import * as pulumi from "@pulumi/pulumi";
import * as inputs from "./types/input";
import * as outputs from "./types/output";
/**
 * ## Example Usage
 *
 * ## Import
 *
 * ```sh
 * $ pulumi import cloudflare:index/dnsFirewall:DnsFirewall example '<account_id>/<dns_firewall_id>'
 * ```
 */
export declare class DnsFirewall extends pulumi.CustomResource {
    /**
     * Get an existing DnsFirewall resource's state with the given name, ID, and optional extra
     * properties used to qualify the lookup.
     *
     * @param name The _unique_ name of the resulting resource.
     * @param id The _unique_ provider ID of the resource to lookup.
     * @param state Any extra arguments used during the lookup.
     * @param opts Optional settings to control the behavior of the CustomResource.
     */
    static get(name: string, id: pulumi.Input<pulumi.ID>, state?: DnsFirewallState, opts?: pulumi.CustomResourceOptions): DnsFirewall;
    /**
     * Returns true if the given object is an instance of DnsFirewall.  This is designed to work even
     * when multiple copies of the Pulumi SDK have been loaded into the same process.
     */
    static isInstance(obj: any): obj is DnsFirewall;
    /**
     * Identifier.
     */
    readonly accountId: pulumi.Output<string>;
    /**
     * Attack mitigation settings
     */
    readonly attackMitigation: pulumi.Output<outputs.DnsFirewallAttackMitigation>;
    /**
     * Whether to refuse to answer queries for the ANY type
     */
    readonly deprecateAnyRequests: pulumi.Output<boolean | undefined>;
    readonly dnsFirewallIps: pulumi.Output<string[]>;
    /**
     * Whether to forward client IP (resolver) subnet if no EDNS Client Subnet is sent
     */
    readonly ecsFallback: pulumi.Output<boolean | undefined>;
    /**
     * Maximum DNS cache TTL This setting sets an upper bound on DNS TTLs for purposes of caching between DNS Firewall and the upstream servers. Higher TTLs will be decreased to the maximum defined here for caching purposes.
     */
    readonly maximumCacheTtl: pulumi.Output<number>;
    /**
     * Minimum DNS cache TTL This setting sets a lower bound on DNS TTLs for purposes of caching between DNS Firewall and the upstream servers. Lower TTLs will be increased to the minimum defined here for caching purposes.
     */
    readonly minimumCacheTtl: pulumi.Output<number>;
    /**
     * Last modification of DNS Firewall cluster
     */
    readonly modifiedOn: pulumi.Output<string>;
    /**
     * DNS Firewall cluster name
     */
    readonly name: pulumi.Output<string>;
    /**
     * Negative DNS cache TTL This setting controls how long DNS Firewall should cache negative responses (e.g., NXDOMAIN) from the upstream servers.
     */
    readonly negativeCacheTtl: pulumi.Output<number | undefined>;
    /**
     * Ratelimit in queries per second per datacenter (applies to DNS queries sent to the upstream nameservers configured on the cluster)
     */
    readonly ratelimit: pulumi.Output<number | undefined>;
    /**
     * Number of retries for fetching DNS responses from upstream nameservers (not counting the initial attempt)
     */
    readonly retries: pulumi.Output<number>;
    readonly upstreamIps: pulumi.Output<string[]>;
    /**
     * Create a DnsFirewall resource with the given unique name, arguments, and options.
     *
     * @param name The _unique_ name of the resource.
     * @param args The arguments to use to populate this resource's properties.
     * @param opts A bag of options that control this resource's behavior.
     */
    constructor(name: string, args: DnsFirewallArgs, opts?: pulumi.CustomResourceOptions);
}
/**
 * Input properties used for looking up and filtering DnsFirewall resources.
 */
export interface DnsFirewallState {
    /**
     * Identifier.
