cloudflare · RebeccaTamachiro · May 12, 2025 · May 9, 2025 · May 9, 2025 · May 9, 2025
@@ -9,22 +9,23 @@ head:
 
 ---
 
+import { APIRequest } from "~/components";
+
 In order to enable automatic mitigation of [random prefix attacks](/dns/dns-firewall/random-prefix-attacks/about/):
 
 1. Set up [DNS Firewall](/dns/dns-firewall/setup/).
 2. Send a [`PATCH` request](/api/resources/dns_firewall/methods/edit/) to update your DNS Firewall cluster.
 
-   ```bash
-   curl --request PATCH "https://api.cloudflare.com/client/v4/accounts/{account_id}/dns_firewall/{cluster_tag}" \
-   --header "Authorization: Bearer <API_TOKEN>" \
-   --header "Content-Type: application/json" \
-   --data '{
-     "attack_mitigation": {
-       "enabled": true,
-       "only_when_upstream_unhealthy": true
-     }
-   }'
-   ```
+   <APIRequest
+   	path="/accounts/{account_id}/dns_firewall/{dns_firewall_id}"
+   	method="PATCH"
+   	json={{
+      "attack_mitigation": {
+        "enabled": true,
+        "only_when_upstream_unhealthy": true,
+      }
+   	}}
+   />
 
 Once you receive a `200` success response from the API, queries identified as being part of a random prefix attack will receive a `REFUSED` response.
 

@@ -9,7 +9,7 @@ head:
     content: DNSSEC migration tutorial
 ---
 
-import { Details } from "~/components";
+import { Details, APIRequest } from "~/components";
 
 Follow this tutorial to migrate an existing DNS zone to Cloudflare without having to disable DNSSEC.
 
@@ -36,25 +36,23 @@ The provider you are migrating from must allow you to add DNSKEY records on the
 
 3. Go to **DNS** > **Settings**, and select **Enable DNSSEC**. Or use the following [API request](/api/resources/dns/subresources/dnssec/methods/edit/).
 
-```bash
-curl --request PATCH \
-https://api.cloudflare.com/client/v4/zones/{zone_id}/dnssec \
---header "X-Auth-Email: <EMAIL>" \
---header "X-Auth-Key: <API_KEY>" \
---header "Content-Type: application/json" \
---data '{"status": "active"}'
-```
+<APIRequest
+	path="/zones/{zone_id}/dnssec"
+	method="PATCH"
+	json={{
+  	"status": "active",
+	}}
+/>
 
 4. Go to **DNS** > **Settings**, and enable **Multi-signer DNSSEC**. Or use the following [API request](/api/resources/dns/subresources/dnssec/methods/edit/).
 
-```bash
-curl --request PATCH \
-https://api.cloudflare.com/client/v4/zones/{zone_id}/dnssec \
---header "X-Auth-Email: <EMAIL>" \
---header "X-Auth-Key: <API_KEY>" \
---header "Content-Type: application/json" \
---data '{"dnssec_multi_signer": true}'
-```
+<APIRequest
+	path="/zones/{zone_id}/dnssec"
+	method="PATCH"
+	json={{
+  	"dnssec_multi_signer": true,
+	}}
+/>
 
 ## 2. Cross-import ZSKs
 

@@ -6,7 +6,7 @@ sidebar:
   label: Setup
 ---
 
-import { Tabs, TabItem } from "~/components";
+import { Tabs, TabItem, APIRequest } from "~/components";
 
 This page explains how you can enable [multi-signer DNSSEC](/dns/dnssec/multi-signer-dnssec/about/) with Cloudflare, using the [model 2](/dns/dnssec/multi-signer-dnssec/about/#model-2) as described in [RFC 8901](https://www.rfc-editor.org/rfc/rfc8901.html).
 
@@ -44,17 +44,14 @@ For the purpose of this tutorial, you will update your registrar with the DS rec
 
 1. Use the [Edit DNSSEC Status endpoint](/api/resources/dns/subresources/dnssec/methods/edit/) to enable DNSSEC and activate multi-signer DNSSEC for your zone. Set `status` to `active` and `dnssec_multi_signer` to `true`, as in the following example.
 
