a10_slb_template_dns
Synopsis
DNS template
Parameters
Parameters |
Choices/Defaults |
Comment |
|
|---|---|---|---|
state str/required |
[‘noop’, ‘present’, ‘absent’] |
State of the object to be created. |
|
ansible_host str/required |
Host for AXAPI authentication |
||
ansible_username str/required |
Username for AXAPI authentication |
||
ansible_password str/required |
Password for AXAPI authentication |
||
ansible_port int/required |
Port for AXAPI authentication |
||
a10_device_context_id int |
[‘1-8’] |
Device ID for aVCS configuration |
|
a10_partition str |
Destination/target partition for object/command |
||
name str/required |
DNS Template Name |
||
category_lookup_online_lookup bool |
Enable online webroot lookup |
||
category_lookup_bypass str |
DNS type class-lists for bypassing category lookup |
||
default_policy str |
‘nocache’= Cache disable; ‘cache’= Cache enable; |
||
cache_record_serving_policy str |
‘global’= Follow global cofiguration (Default); ‘no-change’= No change in record order; ‘round-robin’= Round-robin; |
||
dns_cookie_cache_policy str |
‘served-by-cache’= Answer from cache for requests with cookie; ‘served-by- backend’= Answer from server for requests with cookie; |
||
remove_aa_flag bool |
Make answers created from cache non-authoritative |
||
disable_dns_template bool |
Disable DNS template |
||
period int |
Period in minutes |
||
drop bool |
Drop the malformed query |
||
forward str |
Forward to service group (Service group name) |
||
max_query_length int |
Define Maximum DNS Query Length, default is unlimited (Specify Maximum Length) |
||
max_cache_entry_size int |
Define maximum cache entry size (Maximum cache entry size per VIP (default 1024)) |
||
max_cache_size int |
Define maximum cache size (Maximum cache entry per VIP) |
||
enable_cache_sharing bool |
Enable DNS cache sharing |
||
disable_ra_cached_resp bool |
Disable DNS recursive available flag in cached response |
||
remove_padding_to_server bool |
Remove EDNS(0) padding to server |
||
add_padding_to_client str |
‘block-length’= Block-Length Padding; ‘random-block-length’= Random-Block- Length Padding; |
||
remove_csubnet bool |
Remove EDNS(0) client subnet from client queries |
||
insert_ipv4 int |
prefix-length to insert for IPv4 |
||
insert_ipv6 int |
prefix-length to insert for IPv6 |
||
redirect_to_tcp_port bool |
Direct the client to retry with TCP for DNS UDP request |
||
query_id_switch bool |
Use DNS query ID to create sesion |
||
dnssec_service_group str |
Use different service group if DNSSEC DO bit set (Service Group Name) |
||
disable_rpz_attach_soa bool |
Disable attaching SOA due to RPZ |
||
cache_ttl_adjustment_enable bool |
enable the ttl adjustment for dns cache response |
||
dns_logging str |
dns logging template (DNS Logging template name) |
||
tld_filter_white_list str |
white-list class-list name (string-insensitive type) |
||
tld_filter_log_enable bool |
Enable dns tld filter logging |
||
qps_log_high int |
high threshold for QPS logging (queries per second) |
||
qps_log_low int |
low threshold for QPS logging (queries per second) |
||
qps_threshold_log bool |
enable threshold log for DNS QPS |
||
cache_hitcount_enable bool |
Enable DNS cache entry hit count |
||
uuid str |
uuid of the object |
||
user_tag str |
Customized tag |
||
label_length_filter dict |
Field label_length_filter |
||
drop_log_enable bool |
enable the log when hit the rule |
||
label_length_filter_action str |
‘drop’= drop; ‘ignore’= ignore; |
||
fqdn_label_length list |
Field fqdn_label_length |
||
uuid str |
uuid of the object |
||
label_count_filter dict |
Field label_count_filter |
||
drop_log_enable bool |
enable the log when hit the rule |
||
