{ "id":"/axapi/v3/ddos/zone-template/dns/{name}", "type":"object", "node-type":"list", "title":"dns", "partition-visibility":"shared", "description":"DNS template Configuration", "properties":{ "name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "optional":false }, "dns-any-check":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Drop DNS queries of Type ANY", "optional":true }, "dns-any-check-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"dns-any-check-action", "description":"Configure action-list to take", "optional":true }, "dns-any-check-action":{ "type":"string", "format":"enum", "default":"drop", "partition-visibility":"shared", "not":"dns-any-check-action-list-name", "description":"'drop': Drop packets (Default); 'ignore': Take no action; 'blacklist-src': Blacklist-src; 'reset': Reset client connection; ", "enum":[ "drop", "ignore", "blacklist-src", "reset" ], "optional":true }, "multi-pu-threshold-distribution":{ "type":"object", "properties":{ "multi-pu-threshold-distribution-value":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "not":"multi-pu-threshold-distribution-disable", "description":"Destination side rate limit only. Default: 0" }, "multi-pu-threshold-distribution-disable":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"multi-pu-threshold-distribution-value", "description":"'disable': Destination side rate limit only. Default: Enable; ", "enum":[ "disable" ] } } }, "dns-udp-authentication":{ "type":"object", "properties":{ "force-tcp-cfg":{ "type":"object", "properties":{ "force-tcp":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "not-list":[ "udp-timeout", "min-delay" ], "description":"Force DNS request over TCP" }, "force-tcp-timeout":{ "type":"number", "format":"number", "minimum":1, "maximum":16, "partition-visibility":"shared", "description":"UDP authentication timeout in seconds" }, "force-tcp-min-delay":{ "type":"number", "format":"number", "minimum":1, "maximum":15, "partition-visibility":"shared", "description":"Optional minimum delay (seconds) between DNS retransmits for authentication to pass" }, "force-tcp-ignore-client-source-port":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Allow client to retransmit DNS request using different source port during udp-auth (supported in asymmetric mode only)" } } }, "udp-timeout":{ "type":"number", "format":"number", "minimum":1, "maximum":16, "partition-visibility":"shared", "not":"force-tcp", "description":"UDP authentication timeout in seconds" }, "min-delay":{ "type":"number", "format":"number", "minimum":1, "maximum":80, "partition-visibility":"shared", "not":"force-tcp", "description":"Optional minimum delay between DNS retransmits for authentication to pass, unit is specified by min-delay-interval" }, "min-delay-interval":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'100ms': 100ms; '1sec': 1sec; ", "enum":[ "100ms", "1sec" ] }, "dns-udp-auth-pass-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"dns-udp-auth-pass-action", "description":"Configure action-list to take for passing the authentication" }, "dns-udp-auth-pass-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"dns-udp-auth-pass-action-list-name", "description":"'authenticate-src': authenticate-src (Default); ", "enum":[ "authenticate-src" ] }, "dns-udp-auth-fail-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"dns-udp-auth-fail-action", "description":"Configure action-list to take for failing the authentication. (Applicable to dns-udp retry only)" }, "dns-udp-auth-fail-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"dns-udp-auth-fail-action-list-name", "description":"'drop': Drop packets (Default); 'blacklist-src': Blacklist-src; ", "enum":[ "drop", "blacklist-src" ] } } }, "fqdn-label-len-cfg":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "label-length":{ "type":"number", "format":"number", "minimum":1, "maximum":63, "partition-visibility":"shared", "description":"Maximum length of FQDN label" }, "fqdn-label-suffix":{ "type":"number", "format":"number", "minimum":1, "maximum":5, "partition-visibility":"shared", "description":"Number of suffixes" }, "fqdn-label-length-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"fqdn-label-length-action", "description":"Configure action-list to take" }, "fqdn-label-length-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"fqdn-label-length-action-list-name", "description":"'drop': Drop packets (Default); 'ignore': Take no action; 'blacklist-src': Blacklist-src; 'reset': Reset client connection; ", "enum":[ "drop", "ignore", "blacklist-src", "reset" ] } } } ] }, "fqdn-label-count-cfg":{ "type":"object", "properties":{ "label-count":{ "type":"number", "format":"number", "minimum":1, "maximum":10, "partition-visibility":"shared", "description":"Maximum number of FQDN labels per FQDN" }, "fqdn-label-count-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"fqdn-label-count-action", "description":"Configure action-list to take" }, "fqdn-label-count-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"fqdn-label-count-action-list-name", "description":"'drop': Drop packets (Default); 'ignore': Take no action; 'blacklist-src': Blacklist-src; 'reset': Send reset to client; ", "enum":[ "drop", "ignore", "blacklist-src", "reset" ] } } }, "src":{ "type":"object", "properties":{ "rate-limit":{ "type":"object", "properties":{ "nxdomain":{ "type":"object", "properties":{ "dns-nxdomain-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "description":"Limiting rate" }, "dns-nxdomain-rate-limit-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"dns-nxdomain-rate-limit-action", "description":"Configure action-list to take" }, "dns-nxdomain-rate-limit-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"dns-nxdomain-rate-limit-action-list-name", "description":"'drop': Drop