Docs Home
Cloudflare v6.1.2 published on Monday, Apr 28, 2025 by Pulumi
cloudflare.getDnsFirewall
Explore with Pulumi AI
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as cloudflare from "@pulumi/cloudflare";
const exampleDnsFirewall = cloudflare.getDnsFirewall({
accountId: "023e105f4ecef8ad9ca31a8372d0c353",
dnsFirewallId: "023e105f4ecef8ad9ca31a8372d0c353",
});
import pulumi
import pulumi_cloudflare as cloudflare
example_dns_firewall = cloudflare.get_dns_firewall(account_id="023e105f4ecef8ad9ca31a8372d0c353",
dns_firewall_id="023e105f4ecef8ad9ca31a8372d0c353")
package main
import (
"github.com/pulumi/pulumi-cloudflare/sdk/v6/go/cloudflare"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := cloudflare.LookupDnsFirewall(ctx, &cloudflare.LookupDnsFirewallArgs{
AccountId: "023e105f4ecef8ad9ca31a8372d0c353",
DnsFirewallId: pulumi.StringRef("023e105f4ecef8ad9ca31a8372d0c353"),
}, nil)
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Cloudflare = Pulumi.Cloudflare;
return await Deployment.RunAsync(() =>
{
var exampleDnsFirewall = Cloudflare.GetDnsFirewall.Invoke(new()
{
AccountId = "023e105f4ecef8ad9ca31a8372d0c353",
DnsFirewallId = "023e105f4ecef8ad9ca31a8372d0c353",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.cloudflare.CloudflareFunctions;
import com.pulumi.cloudflare.inputs.GetDnsFirewallArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var exampleDnsFirewall = CloudflareFunctions.getDnsFirewall(GetDnsFirewallArgs.builder()
.accountId("023e105f4ecef8ad9ca31a8372d0c353")
.dnsFirewallId("023e105f4ecef8ad9ca31a8372d0c353")
.build());
}
}
variables:
exampleDnsFirewall:
fn::invoke:
function: cloudflare:getDnsFirewall
arguments:
accountId: 023e105f4ecef8ad9ca31a8372d0c353
dnsFirewallId: 023e105f4ecef8ad9ca31a8372d0c353
Using getDnsFirewall
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getDnsFirewall(args: GetDnsFirewallArgs, opts?: InvokeOptions): Promise<GetDnsFirewallResult>
function getDnsFirewallOutput(args: GetDnsFirewallOutputArgs, opts?: InvokeOptions): Output<GetDnsFirewallResult>def get_dns_firewall(account_id: Optional[str] = None,
dns_firewall_id: Optional[str] = None,
opts: Optional[InvokeOptions] = None) -> GetDnsFirewallResult
def get_dns_firewall_output(account_id: Optional[pulumi.Input[str]] = None,
dns_firewall_id: Optional[pulumi.Input[str]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetDnsFirewallResult]func LookupDnsFirewall(ctx *Context, args *LookupDnsFirewallArgs, opts ...InvokeOption) (*LookupDnsFirewallResult, error)
func LookupDnsFirewallOutput(ctx *Context, args *LookupDnsFirewallOutputArgs, opts ...InvokeOption) LookupDnsFirewallResultOutput> Note: This function is named LookupDnsFirewall in the Go SDK.
public static class GetDnsFirewall
{
public static Task<GetDnsFirewallResult> InvokeAsync(GetDnsFirewallArgs args, InvokeOptions? opts = null)
public static Output<GetDnsFirewallResult> Invoke(GetDnsFirewallInvokeArgs args, InvokeOptions? opts = null)
}public static CompletableFuture<GetDnsFirewallResult> getDnsFirewall(GetDnsFirewallArgs args, InvokeOptions options)
public static Output<GetDnsFirewallResult> getDnsFirewall(GetDnsFirewallArgs args, InvokeOptions options)
fn::invoke:
function: cloudflare:index/getDnsFirewall:getDnsFirewall
arguments:
# arguments dictionaryThe following arguments are supported:
- Account
Id string - Identifier.
- Dns
Firewall stringId - Identifier.
- Account
Id string - Identifier.
- Dns
Firewall stringId - Identifier.
- account
Id String - Identifier.
- dns
Firewall StringId - Identifier.
- account
Id string - Identifier.
- dns
Firewall stringId - Identifier.
- account_
id str - Identifier.
- dns_
firewall_ strid - Identifier.
- account
Id String - Identifier.
- dns
Firewall StringId - Identifier.
getDnsFirewall Result
The following output properties are available:
- Account
Id string - Identifier.
- Attack
Mitigation GetDns Firewall Attack Mitigation - Attack mitigation settings
- Deprecate
Any boolRequests - Whether to refuse to answer queries for the ANY type
- Dns
Firewall List<string>Ips - Ecs
Fallback bool - Whether to forward client IP (resolver) subnet if no EDNS Client Subnet is sent
- Id string
- Identifier.
