firewall", {
accountId: "023e105f4ecef8ad9ca31a8372d0c353",
name: "My Awesome DNS Firewall cluster",
upstreamIps: [
"192.0.2.1",
"198.51.100.1",
"2001:DB8:100::CF",
],
attackMitigation: {
enabled: true,
onlyWhenUpstreamUnhealthy: false,
},
deprecateAnyRequests: true,
ecsFallback: false,
maximumCacheTtl: 900,
minimumCacheTtl: 60,
negativeCacheTtl: 900,
ratelimit: 600,
retries: 2,
});
import pulumi
import pulumi_cloudflare as cloudflare
example_dns_firewall = cloudflare.DnsFirewall("example_dns_firewall",
account_id="023e105f4ecef8ad9ca31a8372d0c353",
name="My Awesome DNS Firewall cluster",
upstream_ips=[
"192.0.2.1",
"198.51.100.1",
"2001:DB8:100::CF",
],
attack_mitigation={
"enabled": True,
"only_when_upstream_unhealthy": False,
},
deprecate_any_requests=True,
ecs_fallback=False,
maximum_cache_ttl=900,
minimum_cache_ttl=60,
negative_cache_ttl=900,
ratelimit=600,
retries=2)
package main
import (
"github.com/pulumi/pulumi-cloudflare/sdk/v6/go/cloudflare"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := cloudflare.NewDnsFirewall(ctx, "example_dns_firewall", &cloudflare.DnsFirewallArgs{
AccountId: pulumi.String("023e105f4ecef8ad9ca31a8372d0c353"),
Name: pulumi.String("My Awesome DNS Firewall cluster"),
UpstreamIps: pulumi.StringArray{
pulumi.String("192.0.2.1"),
pulumi.String("198.51.100.1"),
pulumi.String("2001:DB8:100::CF"),
},
AttackMitigation: &cloudflare.DnsFirewallAttackMitigationArgs{
Enabled: pulumi.Bool(true),
OnlyWhenUpstreamUnhealthy: pulumi.Bool(false),
},
DeprecateAnyRequests: pulumi.Bool(true),
EcsFallback: pulumi.Bool(false),
MaximumCacheTtl: pulumi.Float64(900),
MinimumCacheTtl: pulumi.Float64(60),
NegativeCacheTtl: pulumi.Float64(900),
Ratelimit: pulumi.Float64(600),
Retries: pulumi.Float64(2),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Cloudflare = Pulumi.Cloudflare;
return await Deployment.RunAsync(() =>
{
var exampleDnsFirewall = new Cloudflare.DnsFirewall("example_dns_firewall", new()
{
AccountId = "023e105f4ecef8ad9ca31a8372d0c353",
Name = "My Awesome DNS Firewall cluster",
UpstreamIps = new[]
{
"192.0.2.1",
"198.51.100.1",
"2001:DB8:100::CF",
},
AttackMitigation = new Cloudflare.Inputs.DnsFirewallAttackMitigationArgs
{
Enabled = true,
OnlyWhenUpstreamUnhealthy = false,
},
DeprecateAnyRequests = true,
EcsFallback = false,
MaximumCacheTtl = 900,
MinimumCacheTtl = 60,
NegativeCacheTtl = 900,
Ratelimit = 600,
Retries = 2,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.cloudflare.DnsFirewall;
import com.pulumi.cloudflare.DnsFirewallArgs;
import com.pulumi.cloudflare.inputs.DnsFirewallAttackMitigationArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var exampleDnsFirewall = new DnsFirewall("exampleDnsFirewall", DnsFirewallArgs.builder()
.accountId("023e105f4ecef8ad9ca31a8372d0c353")
.name("My Awesome DNS Firewall cluster")
.upstreamIps(
"192.0.2.1",
"198.51.100.1",
"2001:DB8:100::CF")
.attackMitigation(DnsFirewallAttackMitigationArgs.builder()
.enabled(true)
.onlyWhenUpstreamUnhealthy(false)
.build())
.deprecateAnyRequests(true)
.ecsFallback(false)
.maximumCacheTtl(900.0)
.minimumCacheTtl(60.0)
.negativeCacheTtl(900.0)
.ratelimit(600.0)
.retries(2.0)
.build());
}
}
resources:
exampleDnsFirewall:
type: cloudflare:DnsFirewall
name: example_dns_firewall
properties:
accountId: 023e105f4ecef8ad9ca31a8372d0c353
name: My Awesome DNS Firewall cluster
upstreamIps:
- 192.0.2.1
- 198.51.100.1
- 2001:DB8:100::CF
attackMitigation:
enabled: true
onlyWhenUpstreamUnhealthy: false
deprecateAnyRequests: true
ecsFallback: false
maximumCacheTtl: 900
minimumCacheTtl: 60
negativeCacheTtl: 900
ratelimit: 600
retries: 2
Create DnsFirewall Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new DnsFirewall(name: string, args: DnsFirewallArgs, opts?: CustomResourceOptions);@overload
def DnsFirewall(resource_name: str,
args: DnsFirewallArgs,
opts: Optional[ResourceOptions] = None)
@overload
def DnsFirewall(resource_name: str,
