Cloudflare v6.11.0, Oct 31 25

Cloudflare v6.11.0 published on Friday, Oct 31, 2025 by Pulumi

cloudflare.getDnsFirewalls

Start a Neo task

Explain and create a cloudflare.getDnsFirewalls resource

Cloudflare v6.11.0 published on Friday, Oct 31, 2025 by Pulumi

pulumi/pulumi-cloudflare

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as cloudflare from "@pulumi/cloudflare";

const exampleDnsFirewalls = cloudflare.getDnsFirewalls({
    accountId: "023e105f4ecef8ad9ca31a8372d0c353",
});

import pulumi
import pulumi_cloudflare as cloudflare

example_dns_firewalls = cloudflare.get_dns_firewalls(account_id="023e105f4ecef8ad9ca31a8372d0c353")

package main

import (
	"github.com/pulumi/pulumi-cloudflare/sdk/v6/go/cloudflare"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := cloudflare.LookupDnsFirewalls(ctx, &cloudflare.LookupDnsFirewallsArgs{
			AccountId: "023e105f4ecef8ad9ca31a8372d0c353",
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Cloudflare = Pulumi.Cloudflare;

return await Deployment.RunAsync(() => 
{
    var exampleDnsFirewalls = Cloudflare.GetDnsFirewalls.Invoke(new()
    {
        AccountId = "023e105f4ecef8ad9ca31a8372d0c353",
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.cloudflare.CloudflareFunctions;
import com.pulumi.cloudflare.inputs.GetDnsFirewallsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var exampleDnsFirewalls = CloudflareFunctions.getDnsFirewalls(GetDnsFirewallsArgs.builder()
            .accountId("023e105f4ecef8ad9ca31a8372d0c353")
            .build());

    }
}

variables:
  exampleDnsFirewalls:
    fn::invoke:
      function: cloudflare:getDnsFirewalls
      arguments:
        accountId: 023e105f4ecef8ad9ca31a8372d0c353

Using getDnsFirewalls

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getDnsFirewalls(args: GetDnsFirewallsArgs, opts?: InvokeOptions): Promise<GetDnsFirewallsResult>
function getDnsFirewallsOutput(args: GetDnsFirewallsOutputArgs, opts?: InvokeOptions): Output<GetDnsFirewallsResult>

def get_dns_firewalls(account_id: Optional[str] = None,
                      max_items: Optional[int] = None,
                      opts: Optional[InvokeOptions] = None) -> GetDnsFirewallsResult
def get_dns_firewalls_output(account_id: Optional[pulumi.Input[str]] = None,
                      max_items: Optional[pulumi.Input[int]] = None,
                      opts: Optional[InvokeOptions] = None) -> Output[GetDnsFirewallsResult]

func LookupDnsFirewalls(ctx *Context, args *LookupDnsFirewallsArgs, opts ...InvokeOption) (*LookupDnsFirewallsResult, error)
func LookupDnsFirewallsOutput(ctx *Context, args *LookupDnsFirewallsOutputArgs, opts ...InvokeOption) LookupDnsFirewallsResultOutput

> Note: This function is named LookupDnsFirewalls in the Go SDK.

public static class GetDnsFirewalls 
{
    public static Task<GetDnsFirewallsResult> InvokeAsync(GetDnsFirewallsArgs args, InvokeOptions? opts = null)
    public static Output<GetDnsFirewallsResult> Invoke(GetDnsFirewallsInvokeArgs args, InvokeOptions? opts = null)
}

public static CompletableFuture<GetDnsFirewallsResult> getDnsFirewalls(GetDnsFirewallsArgs args, InvokeOptions options)
public static Output<GetDnsFirewallsResult> getDnsFirewalls(GetDnsFirewallsArgs args, InvokeOptions options)

fn::invoke:
  function: cloudflare:index/getDnsFirewalls:getDnsFirewalls
  arguments:
    # arguments dictionary

The following arguments are supported:

AccountId string: Identifier.
MaxItems int: Max items to fetch, default: 1000

AccountId string: Identifier.
MaxItems int: Max items to fetch, default: 1000

accountId String: Identifier.
maxItems Integer: Max items to fetch, default: 1000

accountId string: Identifier.
maxItems number: Max items to fetch, default: 1000

account_id str: Identifier.
max_items int: Max items to fetch, default: 1000

accountId String: Identifier.
maxItems Number: Max items to fetch, default: 1000

getDnsFirewalls Result

The following output properties are available:

AccountId string: Identifier.
Id string: The provider-assigned unique ID for this managed resource.
Results List<GetDnsFirewallsResult>: The items returned by the data source
MaxItems int: Max items to fetch, default: 1000