label_count_filter_action str |
‘drop’= drop; ‘ignore’= ignore; |
||
min_fqdn_label_count int |
Minimum number of FQDN labels per FQDN |
||
max_fqdn_label_count int |
Maximum number of FQDN labels per FQDN |
||
uuid str |
uuid of the object |
||
dns64 dict |
Field dns64 |
||
enable bool |
Enable DNS64 |
||
cache bool |
Use a cached A-query response to provide AAAA query responses for the same hostname |
||
change_query bool |
Always change incoming AAAA DNS Query to A |
||
parallel_query bool |
Forward AAAA Query & generate A Query in parallel |
||
retry int |
Retry count, default is 3 (Retry Number) |
||
single_response_disable bool |
Disable Single Response which is used to avoid ambiguity |
||
timeout int |
Timeout to send additional Queries, unit= second, default is 1 |
||
uuid str |
uuid of the object |
||
negative_dns_cache dict |
Field negative_dns_cache |
||
enable_negative_dns_cache bool |
Enable DNS negative cache (Need to turn-on the dns-cache for this feature) |
||
bypass_query_threshold int |
the threshold bypass the query, default is 100 |
||
max_negative_cache_ttl int |
Max negative cache ttl, default is 2 hours |
||
uuid str |
uuid of the object |
||
udp_retransmit dict |
Field udp_retransmit |
||
retry_interval int |
DNS Retry Interval value 1 - 400 in units of 100ms, default is 10 (default is 1000ms) (1 - 400 in units of 100ms, default is 10 (1000ms/1sec)) |
||
max_trials int |
Total number of times to try DNS query to server before closing client connection, default 3 |
||
uuid str |
uuid of the object |
||
query_type_filter dict |
Field query_type_filter |
||
query_type_action str |
‘allow’= Allow only certain DNS query types; ‘deny’= Deny only certain DNS query types; |
||
query_type list |
Field query_type |
||
uuid str |
uuid of the object |
||
query_class_filter dict |
Field query_class_filter |
||
query_class_action str |
‘allow’= Allow only certain DNS query classes; ‘deny’= Deny only certain DNS query classes; |
||
query_class list |
Field query_class |
||
uuid str |
uuid of the object |
||
rpz_list list |
Field rpz_list |
||
seq_id int |
sequential id of RPZ |
||
name str |
Specify a Response Policy Zone name |
||
uuid str |
uuid of the object |
||
user_tag str |
Customized tag |
||
logging dict |
Field logging |
||
class_list dict |
Field class_list |
||
name str |
Specify a class list name |
||
uuid str |
uuid of the object |
||
lid_list list |
Field lid_list |
||
response_rate_limiting dict |
Field response_rate_limiting |
||
response_rate int |
Responses exceeding this rate within the window will be dropped (default 5 per second) |
||
filter_response_rate int |
Maximum allowed request rate for the filter. This should match average traffic. (default 10 per seconds) |
||
slip_rate int |
Every n’th response that would be rate-limited will be let through instead |
||
TC_rate int |
Every n’th response that would be rate-limited will respond with TC bit |
||
match_subnet str |
IP subnet mask (response rate by IP subnet mask) |
||
match_subnet_v6 int |
IPV6 subnet mask (response rate by IPv6 subnet mask) |
||
window int |
Rate-Limiting Interval in Seconds (default is one) |
||
src_ip_only bool |
Field src_ip_only |
||
enable_log bool |
Enable logging |
||
action str |
‘log-only’= Only log rate-limiting, do not actually rate limit. Requires enable-log configuration; ‘rate-limit’= Rate-Limit based on configuration (Default); ‘whitelist’= Whitelist, disable rate-limiting; |
||
uuid str |
uuid of the object |
||
rrl_class_list_list list |
Field rrl_class_list_list |
||
local_dns_resolution dict |
Field local_dns_resolution |
||
host_list_cfg list |
Field host_list_cfg |
||
local_resolver_cfg list |
Field local_resolver_cfg |