opts: Optional[ResourceOptions] = None,
account_id: Optional[str] = None,
name: Optional[str] = None,
upstream_ips: Optional[Sequence[str]] = None,
attack_mitigation: Optional[DnsFirewallAttackMitigationArgs] = None,
deprecate_any_requests: Optional[bool] = None,
ecs_fallback: Optional[bool] = None,
maximum_cache_ttl: Optional[float] = None,
minimum_cache_ttl: Optional[float] = None,
negative_cache_ttl: Optional[float] = None,
ratelimit: Optional[float] = None,
retries: Optional[float] = None)func NewDnsFirewall(ctx *Context, name string, args DnsFirewallArgs, opts ...ResourceOption) (*DnsFirewall, error)public DnsFirewall(string name, DnsFirewallArgs args, CustomResourceOptions? opts = null)
public DnsFirewall(String name, DnsFirewallArgs args)
public DnsFirewall(String name, DnsFirewallArgs args, CustomResourceOptions options)
type: cloudflare:DnsFirewall
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args DnsFirewallArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args DnsFirewallArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args DnsFirewallArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args DnsFirewallArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args DnsFirewallArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var dnsFirewallResource = new Cloudflare.DnsFirewall("dnsFirewallResource", new()
{
AccountId = "string",
Name = "string",
UpstreamIps = new[]
{
"string",
},
AttackMitigation = new Cloudflare.Inputs.DnsFirewallAttackMitigationArgs
{
Enabled = false,
OnlyWhenUpstreamUnhealthy = false,
},
DeprecateAnyRequests = false,
EcsFallback = false,
MaximumCacheTtl = 0,
MinimumCacheTtl = 0,
NegativeCacheTtl = 0,
Ratelimit = 0,
Retries = 0,
});
example, err := cloudflare.NewDnsFirewall(ctx, "dnsFirewallResource", &cloudflare.DnsFirewallArgs{
AccountId: pulumi.String("string"),
Name: pulumi.String("string"),
UpstreamIps: pulumi.StringArray{
pulumi.String("string"),
},
AttackMitigation: &cloudflare.DnsFirewallAttackMitigationArgs{
Enabled: pulumi.Bool(false),
OnlyWhenUpstreamUnhealthy: pulumi.Bool(false),
},
DeprecateAnyRequests: pulumi.Bool(false),
EcsFallback: pulumi.Bool(false),
MaximumCacheTtl: pulumi.Float64(0),
MinimumCacheTtl: pulumi.Float64(0),
NegativeCacheTtl: pulumi.Float64(0),
Ratelimit: pulumi.Float64(0),
Retries: pulumi.Float64(0),
})
var dnsFirewallResource = new DnsFirewall("dnsFirewallResource", DnsFirewallArgs.builder()
.accountId("string")
.name("string")
.upstreamIps("string")
.attackMitigation(DnsFirewallAttackMitigationArgs.builder()
.enabled(false)
.onlyWhenUpstreamUnhealthy(false)
.build())
.deprecateAnyRequests(false)
.ecsFallback(false)
.maximumCacheTtl(0.0)
.minimumCacheTtl(0.0)
.negativeCacheTtl(0.0)
.ratelimit(0.0)
.retries(0.0)
.build());
dns_firewall_resource = cloudflare.DnsFirewall("dnsFirewallResource",
account_id="string",
name="string",
upstream_ips=["string"],
attack_mitigation={
"enabled": False,
"only_when_upstream_unhealthy": False,
},
deprecate_any_requests=False,
ecs_fallback=False,
maximum_cache_ttl=0,
minimum_cache_ttl=0,
negative_cache_ttl=0,
ratelimit=0,
retries=0)
const dnsFirewallResource = new cloudflare.DnsFirewall("dnsFirewallResource", {
accountId: "string",
name: "string",
upstreamIps: ["string"],
attackMitigation: {
enabled: false,
onlyWhenUpstreamUnhealthy: false,
},
deprecateAnyRequests: false,
ecsFallback: false,
maximumCacheTtl: 0,
minimumCacheTtl: 0,
negativeCacheTtl: 0,
ratelimit: 0,
retries: 0,
});
type: cloudflare:DnsFirewall
properties:
accountId: string
attackMitigation:
enabled: false
onlyWhenUpstreamUnhealthy: false
deprecateAnyRequests: false
ecsFallback: false
maximumCacheTtl: 0
minimumCacheTtl: 0
name: string
negativeCacheTtl: 0
ratelimit: 0
retries: 0
upstreamIps:
- string
DnsFirewall Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The DnsFirewall resource accepts the following input properties:
- Account
Id string - Identifier.
