Cloudflare v6.11.0 published on Friday, Oct 31, 2025 by Pulumi
cloudflare.getDnsFirewall
Start a Neo task
Explain and create a cloudflare.getDnsFirewall resource
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as cloudflare from "@pulumi/cloudflare";
const exampleDnsFirewall = cloudflare.getDnsFirewall({
accountId: "023e105f4ecef8ad9ca31a8372d0c353",
dnsFirewallId: "023e105f4ecef8ad9ca31a8372d0c353",
});
import pulumi
import pulumi_cloudflare as cloudflare
example_dns_firewall = cloudflare.get_dns_firewall(account_id="023e105f4ecef8ad9ca31a8372d0c353",
dns_firewall_id="023e105f4ecef8ad9ca31a8372d0c353")
package main
import (
"github.com/pulumi/pulumi-cloudflare/sdk/v6/go/cloudflare"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := cloudflare.LookupDnsFirewall(ctx, &cloudflare.LookupDnsFirewallArgs{
AccountId: "023e105f4ecef8ad9ca31a8372d0c353",
DnsFirewallId: pulumi.StringRef("023e105f4ecef8ad9ca31a8372d0c353"),
}, nil)
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Cloudflare = Pulumi.Cloudflare;
return await Deployment.RunAsync(() =>
{
var exampleDnsFirewall = Cloudflare.GetDnsFirewall.Invoke(new()
{
AccountId = "023e105f4ecef8ad9ca31a8372d0c353",
DnsFirewallId = "023e105f4ecef8ad9ca31a8372d0c353",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.cloudflare.CloudflareFunctions;
import com.pulumi.cloudflare.inputs.GetDnsFirewallArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var exampleDnsFirewall = CloudflareFunctions.getDnsFirewall(GetDnsFirewallArgs.builder()
.accountId("023e105f4ecef8ad9ca31a8372d0c353")
.dnsFirewallId("023e105f4ecef8ad9ca31a8372d0c353")
.build());
}
}
variables:
exampleDnsFirewall:
fn::invoke:
function: cloudflare:getDnsFirewall
arguments:
accountId: 023e105f4ecef8ad9ca31a8372d0c353
dnsFirewallId: 023e105f4ecef8ad9ca31a8372d0c353
Using getDnsFirewall
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getDnsFirewall(args: GetDnsFirewallArgs, opts?: InvokeOptions): Promise<GetDnsFirewallResult>
function getDnsFirewallOutput(args: GetDnsFirewallOutputArgs, opts?: InvokeOptions): Output<GetDnsFirewallResult>def get_dns_firewall(account_id: Optional[str] = None,
dns_firewall_id: Optional[str] = None,
opts: Optional[InvokeOptions] = None) -> GetDnsFirewallResult
def get_dns_firewall_output(account_id: Optional[pulumi.Input[str]] = None,
dns_firewall_id: Optional[pulumi.Input[str]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetDnsFirewallResult]func LookupDnsFirewall(ctx *Context, args *LookupDnsFirewallArgs, opts ...InvokeOption) (*LookupDnsFirewallResult, error)
func LookupDnsFirewallOutput(ctx *Context, args *LookupDnsFirewallOutputArgs, opts ...InvokeOption) LookupDnsFirewallResultOutput> Note: This function is named LookupDnsFirewall in the Go SDK.
public static class GetDnsFirewall
{
public static Task<GetDnsFirewallResult> InvokeAsync(GetDnsFirewallArgs args, InvokeOptions? opts = null)
public static Output<GetDnsFirewallResult> Invoke(GetDnsFirewallInvokeArgs args, InvokeOptions? opts = null)
}public static CompletableFuture<GetDnsFirewallResult> getDnsFirewall(GetDnsFirewallArgs args, InvokeOptions options)
public static Output<GetDnsFirewallResult> getDnsFirewall(GetDnsFirewallArgs args, InvokeOptions options)
fn::invoke:
function: cloudflare:index/getDnsFirewall:getDnsFirewall
arguments:
# arguments dictionaryThe following arguments are supported:
- Account
Id string - Identifier.
- Dns
Firewall stringId - Identifier.
- Account
Id string - Identifier.
- Dns
Firewall stringId - Identifier.
- account
Id String - Identifier.
- dns
Firewall StringId - Identifier.
- account
Id string - Identifier.
- dns
Firewall stringId - Identifier.
- account_
id str - Identifier.
- dns_
firewall_ strid - Identifier.
- account
Id String - Identifier.
- dns
Firewall StringId - Identifier.
getDnsFirewall Result
The following output properties are available:
- Account
Id string - Identifier.
- Attack
Mitigation GetDns Firewall Attack Mitigation - Attack mitigation settings
- Deprecate
Any boolRequests - Whether to refuse to answer queries for the ANY type
- Dns
Firewall List<string>Ips - Ecs
Fallback bool - Whether to forward client IP (resolver) subnet if no EDNS Client Subnet is sent
- Id string
- Identifier.
- Maximum
Cache doubleTtl - By default, Cloudflare attempts to cache responses for as long as indicated by the TTL received from upstream nameservers. This setting sets an upper bound on this duration. For caching purposes, higher TTLs will be decreased to the maximum value defined by this setting.
- Minimum
Cache doubleTtl - Modified
On string - Name string
- Negative
Cache doubleTtl - Ratelimit double
- Retries double
- Upstream
Ips List<string> - Dns
Firewall stringId - Identifier.
- Account
Id string - Identifier.