-```bash
-curl --request PATCH \
-"https://api.cloudflare.com/client/v4/zones/{zone_id}/dnssec" \
---header "X-Auth-Email: <EMAIL>" \
---header "X-Auth-Key: <API_KEY>" \
---header "Content-Type: application/json" \
---data '{
-  "status": "active",
-  "dnssec_multi_signer": true
-}'
-```
+<APIRequest
+	path="/zones/{zone_id}/dnssec"
+	method="PATCH"
+	json={{
+  	"status": "active",
+  	"dnssec_multi_signer": true,
+	}}
+/>
 
 2. Add the ZSK(s) of your external provider(s) to Cloudflare by creating a DNSKEY record on your zone.
 
@@ -97,16 +94,13 @@ curl "https://api.cloudflare.com/client/v4/zones/{zone_id}/dns_records" \
 This step is required. Without turning on this setting, Cloudflare will ignore any `NS` records created on the zone apex. This means that responses to DNS queries made to the zone apex and requesting `NS` records will only contain Cloudflare nameservers.
 :::
 
-```bash
-curl --request PATCH \
-"https://api.cloudflare.com/client/v4/zones/{zone_id}/dns_settings" \
---header "X-Auth-Email: <EMAIL>" \
---header "X-Auth-Key: <API_KEY>" \
---header "Content-Type: application/json" \
---data '{
-    "multi_provider": true
-}'
-```
+<APIRequest
+	path="/zones/{zone_id}/dns_settings"
+	method="PATCH"
+	json={{
+		"multi_provider": true,
+	}}
+/>
 
 </TabItem>
 </Tabs>
@@ -135,16 +129,14 @@ For the purpose of this tutorial, you will update your registrar with the DS rec
 
 1. Use the [Edit DNSSEC Status endpoint](/api/resources/dns/subresources/dnssec/methods/edit/) to enable DNSSEC and activate multi-signer DNSSEC for your zone. Set `status` to `active` and `dnssec_multi_signer` to `true`, as in the following example.
 
-```bash
-$ curl --request PATCH 'https://api.cloudflare.com/client/v4/zones/{zone_id}/dnssec' \
---header "X-Auth-Email: <EMAIL>" \
---header "X-Auth-Key: <API_KEY>" \
---header "Content-Type: application/json" \
---data '{
-  "status": "active",
-  "dnssec_multi_signer": true
-}'
-```
+<APIRequest
+	path="/zones/{zone_id}/dnssec"
+	method="PATCH"
+	json={{
+  	"status": "active",
+  	"dnssec_multi_signer": true,
+	}}
+/>
 
 2. Add the ZSK(s) of your external provider(s) to a DNSKEY record at your primary DNS provider. This record should be transferred successfully to Cloudflare.
 

@@ -6,7 +6,7 @@ sidebar:
   label: Setup
 ---
 
-import { TabItem, Tabs } from "~/components";
+import { TabItem, Tabs, APIRequest } from "~/components";
 
 Advanced nameservers included with [Foundation DNS](/dns/foundation-dns/) are an opt-in configuration.
 
@@ -27,16 +27,13 @@ To enable advanced nameservers on an existing zone:
 
     Use the [Update DNS Settings](/api/resources/dns/subresources/settings/methods/edit/) endpoint to send a PATCH request like the following:
 
-    ```bash
-    curl --request PATCH \
-    "https://api.cloudflare.com/client/v4/zones/{zone_id}/dns_settings" \
-    --header "X-Auth-Email: <EMAIL>" \
-    --header "X-Auth-Key: <API_KEY>" \
-    --header "Content-Type: application/json" \
-    --data '{
-      "foundation_dns": true
-    }'
-    ```
+  	<APIRequest
+  	path="/zones/{zone_id}/dns_settings"
+  	method="PATCH"
+  	json={{
+  		"foundation_dns": true,
+  	}}
+    />
 
     The response body will contain your assigned namservers in the `nameservers` object. You will use these nameservers in the next step.
 