     */
    accountId?: pulumi.Input<string>;
    /**
     * Attack mitigation settings
     */
    attackMitigation?: pulumi.Input<inputs.DnsFirewallAttackMitigation>;
    /**
     * Whether to refuse to answer queries for the ANY type
     */
    deprecateAnyRequests?: pulumi.Input<boolean>;
    dnsFirewallIps?: pulumi.Input<pulumi.Input<string>[]>;
    /**
     * Whether to forward client IP (resolver) subnet if no EDNS Client Subnet is sent
     */
    ecsFallback?: pulumi.Input<boolean>;
    /**
     * Maximum DNS cache TTL This setting sets an upper bound on DNS TTLs for purposes of caching between DNS Firewall and the upstream servers. Higher TTLs will be decreased to the maximum defined here for caching purposes.
     */
    maximumCacheTtl?: pulumi.Input<number>;
    /**
     * Minimum DNS cache TTL This setting sets a lower bound on DNS TTLs for purposes of caching between DNS Firewall and the upstream servers. Lower TTLs will be increased to the minimum defined here for caching purposes.
     */
    minimumCacheTtl?: pulumi.Input<number>;
    /**
     * Last modification of DNS Firewall cluster
     */
    modifiedOn?: pulumi.Input<string>;
    /**
     * DNS Firewall cluster name
     */
    name?: pulumi.Input<string>;
    /**
     * Negative DNS cache TTL This setting controls how long DNS Firewall should cache negative responses (e.g., NXDOMAIN) from the upstream servers.
     */
    negativeCacheTtl?: pulumi.Input<number>;
    /**
     * Ratelimit in queries per second per datacenter (applies to DNS queries sent to the upstream nameservers configured on the cluster)
     */
    ratelimit?: pulumi.Input<number>;
    /**
     * Number of retries for fetching DNS responses from upstream nameservers (not counting the initial attempt)
     */
    retries?: pulumi.Input<number>;
    upstreamIps?: pulumi.Input<pulumi.Input<string>[]>;
}
/**
 * The set of arguments for constructing a DnsFirewall resource.
 */
export interface DnsFirewallArgs {
    /**
     * Identifier.
     */
    accountId: pulumi.Input<string>;
    /**
     * Attack mitigation settings
     */
    attackMitigation?: pulumi.Input<inputs.DnsFirewallAttackMitigation>;
    /**
     * Whether to refuse to answer queries for the ANY type
     */
    deprecateAnyRequests?: pulumi.Input<boolean>;
    /**
     * Whether to forward client IP (resolver) subnet if no EDNS Client Subnet is sent
     */
    ecsFallback?: pulumi.Input<boolean>;
    /**
     * Maximum DNS cache TTL This setting sets an upper bound on DNS TTLs for purposes of caching between DNS Firewall and the upstream servers. Higher TTLs will be decreased to the maximum defined here for caching purposes.
     */
    maximumCacheTtl?: pulumi.Input<number>;
    /**
     * Minimum DNS cache TTL This setting sets a lower bound on DNS TTLs for purposes of caching between DNS Firewall and the upstream servers. Lower TTLs will be increased to the minimum defined here for caching purposes.
     */
    minimumCacheTtl?: pulumi.Input<number>;
    /**
     * DNS Firewall cluster name
     */
    name: pulumi.Input<string>;
    /**
     * Negative DNS cache TTL This setting controls how long DNS Firewall should cache negative responses (e.g., NXDOMAIN) from the upstream servers.
     */
    negativeCacheTtl?: pulumi.Input<number>;
    /**
     * Ratelimit in queries per second per datacenter (applies to DNS queries sent to the upstream nameservers configured on the cluster)
     */
    ratelimit?: pulumi.Input<number>;
    /**
     * Number of retries for fetching DNS responses from upstream nameservers (not counting the initial attempt)
     */
    retries?: pulumi.Input<number>;
    upstreamIps: pulumi.Input<pulumi.Input<string>[]>;
}