Analytics
To access analytics for your DNS Firewall, use the Cloudflare API.
Alternatively, set up Logpush to deliver DNS Firewall logs to a storage service, SIEM, or log management provider.
When analyzing why Cloudflare DNS Firewall responded in one way or another to a specific query, consider the responseReason log field.
The following table provides a description for each of the values that might be returned as a response reason:
| Value | Description |
|---|---|
success | Response was successfully served, either from Cloudflare cache or forwarded from the upstream. |
upstream_failure | Response could not be fetched from the upstream due to the upstream failing to respond. |
upstream_servfail | Response could not be fetched from the upstream due to the upstream responding with SERVFAIL. |
invalid_query | Query is invalid and cannot be processed. |
any_type_blocked | Query of type ANY was blocked according to your DNS Firewall settings (RFC 8482 ↗). |
rate_limit | Query was rate limited according to your DNS Firewall settings. |
chaos_success | Response for Chaos class ↗ was successfully served. |
attack_mitigation_block | Query was blocked as part of random prefix attack mitigation. |
unknown | There was an unknown error. |