- Maximum
Cache doubleTtl - Maximum DNS cache TTL This setting sets an upper bound on DNS TTLs for purposes of caching between DNS Firewall and the upstream servers. Higher TTLs will be decreased to the maximum defined here for caching purposes.
- Minimum
Cache doubleTtl - Minimum DNS cache TTL This setting sets a lower bound on DNS TTLs for purposes of caching between DNS Firewall and the upstream servers. Lower TTLs will be increased to the minimum defined here for caching purposes.
- Modified
On string - Last modification of DNS Firewall cluster
- Name string
- DNS Firewall cluster name
- Negative
Cache doubleTtl - Negative DNS cache TTL This setting controls how long DNS Firewall should cache negative responses (e.g., NXDOMAIN) from the upstream servers.
- Ratelimit double
- Ratelimit in queries per second per datacenter (applies to DNS queries sent to the upstream nameservers configured on the cluster)
- Retries double
- Number of retries for fetching DNS responses from upstream nameservers (not counting the initial attempt)
- Upstream
Ips List<string> - Dns
Firewall stringId - Identifier.
- Account
Id string - Identifier.
- Attack
Mitigation GetDns Firewall Attack Mitigation - Attack mitigation settings
- Deprecate
Any boolRequests - Whether to refuse to answer queries for the ANY type
- Dns
Firewall []stringIps - Ecs
Fallback bool - Whether to forward client IP (resolver) subnet if no EDNS Client Subnet is sent
- Id string
- Identifier.
- Maximum
Cache float64Ttl - Maximum DNS cache TTL This setting sets an upper bound on DNS TTLs for purposes of caching between DNS Firewall and the upstream servers. Higher TTLs will be decreased to the maximum defined here for caching purposes.
- Minimum
Cache float64Ttl - Minimum DNS cache TTL This setting sets a lower bound on DNS TTLs for purposes of caching between DNS Firewall and the upstream servers. Lower TTLs will be increased to the minimum defined here for caching purposes.
- Modified
On string - Last modification of DNS Firewall cluster
- Name string
- DNS Firewall cluster name
- Negative
Cache float64Ttl - Negative DNS cache TTL This setting controls how long DNS Firewall should cache negative responses (e.g., NXDOMAIN) from the upstream servers.
- Ratelimit float64
- Ratelimit in queries per second per datacenter (applies to DNS queries sent to the upstream nameservers configured on the cluster)
- Retries float64
- Number of retries for fetching DNS responses from upstream nameservers (not counting the initial attempt)
- Upstream
Ips []string - Dns
Firewall stringId - Identifier.
- account
Id String - Identifier.
- attack
Mitigation GetDns Firewall Attack Mitigation - Attack mitigation settings
- deprecate
Any BooleanRequests - Whether to refuse to answer queries for the ANY type
- dns
Firewall List<String>Ips - ecs
Fallback Boolean - Whether to forward client IP (resolver) subnet if no EDNS Client Subnet is sent
- id String
- Identifier.
- maximum
Cache DoubleTtl - Maximum DNS cache TTL This setting sets an upper bound on DNS TTLs for purposes of caching between DNS Firewall and the upstream servers. Higher TTLs will be decreased to the maximum defined here for caching purposes.
- minimum
Cache DoubleTtl - Minimum DNS cache TTL This setting sets a lower bound on DNS TTLs for purposes of caching between DNS Firewall and the upstream servers. Lower TTLs will be increased to the minimum defined here for caching purposes.
- modified
On String - Last modification of DNS Firewall cluster
- name String
- DNS Firewall cluster name
- negative
Cache DoubleTtl - Negative DNS cache TTL This setting controls how long DNS Firewall should cache negative responses (e.g., NXDOMAIN) from the upstream servers.
- ratelimit Double
- Ratelimit in queries per second per datacenter (applies to DNS queries sent to the upstream nameservers configured on the cluster)
- retries Double
- Number of retries for fetching DNS responses from upstream nameservers (not counting the initial attempt)
- upstream
Ips List<String> - dns
Firewall StringId - Identifier.
- account
Id string - Identifier.
- attack
Mitigation GetDns Firewall Attack Mitigation - Attack mitigation settings
- deprecate
Any booleanRequests - Whether to refuse to answer queries for the ANY type
- dns
Firewall string[]Ips - ecs
Fallback boolean - Whether to forward client IP (resolver) subnet if no EDNS Client Subnet is sent
- id string
- Identifier.
- maximum
Cache numberTtl - Maximum DNS cache TTL This setting sets an upper bound on DNS TTLs for purposes of caching between DNS Firewall and the upstream servers. Higher TTLs will be decreased to the maximum defined here for caching purposes.
- minimum
Cache numberTtl - Minimum DNS cache TTL This setting sets a lower bound on DNS TTLs for purposes of caching between DNS Firewall and the upstream servers. Lower TTLs will be increased to the minimum defined here for caching purposes.
