FirewallDNSRule

pulumi-resource-zia v1.3.8, Mar 13 26

Viewing docs for pulumi-resource-zia v1.3.8
published on Friday, Mar 13, 2026 by Zscaler

Schema (JSON)

zscaler/pulumi-zia

Viewing docs for pulumi-resource-zia v1.3.8
published on Friday, Mar 13, 2026 by Zscaler

Schema (JSON)

zscaler/pulumi-zia

The zia_firewall_dns_rule resource manages firewall DNS control rules in the Zscaler Internet Access (ZIA) cloud service. DNS control rules allow you to control DNS traffic by allowing, blocking, or redirecting DNS requests based on various criteria such as source, destination, applications, and DNS request types.

For more information, see the ZIA DNS Control Policies documentation.

Example Usage

Basic Firewall DNS Rule

Example coming soon!

import (
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
	zia "github.com/zscaler/pulumi-zia/sdk/go/pulumi-zia"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := zia.NewFirewallDNSRule(ctx, "example", &zia.FirewallDNSRuleArgs{
			Name:        pulumi.String("Example DNS Rule"),
			Description: pulumi.StringRef("Block malicious DNS requests"),
			Order:       pulumi.Int(1),
			State:       pulumi.StringRef("ENABLED"),
			Action:      pulumi.StringRef("BLOCK_DROP"),
		})
		return err
	})
}

Example coming soon!

import * as zia from "@bdzscaler/pulumi-zia";

const example = new zia.FirewallDNSRule("example", {
    name: "Example DNS Rule",
    description: "Block malicious DNS requests",
    order: 1,
    state: "ENABLED",
    action: "BLOCK_DROP",
});

import zscaler_pulumi_zia as zia

example = zia.FirewallDNSRule("example",
    name="Example DNS Rule",
    description="Block malicious DNS requests",
    order=1,
    state="ENABLED",
    action="BLOCK_DROP",
)

resources:
  example:
    type: zia:FirewallDNSRule
    properties:
      name: Example DNS Rule
      description: Block malicious DNS requests
      order: 1
      state: ENABLED
      action: BLOCK_DROP

Create FirewallDNSRule Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new FirewallDNSRule(name: string, args: FirewallDNSRuleArgs, opts?: CustomResourceOptions);

@overload
def FirewallDNSRule(resource_name: str,
                    args: FirewallDNSRuleArgs,
                    opts: Optional[ResourceOptions] = None)

@overload
def FirewallDNSRule(resource_name: str,
                    opts: Optional[ResourceOptions] = None,
                    name: Optional[str] = None,
                    order: Optional[int] = None,
                    is_web_eun_enabled: Optional[bool] = None,
                    labels: Optional[Sequence[int]] = None,
                    default_rule: Optional[bool] = None,
                    departments: Optional[Sequence[int]] = None,
                    description: Optional[str] = None,
                    dest_addresses: Optional[Sequence[str]] = None,
                    dest_countries: Optional[Sequence[str]] = None,
                    dest_ip_categories: Optional[Sequence[str]] = None,
                    dest_ip_groups: Optional[Sequence[int]] = None,
                    dest_ipv6_groups: Optional[Sequence[int]] = None,
                    device_groups: Optional[Sequence[int]] = None,
                    devices: Optional[Sequence[int]] = None,
                    dns_gateway: Optional[int] = None,
                    dns_rule_request_types: Optional[Sequence[str]] = None,
                    edns_ecs_object: Optional[int] = None,
                    groups: Optional[Sequence[int]] = None,
                    capture_pcap: Optional[bool] = None,
                    action: Optional[str] = None,
                    location_groups: Optional[Sequence[int]] = None,
                    locations: Optional[Sequence[int]] = None,
                    block_response_code: Optional[str] = None,
                    applications: Optional[Sequence[str]] = None,
                    predefined: Optional[bool] = None,
                    protocols: Optional[Sequence[str]] = None,
                    rank: Optional[int] = None,
                    redirect_ip: Optional[str] = None,
                    res_categories: Optional[Sequence[str]] = None,
                    source_countries: Optional[Sequence[str]] = None,
                    src_ip_groups: Optional[Sequence[int]] = None,
                    src_ips: Optional[Sequence[str]] = None,
                    src_ipv6_groups: Optional[Sequence[int]] = None,
                    state: Optional[str] = None,
                    time_windows: Optional[Sequence[int]] = None,
                    users: Optional[Sequence[int]] = None,
                    zpa_ip_group: Optional[int] = None)

func NewFirewallDNSRule(ctx *Context, name string, args FirewallDNSRuleArgs, opts ...ResourceOption) (*FirewallDNSRule, error)

