// File generated from our OpenAPI spec by Stainless. See CONTRIBUTING.md for details. import { APIResource } from '../../resource'; import * as Core from '../../core'; import * as ReverseDNSAPI from './reverse-dns'; import { ReverseDNS, ReverseDNSEditParams, ReverseDNSEditResponse, ReverseDNSGetParams, ReverseDNSGetResponse, } from './reverse-dns'; import * as AnalyticsAPI from './analytics/analytics'; import { Analytics } from './analytics/analytics'; import { V4PagePaginationArray, type V4PagePaginationArrayParams } from '../../pagination'; export class DNSFirewall extends APIResource { analytics: AnalyticsAPI.Analytics = new AnalyticsAPI.Analytics(this._client); reverseDNS: ReverseDNSAPI.ReverseDNS = new ReverseDNSAPI.ReverseDNS(this._client); /** * Create a DNS Firewall cluster * * @example * ```ts * const dnsFirewall = await client.dnsFirewall.create({ * account_id: '023e105f4ecef8ad9ca31a8372d0c353', * name: 'My Awesome DNS Firewall cluster', * upstream_ips: [ * '192.0.2.1', * '198.51.100.1', * '2001:DB8:100::CF', * ], * }); * ``` */ create( params: DNSFirewallCreateParams, options?: Core.RequestOptions, ): Core.APIPromise { const { account_id, ...body } = params; return ( this._client.post(`/accounts/${account_id}/dns_firewall`, { body, ...options }) as Core.APIPromise<{ result: DNSFirewallCreateResponse; }> )._thenUnwrap((obj) => obj.result); } /** * List DNS Firewall clusters for an account * * @example * ```ts * // Automatically fetches more pages as needed. * for await (const dnsFirewallListResponse of client.dnsFirewall.list( * { account_id: '023e105f4ecef8ad9ca31a8372d0c353' }, * )) { * // ... * } * ``` */ list( params: DNSFirewallListParams, options?: Core.RequestOptions, ): Core.PagePromise { const { account_id, ...query } = params; return this._client.getAPIList( `/accounts/${account_id}/dns_firewall`, DNSFirewallListResponsesV4PagePaginationArray, { query, ...options }, ); } /** * Delete a DNS Firewall cluster * * @example * ```ts * const dnsFirewall = await client.dnsFirewall.delete( * '023e105f4ecef8ad9ca31a8372d0c353', * { account_id: '023e105f4ecef8ad9ca31a8372d0c353' }, * ); * ``` */ delete( dnsFirewallId: string, params: DNSFirewallDeleteParams, options?: Core.RequestOptions, ): Core.APIPromise { const { account_id } = params; return ( this._client.delete( `/accounts/${account_id}/dns_firewall/${dnsFirewallId}`, options, ) as Core.APIPromise<{ result: DNSFirewallDeleteResponse }> )._thenUnwrap((obj) => obj.result); } /** * Modify the configuration of a DNS Firewall cluster * * @example * ```ts * const response = await client.dnsFirewall.edit( * '023e105f4ecef8ad9ca31a8372d0c353', * { account_id: '023e105f4ecef8ad9ca31a8372d0c353' }, * ); * ``` */ edit( dnsFirewallId: string, params: DNSFirewallEditParams, options?: Core.RequestOptions, ): Core.APIPromise { const { account_id, ...body } = params; return ( this._client.patch(`/accounts/${account_id}/dns_firewall/${dnsFirewallId}`, { body, ...options, }) as Core.APIPromise<{ result: DNSFirewallEditResponse }> )._thenUnwrap((obj) => obj.result); } /** * Show a single DNS Firewall cluster for an account * * @example * ```ts * const dnsFirewall = await client.dnsFirewall.get( * '023e105f4ecef8ad9ca31a8372d0c353', * { account_id: '023e105f4ecef8ad9ca31a8372d0c353' }, * ); * ``` */ get( dnsFirewallId: string, params: DNSFirewallGetParams, options?: Core.RequestOptions, ): Core.APIPromise { const { account_id } = params; return ( this._client.get(`/accounts/${account_id}/dns_firewall/${dnsFirewallId}`, options) as Core.APIPromise<{ result: DNSFirewallGetResponse; }> )._thenUnwrap((obj) => obj.result); } } export class DNSFirewallListResponsesV4PagePaginationArray extends V4PagePaginationArray {} /** * Attack mitigation settings */ export interface AttackMitigation { /** * When enabled, automatically mitigate random-prefix attacks to protect upstream * DNS servers */ enabled?: boolean; /** * Only mitigate attacks when upstream servers seem unhealthy */ only_when_upstream_unhealthy?: boolean; } /** * Attack mitigation settings */ export interface AttackMitigationParam { /** * When enabled, automatically