diff --git a/src/content/docs/dns/dns-firewall/random-prefix-attacks/setup.mdx b/src/content/docs/dns/dns-firewall/random-prefix-attacks/setup.mdx index d73dd043a19ca69..f712596f09fb7e7 100644 --- a/src/content/docs/dns/dns-firewall/random-prefix-attacks/setup.mdx +++ b/src/content/docs/dns/dns-firewall/random-prefix-attacks/setup.mdx @@ -9,22 +9,23 @@ head: --- +import { APIRequest } from "~/components"; + In order to enable automatic mitigation of [random prefix attacks](/dns/dns-firewall/random-prefix-attacks/about/): 1. Set up [DNS Firewall](/dns/dns-firewall/setup/). 2. Send a [`PATCH` request](/api/resources/dns_firewall/methods/edit/) to update your DNS Firewall cluster. - ```bash - curl --request PATCH "https://api.cloudflare.com/client/v4/accounts/{account_id}/dns_firewall/{cluster_tag}" \ - --header "Authorization: Bearer " \ - --header "Content-Type: application/json" \ - --data '{ - "attack_mitigation": { - "enabled": true, - "only_when_upstream_unhealthy": true - } - }' - ``` + Once you receive a `200` success response from the API, queries identified as being part of a random prefix attack will receive a `REFUSED` response. diff --git a/src/content/docs/dns/dnssec/dnssec-active-migration.mdx b/src/content/docs/dns/dnssec/dnssec-active-migration.mdx index b034152cbe31e8f..7448900b115bce0 100644 --- a/src/content/docs/dns/dnssec/dnssec-active-migration.mdx +++ b/src/content/docs/dns/dnssec/dnssec-active-migration.mdx @@ -9,7 +9,7 @@ head: content: DNSSEC migration tutorial --- -import { Details } from "~/components"; +import { Details, APIRequest } from "~/components"; Follow this tutorial to migrate an existing DNS zone to Cloudflare without having to disable DNSSEC. @@ -36,25 +36,23 @@ The provider you are migrating from must allow you to add DNSKEY records on the 3. Go to **DNS** > **Settings**, and select **Enable DNSSEC**. Or use the following [API request](/api/resources/dns/subresources/dnssec/methods/edit/). -```bash -curl --request PATCH \ -https://api.cloudflare.com/client/v4/zones/{zone_id}/dnssec \ ---header "X-Auth-Email: " \ ---header "X-Auth-Key: " \ ---header "Content-Type: application/json" \ ---data '{"status": "active"}' -``` + 4. Go to **DNS** > **Settings**, and enable **Multi-signer DNSSEC**. Or use the following [API request](/api/resources/dns/subresources/dnssec/methods/edit/). -```bash -curl --request PATCH \ -https://api.cloudflare.com/client/v4/zones/{zone_id}/dnssec \ ---header "X-Auth-Email: " \ ---header "X-Auth-Key: " \ ---header "Content-Type: application/json" \ ---data '{"dnssec_multi_signer": true}' -``` + ## 2. Cross-import ZSKs diff --git a/src/content/docs/dns/dnssec/multi-signer-dnssec/setup.mdx b/src/content/docs/dns/dnssec/multi-signer-dnssec/setup.mdx index 668f86f5b47bccd..ab17588dc7c60c8 100644 --- a/src/content/docs/dns/dnssec/multi-signer-dnssec/setup.mdx +++ b/src/content/docs/dns/dnssec/multi-signer-dnssec/setup.mdx @@ -6,7 +6,7 @@ sidebar: label: Setup --- -import { Tabs, TabItem } from "~/components"; +import { Tabs, TabItem, APIRequest } from "~/components"; This page explains how you can enable [multi-signer DNSSEC](/dns/dnssec/multi-signer-dnssec/about/) with Cloudflare, using the [model 2](/dns/dnssec/multi-signer-dnssec/about/#model-2) as described in [RFC 8901](https://www.rfc-editor.org/rfc/rfc8901.html). @@ -44,17 +44,14 @@ For the purpose of this tutorial, you will update your registrar with the DS rec 1. Use the [Edit DNSSEC Status endpoint](/api/resources/dns/subresources/dnssec/methods/edit/) to enable DNSSEC and activate multi-signer DNSSEC for your zone. Set `status` to `active` and `dnssec_multi_signer` to `true`, as in the following example. -```bash -curl --request PATCH \ -"https://api.cloudflare.com/client/v4/zones/{zone_id}/dnssec" \ ---header "X-Auth-Email: " \ ---header "X-Auth-Key: " \ ---header "Content-Type: application/json" \ ---data '{ - "status": "active", - "dnssec_multi_signer": true -}' -``` + 2. Add the ZSK(s) of your external provider(s) to Cloudflare by creating a DNSKEY record on your zone. @@ -97,16 +94,13 @@ curl "https://api.cloudflare.com/client/v4/zones/{zone_id}/dns_records" \ This step is required. Without turning on this setting, Cloudflare will ignore any `NS` records created on the zone apex. This means that responses to DNS queries made to the zone apex and requesting `NS` records will only contain Cloudflare nameservers. ::: -```bash -curl --request PATCH \ -"https://api.cloudflare.com/client/v4/zones/{zone_id}/dns_settings" \ ---header "X-Auth-Email: " \ ---header "X-Auth-Key: " \ ---header "Content-Type: application/json" \ ---data '{ - "multi_provider": true -}' -``` + @@ -135,16 +129,14 @@ For the purpose of this tutorial, you will update your registrar with the DS rec 1. Use the [Edit DNSSEC Status endpoint](/api/resources/dns/subresources/dnssec/methods/edit/) to enable DNSSEC and activate multi-signer DNSSEC for your zone. Set `status` to `active` and `dnssec_multi_signer` to `true`, as in the following example. -```bash -$ curl --request PATCH 'https://api.cloudflare.com/client/v4/zones/{zone_id}/dnssec' \ ---header "X-Auth-Email: " \ ---header "X-Auth-Key: " \ ---header "Content-Type: application/json" \ ---data '{ - "status": "active", - "dnssec_multi_signer": true -}' -``` + 2. Add the ZSK(s) of your external provider(s) to a DNSKEY record at your primary DNS provider. This record should be transferred successfully to Cloudflare. diff --git a/src/content/docs/dns/foundation-dns/setup.mdx b/src/content/docs/dns/foundation-dns/setup.mdx index 6b16fc5a707d815..58f14fceb101cfe 100644 --- a/src/content/docs/dns/foundation-dns/setup.mdx +++ b/src/content/docs/dns/foundation-dns/setup.mdx @@ -6,7 +6,7 @@ sidebar: label: Setup --- -import { TabItem, Tabs } from "~/components"; +import { TabItem, Tabs, APIRequest } from "~/components"; Advanced nameservers included with [Foundation DNS](/dns/foundation-dns/) are an opt-in configuration. @@ -27,16 +27,13 @@ To enable advanced nameservers on an existing zone: Use the [Update DNS Settings](/api/resources/dns/subresources/settings/methods/edit/) endpoint to send a PATCH request like the following: - ```bash - curl --request PATCH \ - "https://api.cloudflare.com/client/v4/zones/{zone_id}/dns_settings" \ - --header "X-Auth-Email: " \ - --header "X-Auth-Key: " \ - --header "Content-Type: application/json" \ - --data '{ - "foundation_dns": true - }' - ``` + The response body will contain your assigned namservers in the `nameservers` object. You will use these nameservers in the next step. diff --git a/src/content/docs/dns/nameservers/custom-nameservers/tenant-custom-nameservers.mdx b/src/content/docs/dns/nameservers/custom-nameservers/tenant-custom-nameservers.mdx index 94f270fd733e1fd..a35d70ed0f052a4 100644 --- a/src/content/docs/dns/nameservers/custom-nameservers/tenant-custom-nameservers.mdx +++ b/src/content/docs/dns/nameservers/custom-nameservers/tenant-custom-nameservers.mdx @@ -14,7 +14,7 @@ description: With tenant-level custom nameservers, you can use the same custom --- -import { Example, Render } from "~/components" +import { Example, Render, APIRequest } from "~/components" @@ -38,17 +38,15 @@ If you are an account owner and your account is part of a tenant that has custom 1. Use a [PUT command](/api/resources/zones/subresources/custom_nameservers/methods/update/) and specify `ns_type` and `ns_set`. -```bash -curl --request PUT https://api.cloudflare.com/client/v4/zones/{zone_id}/custom_ns \ ---header "X-Auth-Email: " \ ---header "X-Auth-Key: " \ ---header "Content-Type: application/json" \ ---data '{ - "enabled": true, - "ns_type": "tenant", - "ns_set": -}' -``` +", + }} +/> :::note diff --git a/src/content/docs/dns/zone-setups/zone-transfers/cloudflare-as-primary/dnssec-for-primary.mdx b/src/content/docs/dns/zone-setups/zone-transfers/cloudflare-as-primary/dnssec-for-primary.mdx index d5a3bbb60cb5f05..8c8f29caeee5062 100644 --- a/src/content/docs/dns/zone-setups/zone-transfers/cloudflare-as-primary/dnssec-for-primary.mdx +++ b/src/content/docs/dns/zone-setups/zone-transfers/cloudflare-as-primary/dnssec-for-primary.mdx @@ -9,7 +9,7 @@ head: content: Set up multi-signer DNSSEC with outgoing zone transfers --- -import { Example } from "~/components"; +import { Example, APIRequest } from "~/components"; With [outgoing zone transfers](/dns/zone-setups/zone-transfers/cloudflare-as-primary/), you keep Cloudflare as your primary DNS provider and use one or more secondary providers for increased availability and fault tolerance. @@ -27,17 +27,14 @@ Note that: 1. Use the [Edit DNSSEC Status endpoint](/api/resources/dns/subresources/dnssec/methods/edit/) to enable DNSSEC and activate multi-signer DNSSEC for your zone. This is done by setting `status` to `active` and `dnssec_multi_signer` to `true`, as in the following example. -```bash -curl --request PATCH \ -'https://api.cloudflare.com/client/v4/zones/{zone_id}/dnssec' \ ---header "X-Auth-Email: " \ ---header "X-Auth-Key: " \ ---header "Content-Type: application/json" \ ---data '{ - "status": "active", - "dnssec_multi_signer": true -}' -``` + 2. Add the ZSK(s) of your external provider(s) to Cloudflare by creating a DNSKEY record on your zone. diff --git a/src/content/docs/dns/zone-setups/zone-transfers/cloudflare-as-primary/setup.mdx b/src/content/docs/dns/zone-setups/zone-transfers/cloudflare-as-primary/setup.mdx index d1610048c685726..6929ca9f970b5b3 100644 --- a/src/content/docs/dns/zone-setups/zone-transfers/cloudflare-as-primary/setup.mdx +++ b/src/content/docs/dns/zone-setups/zone-transfers/cloudflare-as-primary/setup.mdx @@ -8,7 +8,7 @@ head: content: Set up outgoing zone transfers (Cloudflare as Primary) --- -import { Render, TabItem, Tabs } from "~/components"; +import { Render, TabItem, Tabs, APIRequest } from "~/components"; With [outgoing zone transfers](/dns/zone-setups/zone-transfers/cloudflare-as-primary/), you can keep Cloudflare as your primary DNS provider and use one or more secondary providers for increased availability and fault tolerance. @@ -137,16 +137,13 @@ If your account [zone defaults](/dns/additional-options/dns-zone-defaults/) are Send the following `PATCH` request replacing the placeholders with your zone ID and authentication information: -```bash -curl --request PATCH \ -"https://api.cloudflare.com/client/v4/zones/{zone_id}/dns_settings" \ ---header "X-Auth-Email: " \ ---header "X-Auth-Key: " \ ---header "Content-Type: application/json" \ ---data '{ - "multi_provider": true -}' -``` + diff --git a/src/content/docs/dns/zone-setups/zone-transfers/cloudflare-as-secondary/dnssec-for-secondary.mdx b/src/content/docs/dns/zone-setups/zone-transfers/cloudflare-as-secondary/dnssec-for-secondary.mdx index 8f20b885bc3991b..3828c873e93ee12 100644 --- a/src/content/docs/dns/zone-setups/zone-transfers/cloudflare-as-secondary/dnssec-for-secondary.mdx +++ b/src/content/docs/dns/zone-setups/zone-transfers/cloudflare-as-secondary/dnssec-for-secondary.mdx @@ -8,7 +8,7 @@ head: content: DNSSEC for Secondary DNS --- -import { Render, TabItem, Tabs, GlossaryTooltip } from "~/components"; +import { Render, TabItem, Tabs, GlossaryTooltip, APIRequest } from "~/components"; [DNS Security Extensions (DNSSEC)](https://www.cloudflare.com/learning/dns/dns-security/) increase security by adding cryptographic signatures to DNS records. When you use multiple providers and Cloudflare is secondary, you have a few options to enable DNSSEC for records served by Cloudflare. @@ -44,16 +44,13 @@ In this setup, DNSSEC on your pirmary DNS provider does not need to be enabled. 