more DNS reshuffling

Author: jacobbednarz

src/content/docs/dns/dns-firewall/analytics.mdx

@@ -6,7 +6,7 @@ sidebar:
 
 ---
 
-To access analytics for your DNS Firewall, use the [Cloudflare API](/api/resources/dns/subresources/firewall/subresources/analytics/subresources/reports/methods/get/).
+To access analytics for your DNS Firewall, use the [Cloudflare API](/api/resources/dns_firewall/subresources/analytics/subresources/reports/methods/get/).
 
 Alternatively, [set up Logpush](/logs/about/) to deliver [DNS Firewall logs](/logs/reference/log-fields/account/dns_firewall_logs/) to a storage service, SIEM, or log management provider.
 

src/content/docs/dns/dns-firewall/faq.mdx

@@ -26,7 +26,7 @@ As long as there is enough allocated memory, Cloudflare does not clear items fro
 
 <Details header="Does the DNS Firewall cache SERVFAIL?">
 
-Yes. `SERVFAIL` is treated like any other negative answer for caching purposes. The default TTL is 30 seconds. You can use the [API](/api/resources/dns/subresources/firewall/methods/edit/) to set a different `negative_cache_ttl`.
+Yes. `SERVFAIL` is treated like any other negative answer for caching purposes. The default TTL is 30 seconds. You can use the [API](/api/resources/dns_firewall/methods/edit/) to set a different `negative_cache_ttl`.
 
 </Details>
 
@@ -47,13 +47,13 @@ EDNS limits the effectiveness of the DNS cache.
 
 :::
 
-Some resolvers might not be sending any EDNS data. When you set the `ecs_fallback` parameter to `true` via the [API](/api/resources/dns/subresources/firewall/methods/edit/), DNS Firewall will forward the IP subnet of the resolver instead only if there is no EDNS data present in incoming the DNS query.
+Some resolvers might not be sending any EDNS data. When you set the `ecs_fallback` parameter to `true` via the [API](/api/resources/dns_firewall/methods/edit/), DNS Firewall will forward the IP subnet of the resolver instead only if there is no EDNS data present in incoming the DNS query.
 
 </Details>
 
 <Details header="Does DNS Firewall cache negative answers?">
 
-Yes. The default TTL is 30 seconds. You can set `negative_cache_ttl` via the [API](/api/resources/dns/subresources/firewall/methods/edit/). This will affect the TTL of responses with status `REFUSED`, `NXDOMAIN`, or `SERVFAIL`.
+Yes. The default TTL is 30 seconds. You can set `negative_cache_ttl` via the [API](/api/resources/dns_firewall/methods/edit/). This will affect the TTL of responses with status `REFUSED`, `NXDOMAIN`, or `SERVFAIL`.
 
 </Details>
 

src/content/docs/dns/dns-firewall/random-prefix-attacks/setup.mdx

@@ -12,7 +12,7 @@ head:
 In order to enable automatic mitigation of [random prefix attacks](/dns/dns-firewall/random-prefix-attacks/about/):
 
 1. Set up [DNS Firewall](/dns/dns-firewall/setup/).
-2. Send a [`PATCH` request](/api/resources/dns/subresources/firewall/methods/edit/) to update your DNS Firewall cluster.
+2. Send a [`PATCH` request](/api/resources/dns_firewall/methods/edit/) to update your DNS Firewall cluster.
 
    ```bash
    curl --request PATCH "https://api.cloudflare.com/client/v4/accounts/{account_id}/dns_firewall/{cluster_tag}" \

src/content/docs/dns/dns-firewall/setup.mdx

@@ -45,7 +45,7 @@ If you forget to save your new IP addresses, find your cluster and click **IP Ad
 
 </TabItem> <TabItem label="API">
 
-You can also create a DNS Firewall cluster by sending a [POST request](/api/resources/dns/subresources/firewall/methods/create/) to the API.
+You can also create a DNS Firewall cluster by sending a [POST request](/api/resources/dns_firewall/methods/create/) to the API.
 