mitigate random-prefix attacks to protect upstream * DNS servers */ enabled?: boolean; /** * Only mitigate attacks when upstream servers seem unhealthy */ only_when_upstream_unhealthy?: boolean; } /** * Cloudflare-assigned DNS IPv4 address */ export type FirewallIPs = string; /** * Upstream DNS Server IPv4 address */ export type UpstreamIPs = string; /** * Upstream DNS Server IPv4 address */ export type UpstreamIPsParam = string; export interface DNSFirewallCreateResponse { /** * Identifier. */ id: string; /** * Whether to refuse to answer queries for the ANY type */ deprecate_any_requests: boolean; dns_firewall_ips: Array; /** * Whether to forward client IP (resolver) subnet if no EDNS Client Subnet is sent */ ecs_fallback: boolean; /** * By default, Cloudflare attempts to cache responses for as long as indicated by * the TTL received from upstream nameservers. This setting sets an upper bound on * this duration. For caching purposes, higher TTLs will be decreased to the * maximum value defined by this setting. * * This setting does not affect the TTL value in the DNS response Cloudflare * returns to clients. Cloudflare will always forward the TTL value received from * upstream nameservers. */ maximum_cache_ttl: number; /** * By default, Cloudflare attempts to cache responses for as long as indicated by * the TTL received from upstream nameservers. This setting sets a lower bound on * this duration. For caching purposes, lower TTLs will be increased to the minimum * value defined by this setting. * * This setting does not affect the TTL value in the DNS response Cloudflare * returns to clients. Cloudflare will always forward the TTL value received from * upstream nameservers. * * Note that, even with this setting, there is no guarantee that a response will be * cached for at least the specified duration. Cached responses may be removed * earlier for capacity or other operational reasons. */ minimum_cache_ttl: number; /** * Last modification of DNS Firewall cluster */ modified_on: string; /** * DNS Firewall cluster name */ name: string; /** * This setting controls how long DNS Firewall should cache negative responses * (e.g., NXDOMAIN) from the upstream servers. * * This setting does not affect the TTL value in the DNS response Cloudflare * returns to clients. Cloudflare will always forward the TTL value received from * upstream nameservers. */ negative_cache_ttl: number | null; /** * Ratelimit in queries per second per datacenter (applies to DNS queries sent to * the upstream nameservers configured on the cluster) */ ratelimit: number | null; /** * Number of retries for fetching DNS responses from upstream nameservers (not * counting the initial attempt) */ retries: number; upstream_ips: Array; /** * Attack mitigation settings */ attack_mitigation?: AttackMitigation | null; } export interface DNSFirewallListResponse { /** * Identifier. */ id: string; /** * Whether to refuse to answer queries for the ANY type */ deprecate_any_requests: boolean; dns_firewall_ips: Array; /** * Whether to forward client IP (resolver) subnet if no EDNS Client Subnet is sent */ ecs_fallback: boolean; /** * By default, Cloudflare attempts to cache responses for as long as indicated by * the TTL received from upstream nameservers. This setting sets an upper bound on * this duration. For caching purposes, higher TTLs will be decreased to the * maximum value defined by this setting. * * This setting does not affect the TTL value in the DNS response Cloudflare * returns to clients. Cloudflare will always forward the TTL value received from * upstream nameservers. */ maximum_cache_ttl: number; /** * By default, Cloudflare attempts to cache responses for as long as indicated by * the TTL received from upstream nameservers. This setting sets a lower bound on * this duration. For caching purposes, lower TTLs will be increased to the minimum * value defined by this setting. * * This setting does not affect the TTL value in the DNS response Cloudflare * returns to clients. Cloudflare will always forward the TTL value received from * upstream nameservers. * * Note that, even with this setting, there is