1. Use the [Edit DNSSEC Status endpoint](/api/resources/dns/subresources/dnssec/methods/edit/) and set a `status` of `active` for your zone. -```bash -curl --request PATCH \ -https://api.cloudflare.com/client/v4/zones/{zone_id}/dnssec \ ---header "X-Auth-Email: " \ ---header "X-Auth-Key: " \ ---header "Content-Type: application/json" \ ---data '{ - "status": "active" -}' -``` + 2. Use the [DNSSEC Details endpoint](/api/resources/dns/subresources/dnssec/methods/get/) to get the necessary values to create a **DS** record at your registrar. @@ -95,16 +92,13 @@ b. Under **DNSSEC with Secondary DNS** select **Pre-signed**. Use the [Edit DNSSEC Status endpoint](/api/resources/dns/subresources/dnssec/methods/edit/) and set the `dnssec_presigned` value to `true`. -```bash -curl --request PATCH \ -https://api.cloudflare.com/client/v4/zones/{zone_id}/dnssec \ ---header "X-Auth-Email: " \ ---header "X-Auth-Key: " \ ---header "Content-Type: application/json" \ ---data '{ - "dnssec_presigned": true -}' -``` + diff --git a/src/content/docs/dns/zone-setups/zone-transfers/cloudflare-as-secondary/proxy-traffic.mdx b/src/content/docs/dns/zone-setups/zone-transfers/cloudflare-as-secondary/proxy-traffic.mdx index c91a994840205ab..dd9e9d636a4873f 100644 --- a/src/content/docs/dns/zone-setups/zone-transfers/cloudflare-as-secondary/proxy-traffic.mdx +++ b/src/content/docs/dns/zone-setups/zone-transfers/cloudflare-as-secondary/proxy-traffic.mdx @@ -8,7 +8,7 @@ head: content: Proxy traffic with Secondary DNS override --- -import { TabItem, Tabs } from "~/components"; +import { TabItem, Tabs, APIRequest } from "~/components"; When you set up [incoming zone transfers](/dns/zone-setups/zone-transfers/cloudflare-as-secondary/setup/) on a secondary zone, you cannot enable the proxy on any transferred DNS records by default. @@ -47,16 +47,13 @@ Before you set up Secondary DNS override, make sure that you have: 1. To enable Secondary DNS override on a zone, use the following PATCH request: -```bash -curl --request PATCH \ -https://api.cloudflare.com/client/v4/zones/{zone_id}/dns_settings \ ---header "X-Auth-Email: " \ ---header "X-Auth-Key: " \ ---header "Content-Type: application/json" \ ---data '{ - "secondary_overrides": true -}' -``` + 2. For specific A, AAAA, or CNAME records, send a [POST](/api/resources/dns/subresources/records/methods/create/) request with the `proxied` status as `true`. - Make sure the added record has the same name as the transferred record you intend to proxy. Cloudflare only looks at the name and the proxy status, so the record content does not matter. diff --git a/src/content/partials/dns/internal-reference-zone-api.mdx b/src/content/partials/dns/internal-reference-zone-api.mdx index 00173b94a09c36c..05e1180d9227406 100644 --- a/src/content/partials/dns/internal-reference-zone-api.mdx +++ b/src/content/partials/dns/internal-reference-zone-api.mdx @@ -3,16 +3,21 @@ --- +import { APIRequest } from "~/components"; + In the following example, internal zone A (ID `8a904aeb565c42cfa207d98f6edea2f3`) is referencing internal zone B (ID `8e64c6fb4b514f3faf64de81efc11e51`). -```bash -curl --request PATCH \ -https://api.cloudflare.com/client/v4/zones/8a904aeb565c42cfa207d98f6edea2f3/dns_settings \ ---header "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \ ---header "Content-Type: application/json" \ ---data '{ + \ No newline at end of file