import * as pulumi from "@pulumi/pulumi";
import * as inputs from "./types/input";
import * as outputs from "./types/output";
/**
 * ## Example Usage
 *
 * ## Import
 *
 * ```sh
 * $ pulumi import cloudflare:index/dnsFirewall:DnsFirewall example '<account_id>/<dns_firewall_id>'
 * ```
 */
export declare class DnsFirewall extends pulumi.CustomResource {
    /**
     * Get an existing DnsFirewall resource's state with the given name, ID, and optional extra
     * properties used to qualify the lookup.
     *
     * @param name The _unique_ name of the resulting resource.
     * @param id The _unique_ provider ID of the resource to lookup.
     * @param state Any extra arguments used during the lookup.
     * @param opts Optional settings to control the behavior of the CustomResource.
     */
    static get(name: string, id: pulumi.Input<pulumi.ID>, state?: DnsFirewallState, opts?: pulumi.CustomResourceOptions): DnsFirewall;
    /**
     * Returns true if the given object is an instance of DnsFirewall.  This is designed to work even
     * when multiple copies of the Pulumi SDK have been loaded into the same process.
     */
    static isInstance(obj: any): obj is DnsFirewall;
    /**
     * Identifier.
     */
    readonly accountId: pulumi.Output<string>;
    /**
     * Attack mitigation settings
     */
    readonly attackMitigation: pulumi.Output<outputs.DnsFirewallAttackMitigation>;
    /**
     * Whether to refuse to answer queries for the ANY type
     */
    readonly deprecateAnyRequests: pulumi.Output<boolean | undefined>;
    readonly dnsFirewallIps: pulumi.Output<string[]>;
    /**
     * Whether to forward client IP (resolver) subnet if no EDNS Client Subnet is sent
     */
    readonly ecsFallback: pulumi.Output<boolean | undefined>;
    /**
     * By default, Cloudflare attempts to cache responses for as long as
     * indicated by the TTL received from upstream nameservers. This setting
     * sets an upper bound on this duration. For caching purposes, higher TTLs
     * will be decreased to the maximum value defined by this setting.
     */
    readonly maximumCacheTtl: pulumi.Output<number>;
    /**
     * By default, Cloudflare attempts to cache responses for as long as
     * indicated by the TTL received from upstream nameservers. This setting
     * sets a lower bound on this duration. For caching purposes, lower TTLs
     * will be increased to the minimum value defined by this setting.
     *
     * This setting does not affect the TTL value in the DNS response
     * Cloudflare returns to clients. Cloudflare will always forward the TTL
     * value received from upstream nameservers.
     *
     * Note that, even with this setting, there is no guarantee that a
     * response will be cached for at least the specified duration. Cached
     * responses may be removed earlier for capacity or other operational
     * reasons.
     */
    readonly minimumCacheTtl: pulumi.Output<number>;
    /**
     * Last modification of DNS Firewall cluster
     */
    readonly modifiedOn: pulumi.Output<string>;
    /**
     * DNS Firewall cluster name
     */
    readonly name: pulumi.Output<string>;
    /**
     * This setting controls how long DNS Firewall should cache negative
     * responses (e.g., NXDOMAIN) from the upstream servers.
     *
     * This setting does not affect the TTL value in the DNS response
     * Cloudflare returns to clients. Cloudflare will always forward the TTL
     * value received from upstream nameservers.
     */
    readonly negativeCacheTtl: pulumi.Output<number | undefined>;
    /**
     * Ratelimit in queries per second per datacenter (applies to DNS queries sent to the upstream nameservers configured on the cluster)
     */
    readonly ratelimit: pulumi.Output<number | undefined>;
    /**
     * Number of retries for fetching DNS responses from upstream nameservers (not counting the initial attempt)
     */
    readonly retries: pulumi.Output<number>;
    readonly upstreamIps: pulumi.Output<string[]>;
    /**
     * Create a DnsFirewall resource with the given unique name, arguments, and options.
     *
     * @param name The _unique_ name of the resource.
     * @param args The arguments to use to populate this resource's properties.
     * @param opts A bag of options that control this resource's behavior.
     */
    constructor(name: string, args: DnsFirewallArgs, opts?: pulumi.CustomResourceOptions);
}
/**
 * Input properties used for looking up and filtering DnsFirewall resources.
 */
export interface DnsFirewallState {
    /**
     * Identifier.