public FirewallDNSRule(string name, FirewallDNSRuleArgs args, CustomResourceOptions? opts = null)

public FirewallDNSRule(String name, FirewallDNSRuleArgs args)
public FirewallDNSRule(String name, FirewallDNSRuleArgs args, CustomResourceOptions options)

type: zia:FirewallDNSRule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args FirewallDNSRuleArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args FirewallDNSRuleArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args FirewallDNSRuleArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args FirewallDNSRuleArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args FirewallDNSRuleArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var firewallDNSRuleResource = new Zia.FirewallDNSRule("firewallDNSRuleResource", new()
{
    Name = "string",
    Order = 0,
    IsWebEunEnabled = false,
    Labels = new[]
    {
        0,
    },
    DefaultRule = false,
    Departments = new[]
    {
        0,
    },
    Description = "string",
    DestAddresses = new[]
    {
        "string",
    },
    DestCountries = new[]
    {
        "string",
    },
    DestIpCategories = new[]
    {
        "string",
    },
    DestIpGroups = new[]
    {
        0,
    },
    DestIpv6Groups = new[]
    {
        0,
    },
    DeviceGroups = new[]
    {
        0,
    },
    Devices = new[]
    {
        0,
    },
    DnsGateway = 0,
    DnsRuleRequestTypes = new[]
    {
        "string",
    },
    EdnsEcsObject = 0,
    Groups = new[]
    {
        0,
    },
    CapturePcap = false,
    Action = "string",
    LocationGroups = new[]
    {
        0,
    },
    Locations = new[]
    {
        0,
    },
    BlockResponseCode = "string",
    Applications = new[]
    {
        "string",
    },
    Predefined = false,
    Protocols = new[]
    {
        "string",
    },
    Rank = 0,
    RedirectIp = "string",
    ResCategories = new[]
    {
        "string",
    },
    SourceCountries = new[]
    {
        "string",
    },
    SrcIpGroups = new[]
    {
        0,
    },
    SrcIps = new[]
    {
        "string",
    },
    SrcIpv6Groups = new[]
    {
        0,
    },
    State = "string",
    TimeWindows = new[]
    {
        0,
    },
    Users = new[]
    {
        0,
    },
    ZpaIpGroup = 0,
});

example, err := zia.NewFirewallDNSRule(ctx, "firewallDNSRuleResource", &zia.FirewallDNSRuleArgs{
	Name:            pulumi.String("string"),
	Order:           pulumi.Int(0),
	IsWebEunEnabled: pulumi.Bool(false),
	Labels: pulumi.IntArray{
		pulumi.Int(0),
	},
	DefaultRule: pulumi.Bool(false),
	Departments: pulumi.IntArray{
		pulumi.Int(0),
	},
	Description: pulumi.String("string"),
	DestAddresses: pulumi.StringArray{
		pulumi.String("string"),
	},
	DestCountries: pulumi.StringArray{
		pulumi.String("string"),
	},
	DestIpCategories: pulumi.StringArray{
		pulumi.String("string"),
	},
	DestIpGroups: pulumi.IntArray{
		pulumi.Int(0),
	},
	DestIpv6Groups: pulumi.IntArray{
		pulumi.Int(0),
	},
	DeviceGroups: pulumi.IntArray{
		pulumi.Int(0),
	},
	Devices: pulumi.IntArray{
		pulumi.Int(0),
	},
	DnsGateway: pulumi.Int(0),
	DnsRuleRequestTypes: pulumi.StringArray{
		pulumi.String("string"),
	},
	EdnsEcsObject: pulumi.Int(0),
	Groups: pulumi.IntArray{
		pulumi.Int(0),
	},
	CapturePcap: pulumi.Bool(false),
	Action:      pulumi.String("string"),
	LocationGroups: pulumi.IntArray{
		pulumi.Int(0),
	},
	Locations: pulumi.IntArray{
		pulumi.Int(0),
	},
	BlockResponseCode: pulumi.String("string"),
	Applications: pulumi.StringArray{
		pulumi.String("string"),
	},
	Predefined: pulumi.Bool(false),
	Protocols: pulumi.StringArray{
		pulumi.String("string"),
	},
	Rank:       pulumi.Int(0),
	RedirectIp: pulumi.String("string"),
	ResCategories: pulumi.StringArray{
		pulumi.String("string"),
	},
	SourceCountries: pulumi.StringArray{
		pulumi.String("string"),
	},
	SrcIpGroups: pulumi.IntArray{
		pulumi.Int(0),
	},
	SrcIps: pulumi.StringArray{
		pulumi.String("string"),
	},
	SrcIpv6Groups: pulumi.IntArray{
		pulumi.Int(0),
	},
	State: pulumi.String("string"),
	TimeWindows: pulumi.IntArray{
		pulumi.Int(0),
	},
	Users: pulumi.IntArray{
		pulumi.Int(0),
	},
	ZpaIpGroup: pulumi.Int(0),
})

