POST /accounts/{account_id}/dns_firewall
Create a DNS Firewall cluster
Servers
- https://api.cloudflare.com/client/v4
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
account_id |
String | Yes |
Request headers
| Name | Type | Required | Description |
|---|---|---|---|
Content-Type |
String | Yes |
The media type of the request body.
Default value: "application/json" |
Request body fields
| Name | Type | Required | Description |
|---|---|---|---|
upstream_ips[] |
Array | Yes | |
negative_cache_ttl |
Number | No |
This setting controls how long DNS Firewall should cache negative responses (e.g., NXDOMAIN) from the upstream servers. This setting does not affect the TTL value in the DNS response Cloudflare returns to clients. Cloudflare will always forward the TTL value received from upstream nameservers. |
name |
String | Yes |
DNS Firewall cluster name |
deprecate_any_requests |
Boolean | No |
Whether to refuse to answer queries for the ANY type |
attack_mitigation |
Object | No |
Attack mitigation settings |
attack_mitigation.only_when_upstream_unhealthy |
Boolean | No |
Only mitigate attacks when upstream servers seem unhealthy Default value: true |
attack_mitigation.enabled |
Boolean | No |
When enabled, automatically mitigate random-prefix attacks to protect upstream DNS servers |
ecs_fallback |
Boolean | No |
Whether to forward client IP (resolver) subnet if no EDNS Client Subnet is sent |
minimum_cache_ttl |
Number | No |
By default, Cloudflare attempts to cache responses for as long as indicated by the TTL received from upstream nameservers. This setting sets a lower bound on this duration. For caching purposes, lower TTLs will be increased to the minimum value defined by this setting. This setting does not affect the TTL value in the DNS response Cloudflare returns to clients. Cloudflare will always forward the TTL value received from upstream nameservers. Note that, even with this setting, there is no guarantee that a response will be cached for at least the specified duration. Cached responses may be removed earlier for capacity or other operational reasons. Default value: 60 |
ratelimit |
Number | No |
Ratelimit in queries per second per datacenter (applies to DNS queries sent to the upstream nameservers configured on the cluster) |
retries |
Number | No |
Number of retries for fetching DNS responses from upstream nameservers (not counting the initial attempt) Default value: 2 |
maximum_cache_ttl |
Number | No |
By default, Cloudflare attempts to cache responses for as long as indicated by the TTL received from upstream nameservers. This setting sets an upper bound on this duration. For caching purposes, higher TTLs will be decreased to the maximum value defined by this setting. This setting does not affect the TTL value in the DNS response Cloudflare returns to clients. Cloudflare will always forward the TTL value received from upstream nameservers. Default value: 900 |
How to start integrating
- Add HTTP Task to your workflow definition.
- Search for the API you want to integrate with and click on the name.
- This loads the API reference documentation and prepares the Http request settings.
- Click Test request to test run your request to the API and see the API's response.