     */
    accountId?: pulumi.Input<string>;
    /**
     * Attack mitigation settings
     */
    attackMitigation?: pulumi.Input<inputs.DnsFirewallAttackMitigation>;
    /**
     * Whether to refuse to answer queries for the ANY type
     */
    deprecateAnyRequests?: pulumi.Input<boolean>;
    dnsFirewallIps?: pulumi.Input<pulumi.Input<string>[]>;
    /**
     * Whether to forward client IP (resolver) subnet if no EDNS Client Subnet is sent
     */
    ecsFallback?: pulumi.Input<boolean>;
    /**
     * By default, Cloudflare attempts to cache responses for as long as
     * indicated by the TTL received from upstream nameservers. This setting
     * sets an upper bound on this duration. For caching purposes, higher TTLs
     * will be decreased to the maximum value defined by this setting.
     */
    maximumCacheTtl?: pulumi.Input<number>;
    /**
     * By default, Cloudflare attempts to cache responses for as long as
     * indicated by the TTL received from upstream nameservers. This setting
     * sets a lower bound on this duration. For caching purposes, lower TTLs
     * will be increased to the minimum value defined by this setting.
     *
     * This setting does not affect the TTL value in the DNS response
     * Cloudflare returns to clients. Cloudflare will always forward the TTL
     * value received from upstream nameservers.
     *
     * Note that, even with this setting, there is no guarantee that a
     * response will be cached for at least the specified duration. Cached
     * responses may be removed earlier for capacity or other operational
     * reasons.
     */
    minimumCacheTtl?: pulumi.Input<number>;
    /**
     * Last modification of DNS Firewall cluster
     */
    modifiedOn?: pulumi.Input<string>;
    /**
     * DNS Firewall cluster name
     */
    name?: pulumi.Input<string>;
    /**
     * This setting controls how long DNS Firewall should cache negative
     * responses (e.g., NXDOMAIN) from the upstream servers.
     *
     * This setting does not affect the TTL value in the DNS response
     * Cloudflare returns to clients. Cloudflare will always forward the TTL
     * value received from upstream nameservers.
     */
    negativeCacheTtl?: pulumi.Input<number>;
    /**
     * Ratelimit in queries per second per datacenter (applies to DNS queries sent to the upstream nameservers configured on the cluster)
     */
    ratelimit?: pulumi.Input<number>;
    /**
     * Number of retries for fetching DNS responses from upstream nameservers (not counting the initial attempt)
     */
    retries?: pulumi.Input<number>;
    upstreamIps?: pulumi.Input<pulumi.Input<string>[]>;
}
/**
 * The set of arguments for constructing a DnsFirewall resource.
 */
export interface DnsFirewallArgs {
    /**
     * Identifier.
     */
    accountId: pulumi.Input<string>;
    /**
     * Attack mitigation settings
     */
    attackMitigation?: pulumi.Input<inputs.DnsFirewallAttackMitigation>;
    /**
     * Whether to refuse to answer queries for the ANY type
     */
    deprecateAnyRequests?: pulumi.Input<boolean>;
    /**
     * Whether to forward client IP (resolver) subnet if no EDNS Client Subnet is sent
     */
    ecsFallback?: pulumi.Input<boolean>;
    /**
     * By default, Cloudflare attempts to cache responses for as long as
     * indicated by the TTL received from upstream nameservers. This setting
     * sets an upper bound on this duration. For caching purposes, higher TTLs
     * will be decreased to the maximum value defined by this setting.
     */
    maximumCacheTtl?: pulumi.Input<number>;
    /**
     * By default, Cloudflare attempts to cache responses for as long as
     * indicated by the TTL received from upstream nameservers. This setting
     * sets a lower bound on this duration. For caching purposes, lower TTLs
     * will be increased to the minimum value defined by this setting.
     *
     * This setting does not affect the TTL value in the DNS response
     * Cloudflare returns to clients. Cloudflare will always forward the TTL
     * value received from upstream nameservers.
     *
     * Note that, even with this setting, there is no guarantee that a
     * response will be cached for at least the specified duration. Cached
     * responses may be removed earlier for capacity or other operational
     * reasons.
     */
    minimumCacheTtl?: pulumi.Input<number>;
    /**
     * DNS Firewall cluster name
     */
    name: pulumi.Input<string>;
    /**
     * This setting controls how long DNS Firewall should cache negative
     * responses (e.g., NXDOMAIN) from the upstream servers.
     *
     * This setting does not affect the TTL value in the DNS response
     * Cloudflare returns to clients. Cloudflare will always forward the TTL
     * value received from upstream nameservers.
     */
    negativeCacheTtl?: pulumi.Input<number>;
    /**
     * Ratelimit in queries per second per datacenter (applies to DNS queries sent to the upstream nameservers configured on the cluster)
     */
    ratelimit?: pulumi.Input<number>;
    /**
     * Number of retries for fetching DNS responses from upstream nameservers (not counting the initial attempt)
     */
    retries?: pulumi.Input<number>;
    upstreamIps: pulumi.Input<pulumi.Input<string>[]>;
}