 </TabItem> </Tabs>
 
@@ -67,6 +67,6 @@ Configure security policy in your DNS servers and Firewall to allow only [Cloudf
 
 ## Additional options
 
-When you use the API, you can also specify other parameters, such as rate limit (in queries per second per data center). You can find the parameters descriptions and examples in the [API documentation](/api/resources/dns/subresources/firewall/methods/create/).
+When you use the API, you can also specify other parameters, such as rate limit (in queries per second per data center). You can find the parameters descriptions and examples in the [API documentation](/api/resources/dns_firewall/methods/create/).
 
-To configure rate limiting and other options for already existing clusters, use the [Update DNS Firewall Cluster](/api/resources/dns/subresources/firewall/methods/edit/) endpoint.
+To configure rate limiting and other options for already existing clusters, use the [Update DNS Firewall Cluster](/api/resources/dns_firewall/methods/edit/) endpoint.

src/content/docs/dns/dnssec/dnssec-active-migration.mdx

@@ -34,7 +34,7 @@ The provider you are migrating from must allow you to add DNSKEY records on the
 
    To import the zone file using the API, refer to the [Import DNS Records endpoint](/api/resources/dns/subresources/records/methods/import/).
 
-3. Go to **DNS** > **Settings**, and select **Enable DNSSEC**. Or use the following [API request](/api/resources/dnssec/methods/edit/).
+3. Go to **DNS** > **Settings**, and select **Enable DNSSEC**. Or use the following [API request](/api/resources/dns/subresources/dnssec/methods/edit/).
 
 ```bash
 curl --request PATCH \
@@ -45,7 +45,7 @@ https://api.cloudflare.com/client/v4/zones/{zone_id}/dnssec \
 --data '{"status": "active"}'
 ```
 
-4. Go to **DNS** > **Settings**, and enable **Multi-signer DNSSEC**. Or use the following [API request](/api/resources/dnssec/methods/edit/).
+4. Go to **DNS** > **Settings**, and enable **Multi-signer DNSSEC**. Or use the following [API request](/api/resources/dns/subresources/dnssec/methods/edit/).
 
 ```bash
 curl --request PATCH \

src/content/docs/dns/dnssec/dnssec-states.mdx

@@ -6,19 +6,19 @@ sidebar:
 
 ---
 
-This page describes different DNSSEC states and how they relate to the responses you get from the [DNSSEC details API endpoint](/api/resources/dnssec/methods/get/).
+This page describes different DNSSEC states and how they relate to the responses you get from the [DNSSEC details API endpoint](/api/resources/dns/subresources/dnssec/methods/get/).
 
 | State            | API response                                                     | Description                                                                                                                                                                       |
 | ---------------- | ---------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
 | Pending          | `"status":"pending"`<br /> `"modified_on":<TIME_STAMP>`          | DNSSEC has been enabled but the Cloudflare DS record has not been added at the registrar.                                                                                         |
 | Active           | `"status":"active"`<br /> `"modified_on":<TIME_STAMP>`           | DNSSEC has been enabled and the Cloudflare DS record is present at the registrar.                                                                                                 |
 | Pending-disabled | `"status":"pending-disabled"`<br /> `"modified_on":<TIME_STAMP>` | DNSSEC has been disabled but the Cloudflare DS record is still added at the registrar.                                                                                            |
 | Disabled         | `"status":"disabled"`<br /> `"modified_on":<TIME_STAMP>`         | DNSSEC has been disabled and the Cloudflare DS record has been removed from the registrar.                                                                                        |
-| Deleted          | `"status":"disabled"`<br /> `"modified_on": null`                | DNSSEC has never been enabled for the zone or DNSSEC has been disabled and then deleted using the [Delete DNSSEC records endpoint](/api/resources/dnssec/methods/delete/). |
+| Deleted          | `"status":"disabled"`<br /> `"modified_on": null`                | DNSSEC has never been enabled for the zone or DNSSEC has been disabled and then deleted using the [Delete DNSSEC records endpoint](/api/resources/dns/subresources/dnssec/methods/delete/). |
 
 :::caution
 
-Once you have enabled DNSSEC on a zone for the first time, you cannot transition directly from an `active` state to a `deleted` state. You can only [delete DNSSEC records](/api/resources/dnssec/methods/delete/) once your zone DNSSEC is in a `disabled` state. Cloudflare prevents you from deleting DNSSEC records before removing the DS record from the registrar to avoid DNS resolution issues. 
+Once you have enabled DNSSEC on a zone for the first time, you cannot transition directly from an `active` state to a `deleted` state. You can only [delete DNSSEC records](/api/resources/dns/subresources/dnssec/methods/delete/) once your zone DNSSEC is in a `disabled` state. Cloudflare prevents you from deleting DNSSEC records before removing the DS record from the registrar to avoid DNS resolution issues. 
 :::
 
 In both `pending` and `active` states, Cloudflare signs the zone and responds with `RRSIG`, `NSEC`, `DNSKEY`, `CDS`, and `CDNSKEY` record types.

src/content/docs/dns/dnssec/multi-signer-dnssec/setup.mdx

@@ -25,7 +25,7 @@ Note that:
 The following steps also apply if you use [Cloudflare as a secondary DNS provider](/dns/zone-setups/zone-transfers/cloudflare-as-secondary/), with the difference that, in such case, the records in steps 2 and 3 should be transferred from the primary, and step 4 is not necessary.
 :::
 
-1. Use the [Edit DNSSEC Status endpoint](/api/resources/dnssec/methods/edit/) to enable DNSSEC and activate multi-signer DNSSEC for your zone. This is done by setting `status` to `active` and `dnssec_multi_signer` to `true`, as in the following example.
+1. Use the [Edit DNSSEC Status endpoint](/api/resources/dns/subresources/dnssec/methods/edit/) to enable DNSSEC and activate multi-signer DNSSEC for your zone. This is done by setting `status` to `active` and `dnssec_multi_signer` to `true`, as in the following example.
 