AccountId string: Identifier.
Id string: The provider-assigned unique ID for this managed resource.
Results []GetDnsFirewallsResult: The items returned by the data source
MaxItems int: Max items to fetch, default: 1000

accountId String: Identifier.
id String: The provider-assigned unique ID for this managed resource.
results List<GetDnsFirewallsResult>: The items returned by the data source
maxItems Integer: Max items to fetch, default: 1000

accountId string: Identifier.
id string: The provider-assigned unique ID for this managed resource.
results GetDnsFirewallsResult[]: The items returned by the data source
maxItems number: Max items to fetch, default: 1000

account_id str: Identifier.
id str: The provider-assigned unique ID for this managed resource.
results Sequence[GetDnsFirewallsResult]: The items returned by the data source
max_items int: Max items to fetch, default: 1000

accountId String: Identifier.
id String: The provider-assigned unique ID for this managed resource.
results List<Property Map>: The items returned by the data source
maxItems Number: Max items to fetch, default: 1000

Supporting Types

GetDnsFirewallsResult

AttackMitigation GetDnsFirewallsResultAttackMitigation

Attack mitigation settings

DeprecateAnyRequests bool

Whether to refuse to answer queries for the ANY type

DnsFirewallIps List<string>

EcsFallback bool

Whether to forward client IP (resolver) subnet if no EDNS Client Subnet is sent

Id string

Identifier.

MaximumCacheTtl double

By default, Cloudflare attempts to cache responses for as long as indicated by the TTL received from upstream nameservers. This setting sets an upper bound on this duration. For caching purposes, higher TTLs will be decreased to the maximum value defined by this setting.

MinimumCacheTtl double

By default, Cloudflare attempts to cache responses for as long as indicated by the TTL received from upstream nameservers. This setting sets a lower bound on this duration. For caching purposes, lower TTLs will be increased to the minimum value defined by this setting.

This setting does not affect the TTL value in the DNS response Cloudflare returns to clients. Cloudflare will always forward the TTL value received from upstream nameservers.

Note that, even with this setting, there is no guarantee that a response will be cached for at least the specified duration. Cached responses may be removed earlier for capacity or other operational reasons.

ModifiedOn string

Last modification of DNS Firewall cluster

Name string

DNS Firewall cluster name

NegativeCacheTtl double

This setting controls how long DNS Firewall should cache negative responses (e.g., NXDOMAIN) from the upstream servers.

This setting does not affect the TTL value in the DNS response Cloudflare returns to clients. Cloudflare will always forward the TTL value received from upstream nameservers.

Ratelimit double

Ratelimit in queries per second per datacenter (applies to DNS queries sent to the upstream nameservers configured on the cluster)

Retries double

Number of retries for fetching DNS responses from upstream nameservers (not counting the initial attempt)

UpstreamIps List<string>

AttackMitigation GetDnsFirewallsResultAttackMitigation

Attack mitigation settings

DeprecateAnyRequests bool

Whether to refuse to answer queries for the ANY type

DnsFirewallIps []string

EcsFallback bool

Whether to forward client IP (resolver) subnet if no EDNS Client Subnet is sent

Id string

Identifier.

MaximumCacheTtl float64

MinimumCacheTtl float64

This setting does not affect the TTL value in the DNS response Cloudflare returns to clients. Cloudflare will always forward the TTL value received from upstream nameservers.

ModifiedOn string

Last modification of DNS Firewall cluster

Name string

DNS Firewall cluster name

NegativeCacheTtl float64

This setting controls how long DNS Firewall should cache negative responses (e.g., NXDOMAIN) from the upstream servers.

This setting does not affect the TTL value in the DNS response Cloudflare returns to clients. Cloudflare will always forward the TTL value received from upstream nameservers.

Ratelimit float64

Ratelimit in queries per second per datacenter (applies to DNS queries sent to the upstream nameservers configured on the cluster)

Retries float64

Number of retries for fetching DNS responses from upstream nameservers (not counting the initial attempt)

UpstreamIps []string

attackMitigation GetDnsFirewallsResultAttackMitigation

Attack mitigation settings

deprecateAnyRequests Boolean

Whether to refuse to answer queries for the ANY type

dnsFirewallIps List<String>

ecsFallback Boolean

Whether to forward client IP (resolver) subnet if no EDNS Client Subnet is sent

id String

Identifier.

maximumCacheTtl Double

minimumCacheTtl Double

This setting does not affect the TTL value in the DNS response Cloudflare returns to clients. Cloudflare will always forward the TTL value received from upstream nameservers.

modifiedOn String

Last modification of DNS Firewall cluster

name String

DNS Firewall cluster name

negativeCacheTtl Double

This setting controls how long DNS Firewall should cache negative responses (e.g., NXDOMAIN) from the upstream servers.

This setting does not affect the TTL value in the DNS response Cloudflare returns to clients. Cloudflare will always forward the TTL value received from upstream nameservers.

ratelimit Double

Ratelimit in queries per second per datacenter (applies to DNS queries sent to the upstream nameservers configured on the cluster)

retries Double

Number of retries for fetching DNS responses from upstream nameservers (not counting the initial attempt)

upstreamIps List<String>

attackMitigation GetDnsFirewallsResultAttackMitigation

Attack mitigation settings

deprecateAnyRequests boolean

Whether to refuse to answer queries for the ANY type

dnsFirewallIps string[]

ecsFallback boolean

Whether to forward client IP (resolver) subnet if no EDNS Client Subnet is sent

id string

Identifier.

maximumCacheTtl number

minimumCacheTtl number

This setting does not affect the TTL value in the DNS response Cloudflare returns to clients. Cloudflare will always forward the TTL value received from upstream nameservers.

modifiedOn string

Last modification of DNS Firewall cluster

name string

DNS Firewall cluster name

negativeCacheTtl number

This setting controls how long DNS Firewall should cache negative responses (e.g., NXDOMAIN) from the upstream servers.