- Attack
Mitigation GetDns Firewall Attack Mitigation - Attack mitigation settings
- Deprecate
Any boolRequests - Whether to refuse to answer queries for the ANY type
- Dns
Firewall []stringIps - Ecs
Fallback bool - Whether to forward client IP (resolver) subnet if no EDNS Client Subnet is sent
- Id string
- Identifier.
- Maximum
Cache float64Ttl - By default, Cloudflare attempts to cache responses for as long as indicated by the TTL received from upstream nameservers. This setting sets an upper bound on this duration. For caching purposes, higher TTLs will be decreased to the maximum value defined by this setting.
- Minimum
Cache float64Ttl - Modified
On string - Name string
- Negative
Cache float64Ttl - Ratelimit float64
- Retries float64
- Upstream
Ips []string - Dns
Firewall stringId - Identifier.
- account
Id String - Identifier.
- attack
Mitigation GetDns Firewall Attack Mitigation - Attack mitigation settings
- deprecate
Any BooleanRequests - Whether to refuse to answer queries for the ANY type
- dns
Firewall List<String>Ips - ecs
Fallback Boolean - Whether to forward client IP (resolver) subnet if no EDNS Client Subnet is sent
- id String
- Identifier.
- maximum
Cache DoubleTtl - By default, Cloudflare attempts to cache responses for as long as indicated by the TTL received from upstream nameservers. This setting sets an upper bound on this duration. For caching purposes, higher TTLs will be decreased to the maximum value defined by this setting.
- minimum
Cache DoubleTtl - modified
On String - name String
- negative
Cache DoubleTtl - ratelimit Double
- retries Double
- upstream
Ips List<String> - dns
Firewall StringId - Identifier.
- account
Id string - Identifier.
- attack
Mitigation GetDns Firewall Attack Mitigation - Attack mitigation settings
- deprecate
Any booleanRequests - Whether to refuse to answer queries for the ANY type
- dns
Firewall string[]Ips - ecs
Fallback boolean - Whether to forward client IP (resolver) subnet if no EDNS Client Subnet is sent
- id string
- Identifier.
- maximum
Cache numberTtl - By default, Cloudflare attempts to cache responses for as long as indicated by the TTL received from upstream nameservers. This setting sets an upper bound on this duration. For caching purposes, higher TTLs will be decreased to the maximum value defined by this setting.
- minimum
Cache numberTtl - modified
On string - name string
- negative
Cache numberTtl - ratelimit number
- retries number
- upstream
Ips string[] - dns
Firewall stringId - Identifier.
- account_
id str - Identifier.
- attack_
mitigation GetDns Firewall Attack Mitigation - Attack mitigation settings
- deprecate_
any_ boolrequests - Whether to refuse to answer queries for the ANY type
- dns_
firewall_ Sequence[str]ips - ecs_
fallback bool - Whether to forward client IP (resolver) subnet if no EDNS Client Subnet is sent
- id str
- Identifier.
- maximum_
cache_ floatttl - By default, Cloudflare attempts to cache responses for as long as indicated by the TTL received from upstream nameservers. This setting sets an upper bound on this duration. For caching purposes, higher TTLs will be decreased to the maximum value defined by this setting.
- minimum_
cache_ floatttl - modified_
on str - name str
- negative_
cache_ floatttl - ratelimit float
- retries float
- upstream_
ips Sequence[str] - dns_
firewall_ strid - Identifier.
- account
Id String - Identifier.
- attack
Mitigation Property Map - Attack mitigation settings
- deprecate
Any BooleanRequests - Whether to refuse to answer queries for the ANY type
- dns
Firewall List<String>Ips - ecs
Fallback Boolean - Whether to forward client IP (resolver) subnet if no EDNS Client Subnet is sent
- id String
- Identifier.
- maximum
Cache NumberTtl - By default, Cloudflare attempts to cache responses for as long as indicated by the TTL received from upstream nameservers. This setting sets an upper bound on this duration. For caching purposes, higher TTLs will be decreased to the maximum value defined by this setting.
- minimum
Cache NumberTtl - modified
On String - name String
- negative
Cache NumberTtl - ratelimit Number
- retries Number
- upstream
Ips List<String> - dns
Firewall StringId - Identifier.
Supporting Types
GetDnsFirewallAttackMitigation
- Enabled bool
- When enabled, automatically mitigate random-prefix attacks to protect upstream DNS servers
- Only
When boolUpstream Unhealthy - Only mitigate attacks when upstream servers seem unhealthy
- Enabled bool
- When enabled, automatically mitigate random-prefix attacks to protect upstream DNS servers
- Only
When boolUpstream Unhealthy - Only mitigate attacks when upstream servers seem unhealthy
- enabled Boolean
- When enabled, automatically mitigate random-prefix attacks to protect upstream DNS servers
- only
When BooleanUpstream Unhealthy - Only mitigate attacks when upstream servers seem unhealthy
- enabled boolean
- When enabled, automatically mitigate random-prefix attacks to protect upstream DNS servers
- only
When booleanUpstream Unhealthy - Only mitigate attacks when upstream servers seem unhealthy
- enabled bool
- When enabled, automatically mitigate random-prefix attacks to protect upstream DNS servers
- only_
when_ boolupstream_ unhealthy - Only mitigate attacks when upstream servers seem unhealthy
- enabled Boolean
- When enabled, automatically mitigate random-prefix attacks to protect upstream DNS servers
- only
When BooleanUpstream Unhealthy - Only mitigate attacks when upstream servers seem unhealthy
Package Details
- Repository
- Cloudflare pulumi/pulumi-cloudflare
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
cloudflareTerraform Provider.