- Name string
- DNS Firewall cluster name
- Upstream
Ips List<string> - Attack
Mitigation DnsFirewall Attack Mitigation - Attack mitigation settings
- Deprecate
Any boolRequests - Whether to refuse to answer queries for the ANY type
- Ecs
Fallback bool - Whether to forward client IP (resolver) subnet if no EDNS Client Subnet is sent
- Maximum
Cache doubleTtl - By default, Cloudflare attempts to cache responses for as long as indicated by the TTL received from upstream nameservers. This setting sets an upper bound on this duration. For caching purposes, higher TTLs will be decreased to the maximum value defined by this setting.
- Minimum
Cache doubleTtl By default, Cloudflare attempts to cache responses for as long as indicated by the TTL received from upstream nameservers. This setting sets a lower bound on this duration. For caching purposes, lower TTLs will be increased to the minimum value defined by this setting.
This setting does not affect the TTL value in the DNS response Cloudflare returns to clients. Cloudflare will always forward the TTL value received from upstream nameservers.
Note that, even with this setting, there is no guarantee that a response will be cached for at least the specified duration. Cached responses may be removed earlier for capacity or other operational reasons.
- Negative
Cache doubleTtl This setting controls how long DNS Firewall should cache negative responses (e.g., NXDOMAIN) from the upstream servers.
This setting does not affect the TTL value in the DNS response Cloudflare returns to clients. Cloudflare will always forward the TTL value received from upstream nameservers.
- Ratelimit double
- Ratelimit in queries per second per datacenter (applies to DNS queries sent to the upstream nameservers configured on the cluster)
- Retries double
- Number of retries for fetching DNS responses from upstream nameservers (not counting the initial attempt)
- Account
Id string - Identifier.
- Name string
- DNS Firewall cluster name
- Upstream
Ips []string - Attack
Mitigation DnsFirewall Attack Mitigation Args - Attack mitigation settings
- Deprecate
Any boolRequests - Whether to refuse to answer queries for the ANY type
- Ecs
Fallback bool - Whether to forward client IP (resolver) subnet if no EDNS Client Subnet is sent
- Maximum
Cache float64Ttl - By default, Cloudflare attempts to cache responses for as long as indicated by the TTL received from upstream nameservers. This setting sets an upper bound on this duration. For caching purposes, higher TTLs will be decreased to the maximum value defined by this setting.
- Minimum
Cache float64Ttl By default, Cloudflare attempts to cache responses for as long as indicated by the TTL received from upstream nameservers. This setting sets a lower bound on this duration. For caching purposes, lower TTLs will be increased to the minimum value defined by this setting.
This setting does not affect the TTL value in the DNS response Cloudflare returns to clients. Cloudflare will always forward the TTL value received from upstream nameservers.
Note that, even with this setting, there is no guarantee that a response will be cached for at least the specified duration. Cached responses may be removed earlier for capacity or other operational reasons.
- Negative
Cache float64Ttl This setting controls how long DNS Firewall should cache negative responses (e.g., NXDOMAIN) from the upstream servers.
This setting does not affect the TTL value in the DNS response Cloudflare returns to clients. Cloudflare will always forward the TTL value received from upstream nameservers.