no guarantee that a response will be * cached for at least the specified duration. Cached responses may be removed * earlier for capacity or other operational reasons. */ minimum_cache_ttl: number; /** * Last modification of DNS Firewall cluster */ modified_on: string; /** * DNS Firewall cluster name */ name: string; /** * This setting controls how long DNS Firewall should cache negative responses * (e.g., NXDOMAIN) from the upstream servers. * * This setting does not affect the TTL value in the DNS response Cloudflare * returns to clients. Cloudflare will always forward the TTL value received from * upstream nameservers. */ negative_cache_ttl: number | null; /** * Ratelimit in queries per second per datacenter (applies to DNS queries sent to * the upstream nameservers configured on the cluster) */ ratelimit: number | null; /** * Number of retries for fetching DNS responses from upstream nameservers (not * counting the initial attempt) */ retries: number; upstream_ips: Array; /** * Attack mitigation settings */ attack_mitigation?: AttackMitigation | null; } export interface DNSFirewallDeleteResponse { /** * Identifier. */ id?: string; } export interface DNSFirewallEditResponse { /** * Identifier. */ id: string; /** * Whether to refuse to answer queries for the ANY type */ deprecate_any_requests: boolean; dns_firewall_ips: Array; /** * Whether to forward client IP (resolver) subnet if no EDNS Client Subnet is sent */ ecs_fallback: boolean; /** * By default, Cloudflare attempts to cache responses for as long as indicated by * the TTL received from upstream nameservers. This setting sets an upper bound on * this duration. For caching purposes, higher TTLs will be decreased to the * maximum value defined by this setting. * * This setting does not affect the TTL value in the DNS response Cloudflare * returns to clients. Cloudflare will always forward the TTL value received from * upstream nameservers. */ maximum_cache_ttl: number; /** * By default, Cloudflare attempts to cache responses for as long as indicated by * the TTL received from upstream nameservers. This setting sets a lower bound on * this duration. For caching purposes, lower TTLs will be increased to the minimum * value defined by this setting. * * This setting does not affect the TTL value in the DNS response Cloudflare * returns to clients. Cloudflare will always forward the TTL value received from * upstream nameservers. * * Note that, even with this setting, there is no guarantee that a response will be * cached for at least the specified duration. Cached responses may be removed * earlier for capacity or other operational reasons. */ minimum_cache_ttl: number; /** * Last modification of DNS Firewall cluster */ modified_on: string; /** * DNS Firewall cluster name */ name: string; /** * This setting controls how long DNS Firewall should cache negative responses * (e.g., NXDOMAIN) from the upstream servers. * * This setting does not affect the TTL value in the DNS response Cloudflare * returns to clients. Cloudflare will always forward the TTL value received from * upstream nameservers. */ negative_cache_ttl: number | null; /** * Ratelimit in queries per second per datacenter (applies to DNS queries sent to * the upstream nameservers configured on the cluster) */ ratelimit: number | null; /** * Number of retries for fetching DNS responses from upstream nameservers (not * counting the initial attempt) */ retries: number; upstream_ips: Array; /** * Attack mitigation settings */ attack_mitigation?: AttackMitigation | null; } export interface DNSFirewallGetResponse { /** * Identifier. */ id: string; /** * Whether to refuse to answer queries for the ANY type */ deprecate_any_requests: boolean; dns_firewall_ips: Array; /** * Whether to forward client IP (resolver) subnet if no EDNS Client Subnet is sent */ ecs_fallback: boolean; /** * By default, Cloudflare attempts to cache responses for as long as indicated by * the TTL received from upstream nameservers. This setting sets an upper bound on * this duration. For caching purposes, higher TTLs will be decreased to the * maximum value defined by this setting. * * This