@@ -14,7 +14,7 @@ description: With tenant-level custom nameservers, you can use the same custom
 
 ---
 
-import { Example, Render } from "~/components"
+import { Example, Render, APIRequest } from "~/components"
 
 <Render file="acns-tcns-intro" params={{ one: "Tenant", two: "T", three: "tenant", four: "accounts", five: "tenant " }} />
 
@@ -38,17 +38,15 @@ If you are an account owner and your account is part of a tenant that has custom
 
 1. Use a [PUT command](/api/resources/zones/subresources/custom_nameservers/methods/update/) and specify `ns_type` and `ns_set`.
 
-```bash
-curl --request PUT https://api.cloudflare.com/client/v4/zones/{zone_id}/custom_ns \
---header "X-Auth-Email: <EMAIL>" \
---header "X-Auth-Key: <API_KEY>" \
---header "Content-Type: application/json" \
---data '{
-  "enabled": true,
-  "ns_type": "tenant",
-  "ns_set": <SET>
-}'
-```
+<APIRequest
+	path="/zones/{zone_id}/custom_ns"
+	method="PUT"
+  json={{
+    "enabled": true,
+		"ns_type": "tenant",
+		"ns_set": "<SET>",
+		}}
+/>
 
 :::note
 

@@ -9,7 +9,7 @@ head:
     content: Set up multi-signer DNSSEC with outgoing zone transfers
 ---
 
-import { Example } from "~/components";
+import { Example, APIRequest } from "~/components";
 
 With [outgoing zone transfers](/dns/zone-setups/zone-transfers/cloudflare-as-primary/), you keep Cloudflare as your primary DNS provider and use one or more secondary providers for increased availability and fault tolerance.
 
@@ -27,17 +27,14 @@ Note that:
 
 1. Use the [Edit DNSSEC Status endpoint](/api/resources/dns/subresources/dnssec/methods/edit/) to enable DNSSEC and activate multi-signer DNSSEC for your zone. This is done by setting `status` to `active` and `dnssec_multi_signer` to `true`, as in the following example.
 
-```bash
-curl --request PATCH \
-'https://api.cloudflare.com/client/v4/zones/{zone_id}/dnssec' \
---header "X-Auth-Email: <EMAIL>" \
---header "X-Auth-Key: <API_KEY>" \
---header "Content-Type: application/json" \
---data '{
-  "status": "active",
-  "dnssec_multi_signer": true
-}'
-```
+<APIRequest
+	path="/zones/{zone_id}/dnssec"
+	method="PATCH"
+	json={{
+  	"status": "active",
+  	"dnssec_multi_signer": true,
+	}}
+/>
 
 2. Add the ZSK(s) of your external provider(s) to Cloudflare by creating a DNSKEY record on your zone.
 

@@ -8,7 +8,7 @@ head:
     content: Set up outgoing zone transfers (Cloudflare as Primary)
 ---
 
-import { Render, TabItem, Tabs } from "~/components";
+import { Render, TabItem, Tabs, APIRequest } from "~/components";
 
 With [outgoing zone transfers](/dns/zone-setups/zone-transfers/cloudflare-as-primary/), you can keep Cloudflare as your primary DNS provider and use one or more secondary providers for increased availability and fault tolerance.
 