- Ratelimit float64
- Ratelimit in queries per second per datacenter (applies to DNS queries sent to the upstream nameservers configured on the cluster)
- Retries float64
- Number of retries for fetching DNS responses from upstream nameservers (not counting the initial attempt)
- account
Id String - Identifier.
- name String
- DNS Firewall cluster name
- upstream
Ips List<String> - attack
Mitigation DnsFirewall Attack Mitigation - Attack mitigation settings
- deprecate
Any BooleanRequests - Whether to refuse to answer queries for the ANY type
- ecs
Fallback Boolean - Whether to forward client IP (resolver) subnet if no EDNS Client Subnet is sent
- maximum
Cache DoubleTtl - By default, Cloudflare attempts to cache responses for as long as indicated by the TTL received from upstream nameservers. This setting sets an upper bound on this duration. For caching purposes, higher TTLs will be decreased to the maximum value defined by this setting.
- minimum
Cache DoubleTtl By default, Cloudflare attempts to cache responses for as long as indicated by the TTL received from upstream nameservers. This setting sets a lower bound on this duration. For caching purposes, lower TTLs will be increased to the minimum value defined by this setting.
This setting does not affect the TTL value in the DNS response Cloudflare returns to clients. Cloudflare will always forward the TTL value received from upstream nameservers.
Note that, even with this setting, there is no guarantee that a response will be cached for at least the specified duration. Cached responses may be removed earlier for capacity or other operational reasons.
- negative
Cache DoubleTtl This setting controls how long DNS Firewall should cache negative responses (e.g., NXDOMAIN) from the upstream servers.
This setting does not affect the TTL value in the DNS response Cloudflare returns to clients. Cloudflare will always forward the TTL value received from upstream nameservers.
- ratelimit Double
- Ratelimit in queries per second per datacenter (applies to DNS queries sent to the upstream nameservers configured on the cluster)
- retries Double
- Number of retries for fetching DNS responses from upstream nameservers (not counting the initial attempt)
- account
Id string - Identifier.
- name string
- DNS Firewall cluster name
- upstream
Ips string[] - attack
Mitigation DnsFirewall Attack Mitigation - Attack mitigation settings
- deprecate
Any booleanRequests - Whether to refuse to answer queries for the ANY type
- ecs
Fallback boolean - Whether to forward client IP (resolver) subnet if no EDNS Client Subnet is sent
- maximum
Cache numberTtl - By default, Cloudflare attempts to cache responses for as long as indicated by the TTL received from upstream nameservers. This setting sets an upper bound on this duration. For caching purposes, higher TTLs will be decreased to the maximum value defined by this setting.
- minimum
Cache numberTtl By default, Cloudflare attempts to cache responses for as long as indicated by the TTL received from upstream nameservers. This setting sets a lower bound on this duration. For caching purposes, lower TTLs will be increased to the minimum value defined by this setting.
This setting does not affect the TTL value in the DNS response Cloudflare returns to clients. Cloudflare will always forward the TTL value received from upstream nameservers.
Note that, even with this setting, there is no guarantee that a response will be cached for at least the specified duration. Cached responses may be removed earlier for capacity or other operational reasons.
- negative
Cache numberTtl This setting controls how long DNS Firewall should cache negative responses (e.g., NXDOMAIN) from the upstream servers.
This setting does not affect the TTL value in the DNS response Cloudflare returns to clients. Cloudflare will always forward the TTL value received from upstream nameservers.
- ratelimit number
- Ratelimit in queries per second per datacenter (applies to DNS queries sent to the upstream nameservers configured on the cluster)
- retries number
- Number of retries for fetching DNS responses from upstream nameservers (not counting the initial attempt)
- account_
id str - Identifier.
- name str
- DNS Firewall cluster name
- upstream_
ips Sequence[str] - attack_
mitigation DnsFirewall Attack Mitigation Args - Attack mitigation settings
- deprecate_
any_ boolrequests - Whether to refuse to answer queries for the ANY type
- ecs_
fallback bool - Whether to forward client IP (resolver) subnet if no EDNS Client Subnet is sent
- maximum_
cache_ floatttl - By default, Cloudflare attempts to cache responses for as long as indicated by the TTL received from upstream nameservers. This setting sets an upper bound on this duration. For caching purposes, higher TTLs will be decreased to the maximum value defined by this setting.
