Cloudflare Docs
DNS
DNS
Visit DNS on GitHub
Set theme to dark (⇧+D)

Protect against random prefix attacks

In order to enable automatic mitigation of random prefix attacks:

  1. Set up DNS Firewall.

  2. Send a PATCH request to update your DNS Firewall cluster.

    curl -X PATCH "https://api.cloudflare.com/client/v4/accounts/<ACCOUNT_ID>/dns_firewall/<CLUSTER_TAG>" \
    -H "Authorization: Bearer <token>" \
    -H "Content-Type: application/json" \
    --data '{"attack_mitigation":{
    "enabled":true,
    "only_when_upstream_unhealthy":true
    }
    }'

Once you receive a 200 success response from the API, queries identified as being part of a random prefix attack will receive a REFUSED response.