setting does not affect the TTL value in the DNS response Cloudflare * returns to clients. Cloudflare will always forward the TTL value received from * upstream nameservers. */ maximum_cache_ttl: number; /** * By default, Cloudflare attempts to cache responses for as long as indicated by * the TTL received from upstream nameservers. This setting sets a lower bound on * this duration. For caching purposes, lower TTLs will be increased to the minimum * value defined by this setting. * * This setting does not affect the TTL value in the DNS response Cloudflare * returns to clients. Cloudflare will always forward the TTL value received from * upstream nameservers. * * Note that, even with this setting, there is no guarantee that a response will be * cached for at least the specified duration. Cached responses may be removed * earlier for capacity or other operational reasons. */ minimum_cache_ttl: number; /** * Last modification of DNS Firewall cluster */ modified_on: string; /** * DNS Firewall cluster name */ name: string; /** * This setting controls how long DNS Firewall should cache negative responses * (e.g., NXDOMAIN) from the upstream servers. * * This setting does not affect the TTL value in the DNS response Cloudflare * returns to clients. Cloudflare will always forward the TTL value received from * upstream nameservers. */ negative_cache_ttl: number | null; /** * Ratelimit in queries per second per datacenter (applies to DNS queries sent to * the upstream nameservers configured on the cluster) */ ratelimit: number | null; /** * Number of retries for fetching DNS responses from upstream nameservers (not * counting the initial attempt) */ retries: number; upstream_ips: Array; /** * Attack mitigation settings */ attack_mitigation?: AttackMitigation | null; } export interface DNSFirewallCreateParams { /** * Path param: Identifier. */ account_id: string; /** * Body param: DNS Firewall cluster name */ name: string; /** * Body param: */ upstream_ips: Array; /** * Body param: Attack mitigation settings */ attack_mitigation?: AttackMitigationParam | null; /** * Body param: Whether to refuse to answer queries for the ANY type */ deprecate_any_requests?: boolean; /** * Body param: Whether to forward client IP (resolver) subnet if no EDNS Client * Subnet is sent */ ecs_fallback?: boolean; /** * Body param: By default, Cloudflare attempts to cache responses for as long as * indicated by the TTL received from upstream nameservers. This setting sets an * upper bound on this duration. For caching purposes, higher TTLs will be * decreased to the maximum value defined by this setting. * * This setting does not affect the TTL value in the DNS response Cloudflare * returns to clients. Cloudflare will always forward the TTL value received from * upstream nameservers. */ maximum_cache_ttl?: number; /** * Body param: By default, Cloudflare attempts to cache responses for as long as * indicated by the TTL received from upstream nameservers. This setting sets a * lower bound on this duration. For caching purposes, lower TTLs will be increased * to the minimum value defined by this setting. * * This setting does not affect the TTL value in the DNS response Cloudflare * returns to clients. Cloudflare will always forward the TTL value received from * upstream nameservers. * * Note that, even with this setting, there is no guarantee that a response will be * cached for at least the specified duration. Cached responses may be removed * earlier for capacity or other operational reasons. */ minimum_cache_ttl?: number; /** * Body param: This setting controls how long DNS Firewall should cache negative * responses (e.g., NXDOMAIN) from the upstream servers. * * This setting does not affect the TTL value in the DNS response Cloudflare * returns to clients. Cloudflare will always forward the TTL value received from * upstream nameservers. */ negative_cache_ttl?: number | null; /** * Body param: Ratelimit in queries per second per datacenter (applies to DNS * queries sent to the upstream nameservers configured on the cluster) */ ratelimit?: number | null; /** * Body param: Number of retries for