 ```bash
 curl --request PATCH \

src/content/docs/dns/zone-setups/zone-transfers/cloudflare-as-primary/dnssec-for-primary.mdx

@@ -25,7 +25,7 @@ Note that:
 
 ## Steps
 
-1. Use the [Edit DNSSEC Status endpoint](/api/resources/dnssec/methods/edit/) to enable DNSSEC and activate multi-signer DNSSEC for your zone. This is done by setting `status` to `active` and `dnssec_multi_signer` to `true`, as in the following example.
+1. Use the [Edit DNSSEC Status endpoint](/api/resources/dns/subresources/dnssec/methods/edit/) to enable DNSSEC and activate multi-signer DNSSEC for your zone. This is done by setting `status` to `active` and `dnssec_multi_signer` to `true`, as in the following example.
 
 ```bash
 curl --request PATCH \

src/content/docs/dns/zone-setups/zone-transfers/cloudflare-as-secondary/dnssec-for-secondary.mdx

@@ -42,7 +42,7 @@ In this setup, DNSSEC on your pirmary DNS provider does not need to be enabled.
 
 </TabItem> <TabItem label="API">
 
-1. Use the [Edit DNSSEC Status endpoint](/api/resources/dnssec/methods/edit/) and set a `status` of `active` for your zone.
+1. Use the [Edit DNSSEC Status endpoint](/api/resources/dns/subresources/dnssec/methods/edit/) and set a `status` of `active` for your zone.
 
 ```bash
 curl --request PATCH \
@@ -55,7 +55,7 @@ https://api.cloudflare.com/client/v4/zones/{zone_id}/dnssec \
 }'
 ```
 
-2. Use the [DNSSEC Details endpoint](/api/resources/dnssec/methods/get/) to get the necessary values to create a **DS** record at your registrar.
+2. Use the [DNSSEC Details endpoint](/api/resources/dns/subresources/dnssec/methods/get/) to get the necessary values to create a **DS** record at your registrar.
 
 3. <Render file="dnssec-registrar-steps" />
 
@@ -95,7 +95,7 @@ b. Under **DNSSEC with Secondary DNS** select **Pre-signed**.
 
 </TabItem> <TabItem label="API">
 
-Use the [Edit DNSSEC Status endpoint](/api/resources/dnssec/methods/edit/) and set the `dnssec_presigned` value to `true`.
+Use the [Edit DNSSEC Status endpoint](/api/resources/dns/subresources/dnssec/methods/edit/) and set the `dnssec_presigned` value to `true`.
 
 ```bash
 curl --request PATCH \