@@ -137,16 +137,13 @@ If your account [zone defaults](/dns/additional-options/dns-zone-defaults/) are
 
 Send the following `PATCH` request replacing the placeholders with your zone ID and authentication information:
 
-```bash
-curl --request PATCH \
-"https://api.cloudflare.com/client/v4/zones/{zone_id}/dns_settings" \
---header "X-Auth-Email: <EMAIL>" \
---header "X-Auth-Key: <API_KEY>" \
---header "Content-Type: application/json" \
---data '{
-  "multi_provider": true
-}'
-```
+<APIRequest
+	path="/zones/{zone_id}/dns_settings"
+	method="PATCH"
+	json={{
+		"multi_provider": true,
+	}}
+/>
 
 </TabItem> </Tabs>
 

@@ -8,7 +8,7 @@ head:
     content: DNSSEC for Secondary DNS
 ---
 
-import { Render, TabItem, Tabs, GlossaryTooltip } from "~/components";
+import { Render, TabItem, Tabs, GlossaryTooltip, APIRequest } from "~/components";
 
 [DNS Security Extensions (DNSSEC)](https://www.cloudflare.com/learning/dns/dns-security/) increase security by adding cryptographic signatures to DNS records. When you use multiple providers and Cloudflare is secondary, you have a few options to enable DNSSEC for records served by Cloudflare.
 
@@ -44,16 +44,13 @@ In this setup, DNSSEC on your pirmary DNS provider does not need to be enabled.
 
 1. Use the [Edit DNSSEC Status endpoint](/api/resources/dns/subresources/dnssec/methods/edit/) and set a `status` of `active` for your zone.
 
-```bash
-curl --request PATCH \
-https://api.cloudflare.com/client/v4/zones/{zone_id}/dnssec \
---header "X-Auth-Email: <EMAIL>" \
---header "X-Auth-Key: <API_KEY>" \
---header "Content-Type: application/json" \
---data '{
-  "status": "active"
-}'
-```
+<APIRequest
+	path="/zones/{zone_id}/dnssec"
+	method="PATCH"
+	json={{
+		"status": "active",
+	}}
+/>
 
 2. Use the [DNSSEC Details endpoint](/api/resources/dns/subresources/dnssec/methods/get/) to get the necessary values to create a **DS** record at your registrar.
 
@@ -95,16 +92,13 @@ b. Under **DNSSEC with Secondary DNS** select **Pre-signed**.
 
 Use the [Edit DNSSEC Status endpoint](/api/resources/dns/subresources/dnssec/methods/edit/) and set the `dnssec_presigned` value to `true`.
 
-```bash
-curl --request PATCH \
-https://api.cloudflare.com/client/v4/zones/{zone_id}/dnssec \
---header "X-Auth-Email: <EMAIL>" \
---header "X-Auth-Key: <API_KEY>" \
---header "Content-Type: application/json" \
---data '{
-  "dnssec_presigned": true
-}'
-```
+<APIRequest
+	path="/zones/{zone_id}/dnssec"
+	method="PATCH"
+	json={{
+		"dnssec_presigned": true,
+	}}
+/>
 
 </TabItem> </Tabs>
 

@@ -8,7 +8,7 @@ head:
     content: Proxy traffic with Secondary DNS override
 ---
 
-import { TabItem, Tabs } from "~/components";
+import { TabItem, Tabs, APIRequest } from "~/components";
 
 When you set up [incoming zone transfers](/dns/zone-setups/zone-transfers/cloudflare-as-secondary/setup/) on a secondary zone, you cannot enable the proxy on any transferred DNS records by default.
 
@@ -47,16 +47,13 @@ Before you set up Secondary DNS override, make sure that you have:
 
 1. To enable Secondary DNS override on a zone, use the following PATCH request:
 
-```bash
-curl --request PATCH \
-https://api.cloudflare.com/client/v4/zones/{zone_id}/dns_settings \
---header "X-Auth-Email: <EMAIL>" \
---header "X-Auth-Key: <API_KEY>" \
---header "Content-Type: application/json" \
---data '{
-  "secondary_overrides": true
-}'
-```
+<APIRequest
+	path="/zones/{zone_id}/dns_settings"
+	method="PATCH"
+	json={{
+		"secondary_overrides": true,
+	}}
+/>
 
 2. For specific A, AAAA, or CNAME records, send a [POST](/api/resources/dns/subresources/records/methods/create/) request with the `proxied` status as `true`.
    - Make sure the added record has the same name as the transferred record you intend to proxy. Cloudflare only looks at the name and the proxy status, so the record content does not matter.