packets (Default); 'ignore': Take no action; 'blacklist-src': Blacklist-src; 'reset': Reset client connection; ", "enum":[ "drop", "ignore", "blacklist-src", "reset" ] } } }, "request":{ "type":"object", "properties":{ "type":{ "type":"object", "properties":{ "A-cfg":{ "type":"object", "properties":{ "A":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Address record" }, "src-dns-a-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared" } } }, "AAAA-cfg":{ "type":"object", "properties":{ "AAAA":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"IPv6 address record" }, "src-dns-aaaa-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared" } } }, "CNAME-cfg":{ "type":"object", "properties":{ "CNAME":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Canonical name record" }, "src-dns-cname-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared" } } }, "MX-cfg":{ "type":"object", "properties":{ "MX":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Mail exchange record" }, "src-dns-mx-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared" } } }, "NS-cfg":{ "type":"object", "properties":{ "NS":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Name server record" }, "src-dns-ns-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared" } } }, "SRV-cfg":{ "type":"object", "properties":{ "SRV":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Service locator" }, "src-dns-srv-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "description":"DNS request rate" } } }, "dns-type-cfg":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "src-dns-request-type":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "partition-visibility":"shared", "description":"Other type value" }, "src-dns-request-type-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "description":"request rate limit" } } } ] } } }, "src-dns-request-rate-limit-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"src-dns-request-rate-limit-action", "description":"Configure action-list to take" }, "src-dns-request-rate-limit-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"src-dns-request-rate-limit-action-list-name", "description":"'drop': Drop packets (Default); 'ignore': Take no action; 'blacklist-src': Blacklist-src; 'reset': Reset client connection; ", "enum":[ "drop", "ignore", "blacklist-src", "reset" ] } } } } } } }, "dst":{ "type":"object", "properties":{ "rate-limit":{ "type":"object", "properties":{ "fqdn":{ "type":"object", "properties":{ "dns-fqdn-rate-cfg":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "dns-fqdn-rate":{ "type":"number", "format":"number", "minimum":5, "maximum":16000000, "partition-visibility":"shared", "description":"Limiting rate (Range: 5-8000 for FQDN domain based rate limiting, 5-16000000 for FQDN label count based rate limiting)" }, "per":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'domain-name': Domain Name; 'src-ip': Source IP address; 'label-count': FQDN label count; ", "enum":[ "domain-name", "src-ip", "label-count" ] }, "per-domain-per-src-ip":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Use both Domain Name and Source IP address for rate-limiting" }, "fqdn-rate-suffix":{ "type":"number", "format":"number", "minimum":1, "maximum":5, "partition-visibility":"shared", "description":"Suffix count" }, "fqdn-rate-label-count":{ "type":"number", "format":"number", "minimum":1, "maximum":8, "partition-visibility":"shared", "description":"FQDN label count (Range: 1-8)" } } } ] }, "dns-fqdn-rate-limit-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"dns-fqdn-rate-limit-action", "description":"Configure action-list to take" }, "dns-fqdn-rate-limit-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"dns-fqdn-rate-limit-action-list-name", "description":"'drop': Drop packets (Default); 'ignore': Take no action; 'reset': Reset client connection; 'blacklist-src': Blacklist-src; ", "enum":[ "drop", "ignore", "reset", "blacklist-src" ] } } }, "domain-group-rate-exceed-action":{ "type":"string", "format":"enum", "default":"drop", "partition-visibility":"shared", "description":"'drop': Drop the query (default); 'tunnel-encap-packet': Encapsulate the query and send on a tunnel; ", "enum":[ "drop", "tunnel-encap-packet" ] }, "encap-template":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"DDOS encap template to sepcify the tunnel endpoint" }, "domain-group-rate-per-service":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable per service domain rate checking" }, "request":{ "type":"object", "properties":{ "type":{ "type":"object", "properties":{ "A-cfg":{ "type":"object", "properties":{ "A":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Address record" }, "dns-a-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared" } } }, "AAAA-cfg":{ "type":"object", "properties":{ "AAAA":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"IPv6 address record" }, "dns-aaaa-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared" } } }, "CNAME-cfg":{ "type":"object", "properties":{ "CNAME":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Canonical name record" }, "dns-cname-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared" } } }, "MX-cfg":{ "type":"object", "properties":{ "MX":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Mail exchange record" }, "dns-mx-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared" } } }, "NS-cfg":{ "type":"object", "properties":{ "NS":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Name server record" }, "dns-ns-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared" } } }, "SRV-cfg":{ "type":"object", "properties":{ "SRV":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Service