- minimum_
cache_ floatttl By default, Cloudflare attempts to cache responses for as long as indicated by the TTL received from upstream nameservers. This setting sets a lower bound on this duration. For caching purposes, lower TTLs will be increased to the minimum value defined by this setting.
This setting does not affect the TTL value in the DNS response Cloudflare returns to clients. Cloudflare will always forward the TTL value received from upstream nameservers.
Note that, even with this setting, there is no guarantee that a response will be cached for at least the specified duration. Cached responses may be removed earlier for capacity or other operational reasons.
- negative_
cache_ floatttl This setting controls how long DNS Firewall should cache negative responses (e.g., NXDOMAIN) from the upstream servers.
This setting does not affect the TTL value in the DNS response Cloudflare returns to clients. Cloudflare will always forward the TTL value received from upstream nameservers.
- ratelimit float
- Ratelimit in queries per second per datacenter (applies to DNS queries sent to the upstream nameservers configured on the cluster)
- retries float
- Number of retries for fetching DNS responses from upstream nameservers (not counting the initial attempt)
- account
Id String - Identifier.
- name String
- DNS Firewall cluster name
- upstream
Ips List<String> - attack
Mitigation Property Map - Attack mitigation settings
- deprecate
Any BooleanRequests - Whether to refuse to answer queries for the ANY type
- ecs
Fallback Boolean - Whether to forward client IP (resolver) subnet if no EDNS Client Subnet is sent
- maximum
Cache NumberTtl - By default, Cloudflare attempts to cache responses for as long as indicated by the TTL received from upstream nameservers. This setting sets an upper bound on this duration. For caching purposes, higher TTLs will be decreased to the maximum value defined by this setting.
- minimum
Cache NumberTtl By default, Cloudflare attempts to cache responses for as long as indicated by the TTL received from upstream nameservers. This setting sets a lower bound on this duration. For caching purposes, lower TTLs will be increased to the minimum value defined by this setting.
This setting does not affect the TTL value in the DNS response Cloudflare returns to clients. Cloudflare will always forward the TTL value received from upstream nameservers.
Note that, even with this setting, there is no guarantee that a response will be cached for at least the specified duration. Cached responses may be removed earlier for capacity or other operational reasons.
- negative
Cache NumberTtl This setting controls how long DNS Firewall should cache negative responses (e.g., NXDOMAIN) from the upstream servers.
This setting does not affect the TTL value in the DNS response Cloudflare returns to clients. Cloudflare will always forward the TTL value received from upstream nameservers.
- ratelimit Number
- Ratelimit in queries per second per datacenter (applies to DNS queries sent to the upstream nameservers configured on the cluster)
- retries Number
- Number of retries for fetching DNS responses from upstream nameservers (not counting the initial attempt)
Outputs
All input properties are implicitly available as output properties. Additionally, the DnsFirewall resource produces the following output properties:
- Dns
Firewall List<string>Ips - Id string
- The provider-assigned unique ID for this managed resource.
- Modified
On string - Last modification of DNS Firewall cluster
- Dns
Firewall []stringIps - Id string
- The provider-assigned unique ID for this managed resource.
- Modified
On string - Last modification of DNS Firewall cluster
- dns
Firewall List<String>Ips - id String
- The provider-assigned unique ID for this managed resource.
- modified
On String - Last modification of DNS Firewall cluster
- dns
Firewall string[]Ips - id string
- The provider-assigned unique ID for this managed resource.
- modified
On string - Last modification of DNS Firewall cluster
- dns_
firewall_ Sequence[str]ips - id str
- The provider-assigned unique ID for this managed resource.
- modified_
on str - Last modification of DNS Firewall cluster
- dns
Firewall List<String>Ips - id String
- The provider-assigned unique ID for this managed resource.
- modified
On String - Last modification of DNS Firewall cluster
Look up Existing DnsFirewall Resource
Get an existing DnsFirewall resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: DnsFirewallState, opts?: CustomResourceOptions): DnsFirewall@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
account_id: Optional[str] = None,
attack_mitigation: Optional[DnsFirewallAttackMitigationArgs] = None,
deprecate_any_requests: Optional[bool] = None,
dns_firewall_ips: Optional[Sequence[str]] = None,
ecs_fallback: Optional[bool] = None,
maximum_cache_ttl: Optional[float] = None,
minimum_cache_ttl: Optional[float] = None,
modified_on: Optional[str] = None,
name: Optional[str] = None,
negative_cache_ttl: Optional[float] = None,
ratelimit: Optional[float] = None,
retries: Optional[float] = None,
upstream_ips: Optional[Sequence[str]] = None) -> DnsFirewallfunc GetDnsFirewall(ctx *Context, name string, id IDInput, state *DnsFirewallState, opts ...ResourceOption) (*DnsFirewall, error)public static DnsFirewall Get(string name, Input<string> id, DnsFirewallState? state, CustomResourceOptions? opts = null)public static DnsFirewall get(String name, Output<String> id, DnsFirewallState state, CustomResourceOptions options)resources: _: type: cloudflare:DnsFirewall get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Account
Id string - Identifier.