var firewallDNSRuleResource = new FirewallDNSRule("firewallDNSRuleResource", FirewallDNSRuleArgs.builder()
    .name("string")
    .order(0)
    .isWebEunEnabled(false)
    .labels(0)
    .defaultRule(false)
    .departments(0)
    .description("string")
    .destAddresses("string")
    .destCountries("string")
    .destIpCategories("string")
    .destIpGroups(0)
    .destIpv6Groups(0)
    .deviceGroups(0)
    .devices(0)
    .dnsGateway(0)
    .dnsRuleRequestTypes("string")
    .ednsEcsObject(0)
    .groups(0)
    .capturePcap(false)
    .action("string")
    .locationGroups(0)
    .locations(0)
    .blockResponseCode("string")
    .applications("string")
    .predefined(false)
    .protocols("string")
    .rank(0)
    .redirectIp("string")
    .resCategories("string")
    .sourceCountries("string")
    .srcIpGroups(0)
    .srcIps("string")
    .srcIpv6Groups(0)
    .state("string")
    .timeWindows(0)
    .users(0)
    .zpaIpGroup(0)
    .build());

firewall_dns_rule_resource = zia.FirewallDNSRule("firewallDNSRuleResource",
    name="string",
    order=0,
    is_web_eun_enabled=False,
    labels=[0],
    default_rule=False,
    departments=[0],
    description="string",
    dest_addresses=["string"],
    dest_countries=["string"],
    dest_ip_categories=["string"],
    dest_ip_groups=[0],
    dest_ipv6_groups=[0],
    device_groups=[0],
    devices=[0],
    dns_gateway=0,
    dns_rule_request_types=["string"],
    edns_ecs_object=0,
    groups=[0],
    capture_pcap=False,
    action="string",
    location_groups=[0],
    locations=[0],
    block_response_code="string",
    applications=["string"],
    predefined=False,
    protocols=["string"],
    rank=0,
    redirect_ip="string",
    res_categories=["string"],
    source_countries=["string"],
    src_ip_groups=[0],
    src_ips=["string"],
    src_ipv6_groups=[0],
    state="string",
    time_windows=[0],
    users=[0],
    zpa_ip_group=0)

const firewallDNSRuleResource = new zia.FirewallDNSRule("firewallDNSRuleResource", {
    name: "string",
    order: 0,
    isWebEunEnabled: false,
    labels: [0],
    defaultRule: false,
    departments: [0],
    description: "string",
    destAddresses: ["string"],
    destCountries: ["string"],
    destIpCategories: ["string"],
    destIpGroups: [0],
    destIpv6Groups: [0],
    deviceGroups: [0],
    devices: [0],
    dnsGateway: 0,
    dnsRuleRequestTypes: ["string"],
    ednsEcsObject: 0,
    groups: [0],
    capturePcap: false,
    action: "string",
    locationGroups: [0],
    locations: [0],
    blockResponseCode: "string",
    applications: ["string"],
    predefined: false,
    protocols: ["string"],
    rank: 0,
    redirectIp: "string",
    resCategories: ["string"],
    sourceCountries: ["string"],
    srcIpGroups: [0],
    srcIps: ["string"],
    srcIpv6Groups: [0],
    state: "string",
    timeWindows: [0],
    users: [0],
    zpaIpGroup: 0,
});

type: zia:FirewallDNSRule
properties:
    action: string
    applications:
        - string
    blockResponseCode: string
    capturePcap: false
    defaultRule: false
    departments:
        - 0
    description: string
    destAddresses:
        - string
    destCountries:
        - string
    destIpCategories:
        - string
    destIpGroups:
        - 0
    destIpv6Groups:
        - 0
    deviceGroups:
        - 0
    devices:
        - 0
    dnsGateway: 0
    dnsRuleRequestTypes:
        - string
    ednsEcsObject: 0
    groups:
        - 0
    isWebEunEnabled: false
    labels:
        - 0
    locationGroups:
        - 0
    locations:
        - 0
    name: string
    order: 0
    predefined: false
    protocols:
        - string
    rank: 0
    redirectIp: string
    resCategories:
        - string
    sourceCountries:
        - string
    srcIpGroups:
        - 0
    srcIps:
        - string
    srcIpv6Groups:
        - 0
    state: string
    timeWindows:
        - 0
    users:
        - 0
    zpaIpGroup: 0