- modified
On string - Last modification of DNS Firewall cluster
- name string
- DNS Firewall cluster name
- negative
Cache numberTtl - Negative DNS cache TTL This setting controls how long DNS Firewall should cache negative responses (e.g., NXDOMAIN) from the upstream servers.
- ratelimit number
- Ratelimit in queries per second per datacenter (applies to DNS queries sent to the upstream nameservers configured on the cluster)
- retries number
- Number of retries for fetching DNS responses from upstream nameservers (not counting the initial attempt)
- upstream
Ips string[] - dns
Firewall stringId - Identifier.
- account_
id str - Identifier.
- attack_
mitigation GetDns Firewall Attack Mitigation - Attack mitigation settings
- deprecate_
any_ boolrequests - Whether to refuse to answer queries for the ANY type
- dns_
firewall_ Sequence[str]ips - ecs_
fallback bool - Whether to forward client IP (resolver) subnet if no EDNS Client Subnet is sent
- id str
- Identifier.
- maximum_
cache_ floatttl - Maximum DNS cache TTL This setting sets an upper bound on DNS TTLs for purposes of caching between DNS Firewall and the upstream servers. Higher TTLs will be decreased to the maximum defined here for caching purposes.
- minimum_
cache_ floatttl - Minimum DNS cache TTL This setting sets a lower bound on DNS TTLs for purposes of caching between DNS Firewall and the upstream servers. Lower TTLs will be increased to the minimum defined here for caching purposes.
- modified_
on str - Last modification of DNS Firewall cluster
- name str
- DNS Firewall cluster name
- negative_
cache_ floatttl - Negative DNS cache TTL This setting controls how long DNS Firewall should cache negative responses (e.g., NXDOMAIN) from the upstream servers.
- ratelimit float
- Ratelimit in queries per second per datacenter (applies to DNS queries sent to the upstream nameservers configured on the cluster)
- retries float
- Number of retries for fetching DNS responses from upstream nameservers (not counting the initial attempt)
- upstream_
ips Sequence[str] - dns_
firewall_ strid - Identifier.
- account
Id String - Identifier.
- attack
Mitigation Property Map - Attack mitigation settings
- deprecate
Any BooleanRequests - Whether to refuse to answer queries for the ANY type
- dns
Firewall List<String>Ips - ecs
Fallback Boolean - Whether to forward client IP (resolver) subnet if no EDNS Client Subnet is sent
- id String
- Identifier.
- maximum
Cache NumberTtl - Maximum DNS cache TTL This setting sets an upper bound on DNS TTLs for purposes of caching between DNS Firewall and the upstream servers. Higher TTLs will be decreased to the maximum defined here for caching purposes.
- minimum
Cache NumberTtl - Minimum DNS cache TTL This setting sets a lower bound on DNS TTLs for purposes of caching between DNS Firewall and the upstream servers. Lower TTLs will be increased to the minimum defined here for caching purposes.
- modified
On String - Last modification of DNS Firewall cluster
- name String
- DNS Firewall cluster name
- negative
Cache NumberTtl - Negative DNS cache TTL This setting controls how long DNS Firewall should cache negative responses (e.g., NXDOMAIN) from the upstream servers.
- ratelimit Number
- Ratelimit in queries per second per datacenter (applies to DNS queries sent to the upstream nameservers configured on the cluster)
- retries Number
- Number of retries for fetching DNS responses from upstream nameservers (not counting the initial attempt)
- upstream
Ips List<String> - dns
Firewall StringId - Identifier.
Supporting Types
GetDnsFirewallAttackMitigation
- Enabled bool
- When enabled, automatically mitigate random-prefix attacks to protect upstream DNS servers
- Only
When boolUpstream Unhealthy - Only mitigate attacks when upstream servers seem unhealthy
- Enabled bool
- When enabled, automatically mitigate random-prefix attacks to protect upstream DNS servers
- Only
When boolUpstream Unhealthy - Only mitigate attacks when upstream servers seem unhealthy
- enabled Boolean
- When enabled, automatically mitigate random-prefix attacks to protect upstream DNS servers
- only
When BooleanUpstream Unhealthy - Only mitigate attacks when upstream servers seem unhealthy
- enabled boolean
- When enabled, automatically mitigate random-prefix attacks to protect upstream DNS servers
- only
When booleanUpstream Unhealthy - Only mitigate attacks when upstream servers seem unhealthy
- enabled bool
- When enabled, automatically mitigate random-prefix attacks to protect upstream DNS servers
- only_
when_ boolupstream_ unhealthy - Only mitigate attacks when upstream servers seem unhealthy
- enabled Boolean
- When enabled, automatically mitigate random-prefix attacks to protect upstream DNS servers
- only
When BooleanUpstream Unhealthy - Only mitigate attacks when upstream servers seem unhealthy
Package Details
- Repository
- Cloudflare pulumi/pulumi-cloudflare
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
cloudflareTerraform Provider.