- Attack
Mitigation DnsFirewall Attack Mitigation - Attack mitigation settings
- Deprecate
Any boolRequests - Whether to refuse to answer queries for the ANY type
- Dns
Firewall List<string>Ips - Ecs
Fallback bool - Whether to forward client IP (resolver) subnet if no EDNS Client Subnet is sent
- Maximum
Cache doubleTtl - By default, Cloudflare attempts to cache responses for as long as indicated by the TTL received from upstream nameservers. This setting sets an upper bound on this duration. For caching purposes, higher TTLs will be decreased to the maximum value defined by this setting.
- Minimum
Cache doubleTtl By default, Cloudflare attempts to cache responses for as long as indicated by the TTL received from upstream nameservers. This setting sets a lower bound on this duration. For caching purposes, lower TTLs will be increased to the minimum value defined by this setting.
This setting does not affect the TTL value in the DNS response Cloudflare returns to clients. Cloudflare will always forward the TTL value received from upstream nameservers.
Note that, even with this setting, there is no guarantee that a response will be cached for at least the specified duration. Cached responses may be removed earlier for capacity or other operational reasons.
- Modified
On string - Last modification of DNS Firewall cluster
- Name string
- DNS Firewall cluster name
- Negative
Cache doubleTtl This setting controls how long DNS Firewall should cache negative responses (e.g., NXDOMAIN) from the upstream servers.
This setting does not affect the TTL value in the DNS response Cloudflare returns to clients. Cloudflare will always forward the TTL value received from upstream nameservers.
- Ratelimit double
- Ratelimit in queries per second per datacenter (applies to DNS queries sent to the upstream nameservers configured on the cluster)
- Retries double
- Number of retries for fetching DNS responses from upstream nameservers (not counting the initial attempt)
- Upstream
Ips List<string>
- Account
Id string - Identifier.
- Attack
Mitigation DnsFirewall Attack Mitigation Args - Attack mitigation settings
- Deprecate
Any boolRequests - Whether to refuse to answer queries for the ANY type
- Dns
Firewall []stringIps - Ecs
Fallback bool - Whether to forward client IP (resolver) subnet if no EDNS Client Subnet is sent
- Maximum
Cache float64Ttl - By default, Cloudflare attempts to cache responses for as long as indicated by the TTL received from upstream nameservers. This setting sets an upper bound on this duration. For caching purposes, higher TTLs will be decreased to the maximum value defined by this setting.
- Minimum
Cache float64Ttl By default, Cloudflare attempts to cache responses for as long as indicated by the TTL received from upstream nameservers. This setting sets a lower bound on this duration. For caching purposes, lower TTLs will be increased to the minimum value defined by this setting.
This setting does not affect the TTL value in the DNS response Cloudflare returns to clients. Cloudflare will always forward the TTL value received from upstream nameservers.
Note that, even with this setting, there is no guarantee that a response will be cached for at least the specified duration. Cached responses may be removed earlier for capacity or other operational reasons.
- Modified
On string - Last modification of DNS Firewall cluster
- Name string
- DNS Firewall cluster name
- Negative
Cache float64Ttl This setting controls how long DNS Firewall should cache negative responses (e.g., NXDOMAIN) from the upstream servers.
This setting does not affect the TTL value in the DNS response Cloudflare returns to clients. Cloudflare will always forward the TTL value received from upstream nameservers.
- Ratelimit float64
- Ratelimit in queries per second per datacenter (applies to DNS queries sent to the upstream nameservers configured on the cluster)
- Retries float64
- Number of retries for fetching DNS responses from upstream nameservers (not counting the initial attempt)
- Upstream
Ips []string
- account
Id String - Identifier.
