DnsPolicy

Description

API


    POST /api/dnspolicy
    PUT /api/dnspolicy/&ltkey>
    DELETE /api/dnspolicy/&ltkey>
    GET /api/dnspolicy
    GET /api/dnspolicy/&ltkey>

CLI


    configure dnspolicy &ltkey>
    show dnspolicy &ltkey>

Data

DnsPolicy

uuid

Type
string
Category
optional
Description
UUID of the DNS Policy

name

Type
string
Category
optional
Description
Name of the DNS Policy

rule

Type
DnsRule
Category
repeated
Description
DNS rules

created_by

Type
string
Category
optional
Description
Creator name

description

Type
string
Category
optional
Description

tenant_ref

Type
Reference to Tenant
Category
optional
Description

DnsRule

name

Type
string
Category
optional
Description
Name of the rule

index

Type
int32
Category
optional
Description
Index of the rule

enable

Type
bool
Category
optional
Description
Enable or disable the rule
Default
True

match

Type
DnsRuleMatchTarget
Category
optional
Description
Add match criteria to the rule

action

Type
DnsRuleAction
Category
optional
Description
Action to be performed upon successful matching

log

Type
bool
Category
optional
Description
Log DNS query upon rule match

DnsRuleMatchTarget

client_ip

Type
IpAddrMatch
Category
optional
Description
IP addresses to match against client IP

protocol

Type
DnsTransportProtocolMatch
Category
optional
Description
DNS transport protocol match

query_name

Type
DnsQueryNameMatch
Category
optional
Description
Domain names to match against query name

query_type

Type
DnsQueryTypeMatch
Category
optional
Description
DNS query types to match against request query type

IpAddrMatch

match_criteria

Type
enum
Category
required
Description
Criterion to use for IP address matching the HTTP request
Choices
IS_IN, IS_NOT_IN

addrs

Type
IpAddr
Category
repeated
Description
IP address(es)

ranges

Type
IpAddrRange
Category
repeated
Description
IP address range(s)

prefixes

Type
IpAddrPrefix
Category
repeated
Description
IP address prefix(es)

group_refs

Type
Reference to IpAddrGroup
Category
repeated
Description
UUID of IP address group(s)

IpAddr

addr

Type
string
Category
required
Description
IP address

type

Type
enum
Category
required
Description
Choices
V4, DNS

IpAddrRange

begin

Type
IpAddr
Category
required
Description
Starting IP address of the range

end

Type
IpAddr
Category
required
Description
Ending IP address of the range

IpAddrPrefix

ip_addr

Type
IpAddr
Category
required
Description

mask

Type
int32
Category
required
Description

DnsTransportProtocolMatch

match_criteria

Type
enum
Category
optional
Description
Criterion to use for matching the DNS transport protocol
Choices
IS_IN, IS_NOT_IN

protocol

Type
enum
Category
optional
Description
Protocol to match against transport protocol used by DNS query
Choices
DNS_OVER_UDP, DNS_OVER_TCP

DnsQueryNameMatch

match_criteria

Type
enum
Category
optional
Description
Criterion to use for string matching the DNS query domain name in the question section
Choices
BEGINS_WITH, DOES_NOT_BEGIN_WITH, CONTAINS, DOES_NOT_CONTAIN, ENDS_WITH, DOES_NOT_END_WITH, EQUALS, DOES_NOT_EQUAL, REGEX_MATCH, REGEX_DOES_NOT_MATCH

query_domain_names

Type
string
Category
repeated
Description
Domain name to match against that specified in the question section of the DNS query

string_group_refs

Type
Reference to StringGroup
Category
repeated
Description
UUID of the string group(s) for matching against DNS query domain name in the question section

DnsQueryTypeMatch

match_criteria

Type
enum
Category
optional
Description
Criterion to use for matching the DNS query typein the question section
Choices
IS_IN, IS_NOT_IN

query_type

Type
enum
Category
repeated
Description
DNS query types in the request query
Choices
DNS_RECORD_OTHER, DNS_RECORD_A, DNS_RECORD_NS, DNS_RECORD_CNAME, DNS_RECORD_SOA, DNS_RECORD_PTR, DNS_RECORD_HINFO, DNS_RECORD_MX, DNS_RECORD_TXT, DNS_RECORD_RP, DNS_RECORD_DNSKEY, DNS_RECORD_AAAA, DNS_RECORD_SRV, DNS_RECORD_OPT, DNS_RECORD_RRSIG, DNS_RECORD_AXFR, DNS_RECORD_ANY

DnsRuleAction

allow

Type
DnsRuleActionAllowDrop
Category
optional
Description
Allow or drop the DNS query

response

Type
DnsRuleActionResponse
Category
optional
Description
Generate a response for the DNS query

DnsRuleActionAllowDrop

allow

Type
bool
Category
optional
Description
Allow the DNS query
Default
True

reset_conn

Type
bool
Category
optional
Description
Reset the TCP connection of the DNS query, if allow is set to false to drop the query
Default
True

DnsRuleActionResponse

rcode

Type
enum
Category
optional
Description
DNS response code
Default
DNS_RCODE_NOERROR
Choices
DNS_RCODE_NOERROR, DNS_RCODE_FORMERR, DNS_RCODE_SERVFAIL, DNS_RCODE_NXDOMAIN, DNS_RCODE_NOTIMP, DNS_RCODE_REFUSED, DNS_RCODE_YXDOMAIN, DNS_RCODE_YXRRSET, DNS_RCODE_NXRRSET, DNS_RCODE_NOTAUTH, DNS_RCODE_NOTZONE

truncation

Type
bool
Category
optional
Description
DNS response is truncated
Default
False

authoritative

Type
bool
Category
optional
Description
DNS response is authoritative
Default
True

References

IpAddrGroup StringGroup Tenant

Sub Objects