locator" }, "dns-srv-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "description":"DNS request rate" } } }, "dns-type-cfg":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "dns-request-type":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "partition-visibility":"shared", "description":"Other type value" }, "dns-request-type-rate":{ "type":"number", "format":"number", "minimum":1, "maximum":16000000, "partition-visibility":"shared", "description":"request rate limit" } } } ] } } }, "dst-dns-request-rate-limit-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"dst-dns-request-rate-limit-action", "description":"Configure action-list to take" }, "dst-dns-request-rate-limit-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"dst-dns-request-rate-limit-action-list-name", "description":"'drop': Drop packets (Default); 'ignore': Take no action; 'reset': Reset client connection; 'blacklist-src': Blacklist-src; ", "enum":[ "drop", "ignore", "reset", "blacklist-src" ] } } } } } } }, "domain-group-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":128, "partition-visibility":"shared", "description":"Apply a domain-group to the DNS template", "optional":true }, "on-no-match":{ "type":"string", "format":"enum", "default":"deny", "partition-visibility":"shared", "description":"'permit': permit; 'deny': deny (default); ", "enum":[ "permit", "deny" ], "optional":true }, "symtimeout-cfg":{ "type":"object", "properties":{ "sym-timeout":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Timeout for DNS Symmetric session" }, "sym-timeout-value":{ "type":"number", "format":"number", "minimum":1, "maximum":31, "partition-visibility":"shared", "description":"Session timeout value in seconds" } } }, "allow-query-class":{ "type":"object", "properties":{ "allow-internet-query-class":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"INTERNET query class" }, "allow-csnet-query-class":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"CSNET query class" }, "allow-chaos-query-class":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"CHAOS query class" }, "allow-hesiod-query-class":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"HESIOD query class" }, "allow-none-query-class":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"NONE query class" }, "allow-any-query-class":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"ANY query class" }, "allow-query-class-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"allow-query-class-action", "description":"Configure action-list to take when query class doesn't match" }, "allow-query-class-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"allow-query-class-action-list-name", "description":"'drop': Drop packets (Default); 'blacklist-src': Blacklist-src; 'reset': Reset client connection; ", "enum":[ "drop", "blacklist-src", "reset" ] } } }, "allow-record-type":{ "type":"object", "properties":{ "allow-a-type":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Address record" }, "allow-aaaa-type":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"IPv6 address record" }, "allow-cname-type":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Canonical name record" }, "allow-mx-type":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Mail exchange record" }, "allow-ns-type":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Name server record" }, "allow-srv-type":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Service locator" }, "record-num-cfg":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "allow-num-type":{ "type":"number", "format":"number", "minimum":1, "maximum":65535, "partition-visibility":"shared", "description":"Other record type value" } } } ] }, "allow-record-type-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"allow-record-type-action", "description":"Configure action-list to take" }, "allow-record-type-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"allow-record-type-action-list-name", "description":"'drop': Drop packets (Default); 'blacklist-src': Blacklist-src; 'reset': Reset client connection; ", "enum":[ "drop", "blacklist-src", "reset" ] } } }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "malformed-query-check":{ "type":"object", "$ref":"/axapi/v3/ddos/zone-template/dns/{name}/malformed-query-check", "properties":{ "validation-type":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'basic-header-check': Basic header validation for DNS TCP/UDP queries; 'extended-header-check': Extended header/query validation for DNS TCP/UDP queries; 'disable': Disable Malform query validation for DNS TCP/UDP; ", "enum":[ "basic-header-check", "extended-header-check", "disable" ] }, "non-query-opcode-check":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'disable': When malform check is enabled, TPS always drops DNS query with non query opcode, this option disables this opcode check; ", "enum":[ "disable" ] }, "skip-multi-packet-check":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Bypass DNS fragmented and TCP segmented Queries(Default: dropped)" }, "dns-malformed-query-action-list-name":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/ddos/action-list", "not":"dns-malformed-query-action", "description":"Configure action-list to take" }, "dns-malformed-query-action":{ "type":"string", "format":"enum", "partition-visibility":"shared", "not":"dns-malformed-query-action-list-name", "description":"'drop': Drop packets (Default); 'ignore': Take no action; 'blacklist-src': Blacklist-src; 'reset': Reset client connection; ", "enum":[ "drop", "ignore", "blacklist-src", "reset" ] }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" } } } }, "object-keys":[ "name" ], "required":[ "name" ] }