- attack
Mitigation DnsFirewall Attack Mitigation - Attack mitigation settings
- deprecate
Any BooleanRequests - Whether to refuse to answer queries for the ANY type
- dns
Firewall List<String>Ips - ecs
Fallback Boolean - Whether to forward client IP (resolver) subnet if no EDNS Client Subnet is sent
- maximum
Cache DoubleTtl - By default, Cloudflare attempts to cache responses for as long as indicated by the TTL received from upstream nameservers. This setting sets an upper bound on this duration. For caching purposes, higher TTLs will be decreased to the maximum value defined by this setting.
- minimum
Cache DoubleTtl By default, Cloudflare attempts to cache responses for as long as indicated by the TTL received from upstream nameservers. This setting sets a lower bound on this duration. For caching purposes, lower TTLs will be increased to the minimum value defined by this setting.
This setting does not affect the TTL value in the DNS response Cloudflare returns to clients. Cloudflare will always forward the TTL value received from upstream nameservers.
Note that, even with this setting, there is no guarantee that a response will be cached for at least the specified duration. Cached responses may be removed earlier for capacity or other operational reasons.
- modified
On String - Last modification of DNS Firewall cluster
- name String
- DNS Firewall cluster name
- negative
Cache DoubleTtl This setting controls how long DNS Firewall should cache negative responses (e.g., NXDOMAIN) from the upstream servers.
This setting does not affect the TTL value in the DNS response Cloudflare returns to clients. Cloudflare will always forward the TTL value received from upstream nameservers.
- ratelimit Double
- Ratelimit in queries per second per datacenter (applies to DNS queries sent to the upstream nameservers configured on the cluster)
- retries Double
- Number of retries for fetching DNS responses from upstream nameservers (not counting the initial attempt)
- upstream
Ips List<String>
- account
Id string - Identifier.
- attack
Mitigation DnsFirewall Attack Mitigation - Attack mitigation settings
- deprecate
Any booleanRequests - Whether to refuse to answer queries for the ANY type
- dns
Firewall string[]Ips - ecs
Fallback boolean - Whether to forward client IP (resolver) subnet if no EDNS Client Subnet is sent
- maximum
Cache numberTtl - By default, Cloudflare attempts to cache responses for as long as indicated by the TTL received from upstream nameservers. This setting sets an upper bound on this duration. For caching purposes, higher TTLs will be decreased to the maximum value defined by this setting.
- minimum
Cache numberTtl By default, Cloudflare attempts to cache responses for as long as indicated by the TTL received from upstream nameservers. This setting sets a lower bound on this duration. For caching purposes, lower TTLs will be increased to the minimum value defined by this setting.
This setting does not affect the TTL value in the DNS response Cloudflare returns to clients. Cloudflare will always forward the TTL value received from upstream nameservers.
Note that, even with this setting, there is no guarantee that a response will be cached for at least the specified duration. Cached responses may be removed earlier for capacity or other operational reasons.
- modified
On string - Last modification of DNS Firewall cluster
- name string
- DNS Firewall cluster name
- negative
Cache numberTtl This setting controls how long DNS Firewall should cache negative responses (e.g., NXDOMAIN) from the upstream servers.
This setting does not affect the TTL value in the DNS response Cloudflare returns to clients. Cloudflare will always forward the TTL value received from upstream nameservers.
- ratelimit number
- Ratelimit in queries per second per datacenter (applies to DNS queries sent to the upstream nameservers configured on the cluster)
- retries number
- Number of retries for fetching DNS responses from upstream nameservers (not counting the initial attempt)
- upstream
Ips string[]
- account_
id str - Identifier.
- attack_
mitigation DnsFirewall Attack Mitigation Args - Attack mitigation settings
- deprecate_
any_ boolrequests - Whether to refuse to answer queries for the ANY type
- dns_
firewall_ Sequence[str]ips - ecs_
fallback bool - Whether to forward client IP (resolver) subnet if no EDNS Client Subnet is sent
- maximum_
cache_ floatttl - By default, Cloudflare attempts to cache responses for as long as indicated by the TTL received from upstream nameservers. This setting sets an upper bound on this duration. For caching purposes, higher TTLs will be decreased to the maximum value defined by this setting.
- minimum_
cache_ floatttl By default, Cloudflare attempts to cache responses for as long as indicated by the TTL received from upstream nameservers. This setting sets a lower bound on this duration. For caching purposes, lower TTLs will be increased to the minimum value defined by this setting.
