a10_ddos_template_dns
Synopsis
DNS template Configuration
Parameters
Parameters |
Choices/Defaults |
Comment |
|
---|---|---|---|
state str/required |
[‘noop’, ‘present’, ‘absent’] |
State of the object to be created. |
|
ansible_host str/required |
Host for AXAPI authentication |
||
ansible_username str/required |
Username for AXAPI authentication |
||
ansible_password str/required |
Password for AXAPI authentication |
||
ansible_port int/required |
Port for AXAPI authentication |
||
a10_device_context_id int |
[‘1-8’] |
Device ID for aVCS configuration |
|
a10_partition str |
Destination/target partition for object/command |
||
name str/required |
Field name |
||
action str |
‘drop’= Drop packets (Default action); ‘reset’= Send Client RST for TCP connections; |
||
dns_any_check bool |
Drop DNS queries of Type ANY |
||
dns_auth_cfg dict |
Field dns_auth_cfg |
||
dns_auth bool |
DNS authentication |
||
dns_auth_type str |
‘udp’= Drop DNS request and monitor client retry; ‘force-tcp’= Force DNS request over TCP; |
||
udp_timeout_val_only int |
UDP authentication timeout in seconds |
||
udp_timeout int |
UDP authentication timeout in seconds |
||
min_retry_gap int |
Optional minimum sec gap in between 2 dns-udp packets for auth to pass, unit is specified by min-retry-gap-interval |
||
min_retry_gap_interval str |
‘100ms’= 100ms; ‘1sec’= 1sec; |
||
with_udp_auth bool |
Monitor client retry |
||
force_tcp_timeout int |
TCP authentication timeout in seconds |
||
force_tcp_min_retry_gap int |
Minimum sec gap in between 2 dns-udp packets for auth to pass |
||
force_tcp_ignore_client_source_port bool |
Allow client to retransmit DNS request using different source port during udp- auth (supported in asymmetric mode only) |
||
multi_pu_threshold_distribution dict |
Field multi_pu_threshold_distribution |
||
multi_pu_threshold_distribution_value int |
Destination side rate limit only. Default= 0 |
||
multi_pu_threshold_distribution_disable str |
‘disable’= Destination side rate limit only. Default= Enable; |
||
fqdn_cfg list |
Field fqdn_cfg |
||
dns_fqdn_rate_limit bool |
DNS Rate limiting on the basis of FQDN |
||
dns_fqdn_rate int |
Limiting rate (Range= 5-8000 for FQDN domain based rate limiting, 5-16000000 for FQDN label count based rate limiting) |
||
per str |
‘domain-name’= Domain Name; ‘src-ip’= Source IP address; ‘label-count’= FQDN label count; |
||
per_domain_per_src_ip bool |
Use both Domain Name and Source IP address for rate-limiting |
||
fqdn_rate_suffix int |
Suffix count |
||
fqdn_rate_label_count int |
FQDN label count (Range= 1-8) |
||
by str |
‘domain-name’= Domain Name; ‘src-ip’= Source IP address; ‘both’= Use both Domain Name and Source IP address for rate-limiting; |
||
fqdn_rate_suffix_by int |
Number of suffixes |
||
fqdn_label_len_cfg list |
Field fqdn_label_len_cfg |
||
fqdn_label_length bool |
Maximum FQDN label length |
||
label_length int |
Maximum length of FQDN label |
||
fqdn_label_suffix int |
Number of suffixes |
||
fqdn_label_count int |
Maximum number of length of FQDN labels |
||
nxdomain_cfg dict |
Field nxdomain_cfg |
||
dns_nxdomain_rate_limit bool |
DNS NXDOMAIN Rate Limiting (SRC support only) |
||
dns_nxdomain_rate int |
Limiting rate |
||
dns_nxdomain_rate_limit_action str |
‘drop’= Drop queries if rate is exceeded; ‘black-list’= Black-List source if rate is exceeded; |
||
symtimeout_cfg dict |
Field symtimeout_cfg |
||
sym_timeout bool |
Timeout for DNS Symmetric session |
||
sym_timeout_value int |
Session timeout value in seconds |
||
dns_request_rate_limit dict |
Field dns_request_rate_limit |
||
ntype dict |
Field type |
||
domain_group_name str |
Apply a domain-group to the DNS template |
||
on_no_match str |
‘permit’= permit; ‘deny’= deny (default); |
||
domain_group_rate_exceed_action str |
‘drop’= Drop the query (default); ‘tunnel-encap-packet’= Encapsulate the query and send on a tunnel; |
||
encap_template str |
DDOS encap template to sepcify the tunnel endpoint |
||
domain_group_rate_per_service bool |
Enable per service domain rate checking |
||
query_rate_threshold_for_cache_serving int |
This is for DNS cache mode only, it sets a DNS query rate threshold such that queries under the rate threshold would be forward |
||
allow_query_class dict |
Field allow_query_class |
||
allow_internet_query_class bool |
INTERNET query class |
||
allow_csnet_query_class bool |
CSNET query class |
||
allow_chaos_query_class bool |
CHAOS query class |
||
allow_hesiod_query_class bool |
HESIOD query class |
||
allow_none_query_class bool |
NONE query class |
||
allow_any_query_class bool |
ANY query class |
||
allow_record_type dict |
Field allow_record_type |
||
allow_a_type bool |
Address record |
||
allow_aaaa_type bool |
IPv6 address record |
||
allow_cname_type bool |
Canonical name record |
||
allow_mx_type bool |
Mail exchange record |
||
allow_ns_type bool |
Name server record |
||
allow_srv_type bool |
Service locator |
||
record_num_cfg list |
Field record_num_cfg |
||
uuid str |
uuid of the object |
||
user_tag str |
Customized tag |
||
malformed_query_check dict |
Field malformed_query_check |
||
validation_type str |
‘basic-header-check’= Basic header validation for DNS TCP/UDP queries; ‘extended-header-check’= Extended header/query validation for DNS TCP/UDP queries; ‘disable’= Disable Malform query validation for DNS TCP/UDP; |
||
non_query_opcode_check str |
‘disable’= When malform check is enabled, TPS always drops DNS query with non query opcode, this option disables this opcode check; |
||
skip_multi_packet_check bool |
Bypass DNS fragmented and TCP segmented Queries(Default= dropped) |
||
uuid str |
uuid of the object |
Examples
Return Values
- modified_values (changed, dict, )
Values modified (or potential changes if using check_mode) as a result of task operation
- axapi_calls (always, list, )
Sequential list of AXAPI calls made by the task
- endpoint (, str, [‘/axapi/v3/slb/virtual_server’, ‘/axapi/v3/file/ssl-cert’])
The AXAPI endpoint being accessed.
- http_method (, str, [‘POST’, ‘GET’])
HTTP method being used by the primary task to interact with the AXAPI endpoint.
- request_body (, complex, )
Params used to query the AXAPI
- response_body (, complex, )
Response from the AXAPI
Status
This module is not guaranteed to have a backwards compatible interface. [preview]
This module is maintained by community.