||
uuid str |
uuid of the object |
||
recursive_dns_resolution dict |
Field recursive_dns_resolution |
||
host_list_cfg list |
Field host_list_cfg |
||
csubnet_retry bool |
retry when server REFUSED AX inserted EDNS(0) subnet, works only when insert- client-subnet is configured |
||
ns_cache_lookup str |
‘disabled’= Disable NS Cache Lookup; ‘enabled’= Enable NS Cache Lookup; |
||
ns_longest_match str |
‘disabled’= Look up NS of top level label, do a nearly-full resolution; ‘enabled’= Enable NS cache longest match; |
||
use_service_group_response str |
‘disabled’= Start Recursive Resolver if Server response doesnt have final answer; ‘enabled’= Forward Backend Server response to client and dont start recursive resolver; |
||
ipv4_nat_pool str |
IPv4 Source NAT pool or pool group |
||
ipv6_nat_pool str |
IPv6 Source NAT pool or pool group |
||
retries_per_level int |
Number of DNS query retries at each server level before closing client connection, default 6 |
||
parallel_queries int |
Number of parallel queries to send to servers |
||
full_response bool |
Serve all records (authority and additional) when applicable |
||
max_trials int |
Total number of times to try DNS query to server before closing client connection, default 255 |
||
request_for_pending_resolution str |
‘drop’= Drop of the request during ongoing; ‘respond-with-servfail’= Respond with SERVFAIL of the request during ongoing; ‘start-new-resolution’= Start new resolution of the request during ongoing; |
||
udp_retry_interval int |
UDP DNS Retry Interval value 1-6, default is 1 sec (1-6 , default is 1 sec) |
||
udp_initial_interval int |
UDP DNS Retry Interval value 1-6, default is 5 sec (1-6, default is 5sec) |
||
use_client_qid bool |
Use client side query id for recursive query |
||
default_recursive bool |
Default recursive mode, forward query to bound service-group if hostnames matched |
||
force_cname_resolution str |
‘enabled’= Force CNAME resolution always; ‘disabled’= Use answer record in CNAME response if it exists, else resolve; |
||
fast_ns_selection str |
‘enabled’= Enable fast NS selection; ‘disabled’= Disable fast NS selection; |
||
dnssec_validation str |
‘enabled’= Enable DNSSEC validation; ‘disabled’= Disable DNSSEC validation; |
||
uuid str |
uuid of the object |
||
lookup_order dict |
Field lookup_order |
||
gateway_health_check dict |
Field gateway_health_check |
||
category_lookup_list list |
Field category_lookup_list |
||
category_name str |
category-list name |
||
permit bool |
Permit matching DNS domains |
||
drop bool |
Deny matching DNS domains |
||
respond bool |
Respond to matching DNS domains |
||
respond_nxdomain bool |
Respond with NXDOMAIN |
||
respond_ip_addr str |
Type A record to respond (IPv4 address) |
||
respond_ipv6_addr str |
TYPE AAAA record to respond (IPv6 address) |
||
respond_cname_str str |
CNAME to respond (Canonical name) |
||
response_ttl int |
Set response TTL in seconds (TTL value in seconds) |
||
uuid str |
uuid of the object |
||
Examples
Return Values
- modified_values (changed, dict, )
Values modified (or potential changes if using check_mode) as a result of task operation
- axapi_calls (always, list, )
Sequential list of AXAPI calls made by the task
- endpoint (, str, [‘/axapi/v3/slb/virtual_server’, ‘/axapi/v3/file/ssl-cert’])
The AXAPI endpoint being accessed.
- http_method (, str, [‘POST’, ‘GET’])
HTTP method being used by the primary task to interact with the AXAPI endpoint.
- request_body (, complex, )
Params used to query the AXAPI
- response_body (, complex, )
Response from the AXAPI
Status
This module is not guaranteed to have a backwards compatible interface. [preview]
This module is maintained by community.