This setting does not affect the TTL value in the DNS response Cloudflare returns to clients. Cloudflare will always forward the TTL value received from upstream nameservers.
Note that, even with this setting, there is no guarantee that a response will be cached for at least the specified duration. Cached responses may be removed earlier for capacity or other operational reasons.
- modified_
on str - Last modification of DNS Firewall cluster
- name str
- DNS Firewall cluster name
- negative_
cache_ floatttl This setting controls how long DNS Firewall should cache negative responses (e.g., NXDOMAIN) from the upstream servers.
This setting does not affect the TTL value in the DNS response Cloudflare returns to clients. Cloudflare will always forward the TTL value received from upstream nameservers.
- ratelimit float
- Ratelimit in queries per second per datacenter (applies to DNS queries sent to the upstream nameservers configured on the cluster)
- retries float
- Number of retries for fetching DNS responses from upstream nameservers (not counting the initial attempt)
- upstream_
ips Sequence[str]
- account
Id String - Identifier.
- attack
Mitigation Property Map - Attack mitigation settings
- deprecate
Any BooleanRequests - Whether to refuse to answer queries for the ANY type
- dns
Firewall List<String>Ips - ecs
Fallback Boolean - Whether to forward client IP (resolver) subnet if no EDNS Client Subnet is sent
- maximum
Cache NumberTtl - By default, Cloudflare attempts to cache responses for as long as indicated by the TTL received from upstream nameservers. This setting sets an upper bound on this duration. For caching purposes, higher TTLs will be decreased to the maximum value defined by this setting.
- minimum
Cache NumberTtl By default, Cloudflare attempts to cache responses for as long as indicated by the TTL received from upstream nameservers. This setting sets a lower bound on this duration. For caching purposes, lower TTLs will be increased to the minimum value defined by this setting.
This setting does not affect the TTL value in the DNS response Cloudflare returns to clients. Cloudflare will always forward the TTL value received from upstream nameservers.
Note that, even with this setting, there is no guarantee that a response will be cached for at least the specified duration. Cached responses may be removed earlier for capacity or other operational reasons.
- modified
On String - Last modification of DNS Firewall cluster
- name String
- DNS Firewall cluster name
- negative
Cache NumberTtl This setting controls how long DNS Firewall should cache negative responses (e.g., NXDOMAIN) from the upstream servers.
This setting does not affect the TTL value in the DNS response Cloudflare returns to clients. Cloudflare will always forward the TTL value received from upstream nameservers.
- ratelimit Number
- Ratelimit in queries per second per datacenter (applies to DNS queries sent to the upstream nameservers configured on the cluster)
- retries Number
- Number of retries for fetching DNS responses from upstream nameservers (not counting the initial attempt)
- upstream
Ips List<String>
Supporting Types
DnsFirewallAttackMitigation, DnsFirewallAttackMitigationArgs
- Enabled bool
- When enabled, automatically mitigate random-prefix attacks to protect upstream DNS servers
- Only
When boolUpstream Unhealthy - Only mitigate attacks when upstream servers seem unhealthy
- Enabled bool
- When enabled, automatically mitigate random-prefix attacks to protect upstream DNS servers
- Only
When boolUpstream Unhealthy - Only mitigate attacks when upstream servers seem unhealthy
- enabled Boolean
- When enabled, automatically mitigate random-prefix attacks to protect upstream DNS servers
- only
When BooleanUpstream Unhealthy - Only mitigate attacks when upstream servers seem unhealthy
- enabled boolean
- When enabled, automatically mitigate random-prefix attacks to protect upstream DNS servers
- only
When booleanUpstream Unhealthy - Only mitigate attacks when upstream servers seem unhealthy
- enabled bool
- When enabled, automatically mitigate random-prefix attacks to protect upstream DNS servers
- only_
when_ boolupstream_ unhealthy - Only mitigate attacks when upstream servers seem unhealthy
- enabled Boolean
- When enabled, automatically mitigate random-prefix attacks to protect upstream DNS servers
- only
When BooleanUpstream Unhealthy - Only mitigate attacks when upstream servers seem unhealthy
Import
$ pulumi import cloudflare:index/dnsFirewall:DnsFirewall example '<account_id>/<dns_firewall_id>'
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Cloudflare pulumi/pulumi-cloudflare
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
cloudflareTerraform Provider.
