a10_ddos_zone_template_dns
Synopsis
DNS template Configuration
Parameters
Parameters |
Choices/Defaults |
Comment |
|
|---|---|---|---|
state str/required |
[‘noop’, ‘present’, ‘absent’] |
State of the object to be created. |
|
ansible_host str/required |
Host for AXAPI authentication |
||
ansible_username str/required |
Username for AXAPI authentication |
||
ansible_password str/required |
Password for AXAPI authentication |
||
ansible_port int/required |
Port for AXAPI authentication |
||
a10_device_context_id int |
[‘1-8’] |
Device ID for aVCS configuration |
|
a10_partition str |
Destination/target partition for object/command |
||
name str/required |
Field name |
||
dns_any_check bool |
Drop DNS queries of Type ANY |
||
dns_any_check_action_list_name str |
Configure action-list to take |
||
dns_any_check_action str |
‘drop’= Drop packets (Default); ‘ignore’= Take no action; ‘blacklist-src’= Blacklist-src; ‘reset’= Reset client connection; |
||
multi_pu_threshold_distribution dict |
Field multi_pu_threshold_distribution |
||
multi_pu_threshold_distribution_value int |
Destination side rate limit only. Default= 0 |
||
multi_pu_threshold_distribution_disable str |
‘disable’= Destination side rate limit only. Default= Enable; |
||
dns_udp_authentication dict |
Field dns_udp_authentication |
||
force_tcp_cfg dict |
Field force_tcp_cfg |
||
udp_timeout int |
UDP authentication timeout in seconds |
||
min_delay int |
Optional minimum delay between DNS retransmits for authentication to pass, unit is specified by min-delay-interval |
||
min_delay_interval str |
‘100ms’= 100ms; ‘1sec’= 1sec; |
||
dns_udp_auth_pass_action_list_name str |
Configure action-list to take for passing the authentication |
||
dns_udp_auth_pass_action str |
‘authenticate-src’= authenticate-src (Default); |
||
dns_udp_auth_fail_action_list_name str |
Configure action-list to take for failing the authentication. (Applicable to dns-udp retry only) |
||
dns_udp_auth_fail_action str |
‘drop’= Drop packets (Default); ‘blacklist-src’= Blacklist-src; |
||
fqdn_label_len_cfg list |
Field fqdn_label_len_cfg |
||
label_length int |
Maximum length of FQDN label |
||
fqdn_label_suffix int |
Number of suffixes |
||
fqdn_label_length_action_list_name str |
Configure action-list to take |
||
fqdn_label_length_action str |
‘drop’= Drop packets (Default); ‘ignore’= Take no action; ‘blacklist-src’= Blacklist-src; ‘reset’= Reset client connection; |
||
fqdn_label_count_cfg dict |
Field fqdn_label_count_cfg |
||
label_count int |
Maximum number of FQDN labels per FQDN |
||
fqdn_label_count_action_list_name str |
Configure action-list to take |
||
fqdn_label_count_action str |
‘drop’= Drop packets (Default); ‘ignore’= Take no action; ‘blacklist-src’= Blacklist-src; ‘reset’= Send reset to client; |
||
src dict |
Field src |
||
rate_limit dict |
Field rate_limit |
||
dst dict |
Field dst |
||
rate_limit dict |
Field rate_limit |
||
domain_group_name str |
Apply a domain-group to the DNS template |
||
on_no_match str |
‘permit’= permit; ‘deny’= deny (default); |
||
symtimeout_cfg dict |
Field symtimeout_cfg |
||
sym_timeout bool |
Timeout for DNS Symmetric session |
||
sym_timeout_value int |
Session timeout value in seconds |
||
allow_query_class dict |
Field allow_query_class |
||
allow_internet_query_class bool |
INTERNET query class |
||
allow_csnet_query_class bool |
CSNET query class |
||
allow_chaos_query_class bool |
CHAOS query class |
||
allow_hesiod_query_class bool |
HESIOD query class |
||
allow_none_query_class bool |
NONE query class |
||
allow_any_query_class bool |
ANY query class |
||
allow_query_class_action_list_name str |
Configure action-list to take when query class doesn’t match |
||
allow_query_class_action str |
‘drop’= Drop packets (Default); ‘blacklist-src’= Blacklist-src; ‘reset’= Reset client connection; |
||
allow_record_type dict |
Field allow_record_type |
||
allow_a_type bool |
Address record |
||
allow_aaaa_type bool |
IPv6 address record |
||
allow_cname_type bool |
Canonical name record |
||
allow_mx_type bool |
Mail exchange record |
||
allow_ns_type bool |
Name server record |
||
allow_srv_type bool |
Service locator |
||
record_num_cfg list |
Field record_num_cfg |
||
allow_record_type_action_list_name str |
Configure action-list to take |
||
allow_record_type_action str |
‘drop’= Drop packets (Default); ‘blacklist-src’= Blacklist-src; ‘reset’= Reset client connection; |
||
uuid str |
uuid of the object |
||
user_tag str |
Customized tag |
||
malformed_query_check dict |
Field malformed_query_check |
||
validation_type str |
‘basic-header-check’= Basic header validation for DNS TCP/UDP queries; ‘extended-header-check’= Extended header/query validation for DNS TCP/UDP queries; ‘disable’= Disable Malform query validation for DNS TCP/UDP; |
||
non_query_opcode_check str |
‘disable’= When malform check is enabled, TPS always drops DNS query with non query opcode, this option disables this opcode check; |
||
skip_multi_packet_check bool |
Bypass DNS fragmented and TCP segmented Queries(Default= dropped) |
||
dns_malformed_query_action_list_name str |
Configure action-list to take |
||
dns_malformed_query_action str |
‘drop’= Drop packets (Default); ‘ignore’= Take no action; ‘blacklist-src’= Blacklist-src; ‘reset’= Reset client connection; |
||
uuid str |
uuid of the object |
||
Examples
Return Values
- modified_values (changed, dict, )
Values modified (or potential changes if using check_mode) as a result of task operation
- axapi_calls (always, list, )
Sequential list of AXAPI calls made by the task
- endpoint (, str, [‘/axapi/v3/slb/virtual_server’, ‘/axapi/v3/file/ssl-cert’])
The AXAPI endpoint being accessed.
- http_method (, str, [‘POST’, ‘GET’])
HTTP method being used by the primary task to interact with the AXAPI endpoint.
- request_body (, complex, )
Params used to query the AXAPI
- response_body (, complex, )
Response from the AXAPI
Status
This module is not guaranteed to have a backwards compatible interface. [preview]
This module is maintained by community.