This setting does not affect the TTL value in the DNS response Cloudflare returns to clients. Cloudflare will always forward the TTL value received from upstream nameservers.

ratelimit number

Ratelimit in queries per second per datacenter (applies to DNS queries sent to the upstream nameservers configured on the cluster)

retries number

Number of retries for fetching DNS responses from upstream nameservers (not counting the initial attempt)

upstreamIps string[]

attack_mitigation GetDnsFirewallsResultAttackMitigation

Attack mitigation settings

deprecate_any_requests bool

Whether to refuse to answer queries for the ANY type

dns_firewall_ips Sequence[str]

ecs_fallback bool

Whether to forward client IP (resolver) subnet if no EDNS Client Subnet is sent

id str

Identifier.

maximum_cache_ttl float

minimum_cache_ttl float

This setting does not affect the TTL value in the DNS response Cloudflare returns to clients. Cloudflare will always forward the TTL value received from upstream nameservers.

modified_on str

Last modification of DNS Firewall cluster

name str

DNS Firewall cluster name

negative_cache_ttl float

This setting controls how long DNS Firewall should cache negative responses (e.g., NXDOMAIN) from the upstream servers.

This setting does not affect the TTL value in the DNS response Cloudflare returns to clients. Cloudflare will always forward the TTL value received from upstream nameservers.

ratelimit float

Ratelimit in queries per second per datacenter (applies to DNS queries sent to the upstream nameservers configured on the cluster)

retries float

Number of retries for fetching DNS responses from upstream nameservers (not counting the initial attempt)

upstream_ips Sequence[str]

attackMitigation Property Map

Attack mitigation settings

deprecateAnyRequests Boolean

Whether to refuse to answer queries for the ANY type

dnsFirewallIps List<String>

ecsFallback Boolean

Whether to forward client IP (resolver) subnet if no EDNS Client Subnet is sent

id String

Identifier.

maximumCacheTtl Number

minimumCacheTtl Number

This setting does not affect the TTL value in the DNS response Cloudflare returns to clients. Cloudflare will always forward the TTL value received from upstream nameservers.

modifiedOn String

Last modification of DNS Firewall cluster

name String

DNS Firewall cluster name

negativeCacheTtl Number

This setting controls how long DNS Firewall should cache negative responses (e.g., NXDOMAIN) from the upstream servers.

This setting does not affect the TTL value in the DNS response Cloudflare returns to clients. Cloudflare will always forward the TTL value received from upstream nameservers.

ratelimit Number

Ratelimit in queries per second per datacenter (applies to DNS queries sent to the upstream nameservers configured on the cluster)

retries Number

Number of retries for fetching DNS responses from upstream nameservers (not counting the initial attempt)

upstreamIps List<String>

GetDnsFirewallsResultAttackMitigation

Enabled bool: When enabled, automatically mitigate random-prefix attacks to protect upstream DNS servers
OnlyWhenUpstreamUnhealthy bool: Only mitigate attacks when upstream servers seem unhealthy

Enabled bool: When enabled, automatically mitigate random-prefix attacks to protect upstream DNS servers
OnlyWhenUpstreamUnhealthy bool: Only mitigate attacks when upstream servers seem unhealthy

enabled Boolean: When enabled, automatically mitigate random-prefix attacks to protect upstream DNS servers
onlyWhenUpstreamUnhealthy Boolean: Only mitigate attacks when upstream servers seem unhealthy

enabled boolean: When enabled, automatically mitigate random-prefix attacks to protect upstream DNS servers
onlyWhenUpstreamUnhealthy boolean: Only mitigate attacks when upstream servers seem unhealthy

enabled bool: When enabled, automatically mitigate random-prefix attacks to protect upstream DNS servers
only_when_upstream_unhealthy bool: Only mitigate attacks when upstream servers seem unhealthy

enabled Boolean: When enabled, automatically mitigate random-prefix attacks to protect upstream DNS servers
onlyWhenUpstreamUnhealthy Boolean: Only mitigate attacks when upstream servers seem unhealthy

Package Details

Repository: Cloudflare pulumi/pulumi-cloudflare
License: Apache-2.0
Notes: This Pulumi package is based on the cloudflare Terraform Provider.

Cloudflare v6.11.0 published on Friday, Oct 31, 2025 by Pulumi

pulumi/pulumi-cloudflare

cloudflare.getDnsFirewalls

On this page

On this page

Example Usage

Using getDnsFirewalls

getDnsFirewalls Result

Supporting Types

GetDnsFirewallsResult

GetDnsFirewallsResultAttackMitigation

Package Details

On this page

On this page