fetching DNS responses from upstream * nameservers (not counting the initial attempt) */ retries?: number; } export interface DNSFirewallListParams extends V4PagePaginationArrayParams { /** * Path param: Identifier. */ account_id: string; } export interface DNSFirewallDeleteParams { /** * Identifier. */ account_id: string; } export interface DNSFirewallEditParams { /** * Path param: Identifier. */ account_id: string; /** * Body param: Attack mitigation settings */ attack_mitigation?: AttackMitigationParam | null; /** * Body param: Whether to refuse to answer queries for the ANY type */ deprecate_any_requests?: boolean; /** * Body param: Whether to forward client IP (resolver) subnet if no EDNS Client * Subnet is sent */ ecs_fallback?: boolean; /** * Body param: By default, Cloudflare attempts to cache responses for as long as * indicated by the TTL received from upstream nameservers. This setting sets an * upper bound on this duration. For caching purposes, higher TTLs will be * decreased to the maximum value defined by this setting. * * This setting does not affect the TTL value in the DNS response Cloudflare * returns to clients. Cloudflare will always forward the TTL value received from * upstream nameservers. */ maximum_cache_ttl?: number; /** * Body param: By default, Cloudflare attempts to cache responses for as long as * indicated by the TTL received from upstream nameservers. This setting sets a * lower bound on this duration. For caching purposes, lower TTLs will be increased * to the minimum value defined by this setting. * * This setting does not affect the TTL value in the DNS response Cloudflare * returns to clients. Cloudflare will always forward the TTL value received from * upstream nameservers. * * Note that, even with this setting, there is no guarantee that a response will be * cached for at least the specified duration. Cached responses may be removed * earlier for capacity or other operational reasons. */ minimum_cache_ttl?: number; /** * Body param: DNS Firewall cluster name */ name?: string; /** * Body param: This setting controls how long DNS Firewall should cache negative * responses (e.g., NXDOMAIN) from the upstream servers. * * This setting does not affect the TTL value in the DNS response Cloudflare * returns to clients. Cloudflare will always forward the TTL value received from * upstream nameservers. */ negative_cache_ttl?: number | null; /** * Body param: Ratelimit in queries per second per datacenter (applies to DNS * queries sent to the upstream nameservers configured on the cluster) */ ratelimit?: number | null; /** * Body param: Number of retries for fetching DNS responses from upstream * nameservers (not counting the initial attempt) */ retries?: number; /** * Body param: */ upstream_ips?: Array; } export interface DNSFirewallGetParams { /** * Identifier. */ account_id: string; } DNSFirewall.DNSFirewallListResponsesV4PagePaginationArray = DNSFirewallListResponsesV4PagePaginationArray; DNSFirewall.Analytics = Analytics; DNSFirewall.ReverseDNS = ReverseDNS; export declare namespace DNSFirewall { export { type AttackMitigation as AttackMitigation, type FirewallIPs as FirewallIPs, type UpstreamIPs as UpstreamIPs, type DNSFirewallCreateResponse as DNSFirewallCreateResponse, type DNSFirewallListResponse as DNSFirewallListResponse, type DNSFirewallDeleteResponse as DNSFirewallDeleteResponse, type DNSFirewallEditResponse as DNSFirewallEditResponse, type DNSFirewallGetResponse as DNSFirewallGetResponse, DNSFirewallListResponsesV4PagePaginationArray as DNSFirewallListResponsesV4PagePaginationArray, type DNSFirewallCreateParams as DNSFirewallCreateParams, type DNSFirewallListParams as DNSFirewallListParams, type DNSFirewallDeleteParams as DNSFirewallDeleteParams, type DNSFirewallEditParams as DNSFirewallEditParams, type DNSFirewallGetParams as DNSFirewallGetParams, }; export { Analytics as Analytics }; export { ReverseDNS as ReverseDNS, type ReverseDNSEditResponse as ReverseDNSEditResponse, type ReverseDNSGetResponse as ReverseDNSGetResponse, type ReverseDNSEditParams as ReverseDNSEditParams, type ReverseDNSGetParams as ReverseDNSGetParams, }; }