.. _ddos_template_dns: ddos template dns ================= DNS template Configuration dns Specification ----------------- ===================================== ================================================================= **Parameter** **Value** ===================================== ================================================================= **Type** *Collection* **Object Key(s)** *name* **Collection Name** :ref:`1186_dns_list` **Collection URI** /axapi/v3/ddos/template/dns **Element Name** dns **Element URI** /axapi/v3/ddos/template/dns/{name} **Element Attributes** dns_attributes **Partition Visibility** shared **Schema** :download:`dns schema ` ===================================== ================================================================= **Operations Allowed:** .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html
OperationMethodURIPayload
Create Object .. raw:: html POST .. raw:: html /axapi/v3/ddos/template/dns .. raw:: html :ref:`1186_dns_attributes` .. raw:: html
Create List .. raw:: html POST .. raw:: html /axapi/v3/ddos/template/dns .. raw:: html :ref:`1186_dns_attributes` .. raw:: html
Get Object .. raw:: html GET .. raw:: html /axapi/v3/ddos/template/dns/{name} .. raw:: html :ref:`1186_dns_attributes` .. raw:: html
Get List .. raw:: html GET .. raw:: html /axapi/v3/ddos/template/dns .. raw:: html :ref:`1186_dns_list` .. raw:: html
Modify Object .. raw:: html POST .. raw:: html /axapi/v3/ddos/template/dns/{name} .. raw:: html :ref:`1186_dns_attributes` .. raw:: html
Replace Object .. raw:: html PUT .. raw:: html /axapi/v3/ddos/template/dns/{name} .. raw:: html :ref:`1186_dns_attributes` .. raw:: html
Replace List .. raw:: html PUT .. raw:: html /axapi/v3/ddos/template/dns .. raw:: html :ref:`1186_dns_list` .. raw:: html
Delete Object .. raw:: html DELETE .. raw:: html /axapi/v3/ddos/template/dns/{name} .. raw:: html :ref:`1186_dns_attributes` .. raw:: html
.. _1186_dns_list: dns-list -------- dns-list is **JSON List** of :ref:`1186_dns_attributes` dns-list : [ { :ref:`1186_dns_attributes` }, { :ref:`1186_dns_attributes` }, ... ] .. _1186_dns_attributes: dns attributes -------------- **action** **Description** 'drop': Drop packets (Default action); 'reset': Send Client RST for TCP connections; **Type:** string **Supported Values:** drop, reset **Default:** drop **allow-query-class** **Description:** allow-query-class is a **JSON Block**. Please see below for :ref:`1186_allow-query-class` **Type:** Object **allow-record-type** **Description:** allow-record-type is a **JSON Block**. Please see below for :ref:`1186_allow-record-type` **Type:** Object **dns-any-check** **Description** Drop DNS queries of Type ANY **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dns-auth-cfg** **Description:** dns-auth-cfg is a **JSON Block**. Please see below for :ref:`1186_dns-auth-cfg` **Type:** Object **dns-request-rate-limit** **Description:** dns-request-rate-limit is a **JSON Block**. Please see below for :ref:`1186_dns-request-rate-limit` **Type:** Object **domain-group-name** **Description** Apply a domain-group to the DNS template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **domain-group-rate-exceed-action** **Description** 'drop': Drop the query (default); 'tunnel-encap-packet': Encapsulate the query and send on a tunnel; **Type:** string **Supported Values:** drop, tunnel-encap-packet **Default:** drop **domain-group-rate-per-service** **Description** Enable per service domain rate checking **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **encap-template** **Description** DDOS encap template to sepcify the tunnel endpoint **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **fqdn-cfg** **Type:** List **fqdn-label-count** **Description** Maximum number of length of FQDN labels **Type:** number **Range:** 1-10 **fqdn-label-len-cfg** **Type:** List **malformed-query-check** **Description:** malformed-query-check is a **JSON Block**. Please see below for :ref:`1186_malformed-query-check` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/template/dns/{name}/malformed-query-check ` **multi-pu-threshold-distribution** **Description:** multi-pu-threshold-distribution is a **JSON Block**. Please see below for :ref:`1186_multi-pu-threshold-distribution` **Type:** Object **name** **Description** **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **nxdomain-cfg** **Description:** nxdomain-cfg is a **JSON Block**. Please see below for :ref:`1186_nxdomain-cfg` **Type:** Object **on-no-match** **Description** 'permit': permit; 'deny': deny (default); **Type:** string **Supported Values:** permit, deny **Default:** deny **query-rate-threshold-for-cache-serving** **Description** This is for DNS cache mode only, it sets a DNS query rate threshold such that queries under the rate threshold would be forward **Type:** number **Range:** 1-16000000 **symtimeout-cfg** **Description:** symtimeout-cfg is a **JSON Block**. Please see below for :ref:`1186_symtimeout-cfg` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1186_dns-request-rate-limit: dns-request-rate-limit ^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **type** **Description:** type is a **JSON Block**. Please see below for :ref:`1186_dns-request-rate-limit_type` **Type:** Object .. _1186_dns-request-rate-limit_type: dns-request-rate-limit_type ^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **A-cfg** **Description:** A-cfg is a **JSON Block**. Please see below for :ref:`1186_dns-request-rate-limit_type_A-cfg` **Type:** Object **AAAA-cfg** **Description:** AAAA-cfg is a **JSON Block**. Please see below for :ref:`1186_dns-request-rate-limit_type_AAAA-cfg` **Type:** Object **CNAME-cfg** **Description:** CNAME-cfg is a **JSON Block**. Please see below for :ref:`1186_dns-request-rate-limit_type_CNAME-cfg` **Type:** Object **MX-cfg** **Description:** MX-cfg is a **JSON Block**. Please see below for :ref:`1186_dns-request-rate-limit_type_MX-cfg` **Type:** Object **NS-cfg** **Description:** NS-cfg is a **JSON Block**. Please see below for :ref:`1186_dns-request-rate-limit_type_NS-cfg` **Type:** Object **SRV-cfg** **Description:** SRV-cfg is a **JSON Block**. Please see below for :ref:`1186_dns-request-rate-limit_type_SRV-cfg` **Type:** Object **dns-type-cfg** **Type:** List .. _1186_dns-request-rate-limit_type_SRV-cfg: dns-request-rate-limit_type_SRV-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **SRV** **Description** Service locator **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dns-srv-rate** **Description** DNS request rate **Type:** number **Range:** 1-16000000 .. _1186_dns-request-rate-limit_type_CNAME-cfg: dns-request-rate-limit_type_CNAME-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **CNAME** **Description** Canonical name record **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dns-cname-rate** **Description** **Type:** number **Range:** 1-16000000 .. _1186_dns-request-rate-limit_type_dns-type-cfg: dns-request-rate-limit_type_dns-type-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **dns-request-type** **Description** Other type value **Type:** number **Range:** 1-65535 **dns-request-type-rate** **Description** request rate limit **Type:** number **Range:** 1-16000000 .. _1186_dns-request-rate-limit_type_AAAA-cfg: dns-request-rate-limit_type_AAAA-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **AAAA** **Description** IPv6 address record **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dns-aaaa-rate** **Description** **Type:** number **Range:** 1-16000000 .. _1186_dns-request-rate-limit_type_A-cfg: dns-request-rate-limit_type_A-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **A** **Description** Address record **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dns-a-rate** **Description** **Type:** number **Range:** 1-16000000 .. _1186_dns-request-rate-limit_type_MX-cfg: dns-request-rate-limit_type_MX-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **MX** **Description** Mail exchange record **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dns-mx-rate** **Description** **Type:** number **Range:** 1-16000000 .. _1186_dns-request-rate-limit_type_NS-cfg: dns-request-rate-limit_type_NS-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **NS** **Description** Name server record **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dns-ns-rate** **Description** **Type:** number **Range:** 1-16000000 .. _1186_multi-pu-threshold-distribution: multi-pu-threshold-distribution ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **multi-pu-threshold-distribution-disable** **Description** 'disable': Destination side rate limit only. Default: Enable; **Type:** string **Supported Values:** disable **Mutual Exclusion:** multi-pu-threshold-distribution-disable and multi-pu-threshold-distribution-value are mutually exclusive **multi-pu-threshold-distribution-value** **Description** Destination side rate limit only. Default: 0 **Type:** number **Range:** 1-16000000 **Mutual Exclusion:** multi-pu-threshold-distribution-value and multi-pu-threshold-distribution-disable are mutually exclusive .. _1186_nxdomain-cfg: nxdomain-cfg ^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **dns-nxdomain-rate** **Description** Limiting rate **Type:** number **Range:** 1-16000000 **dns-nxdomain-rate-limit** **Description** DNS NXDOMAIN Rate Limiting (SRC support only) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dns-nxdomain-rate-limit-action** **Description** 'drop': Drop queries if rate is exceeded; 'black-list': Black-List source if rate is exceeded; **Type:** string **Supported Values:** drop, black-list .. _1186_fqdn-cfg: fqdn-cfg ^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **by** **Description** 'domain-name': Domain Name; 'src-ip': Source IP address; 'both': Use both Domain Name and Source IP address for rate-limiting; **Type:** string **Supported Values:** domain-name, src-ip, both **Mutual Exclusion:** by and per are mutually exclusive **dns-fqdn-rate** **Description** Limiting rate (Range: 5-8000 for FQDN domain based rate limiting, 5-16000000 for FQDN label count based rate limiting) **Type:** number **Range:** 5-16000000 **dns-fqdn-rate-limit** **Description** DNS Rate limiting on the basis of FQDN **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **fqdn-rate-label-count** **Description** FQDN label count (Range: 1-8) **Type:** number **Range:** 1-8 **fqdn-rate-suffix** **Description** Suffix count **Type:** number **Range:** 1-5 **fqdn-rate-suffix-by** **Description** Number of suffixes **Type:** number **Range:** 1-5 **per** **Description** 'domain-name': Domain Name; 'src-ip': Source IP address; 'label-count': FQDN label count; **Type:** string **Supported Values:** domain-name, src-ip, label-count **Mutual Exclusion:** per and by are mutually exclusive **per-domain-per-src-ip** **Description** Use both Domain Name and Source IP address for rate-limiting **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _1186_dns-auth-cfg: dns-auth-cfg ^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **dns-auth** **Description** DNS authentication **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dns-auth-type** **Description** 'udp': Drop DNS request and monitor client retry; 'force-tcp': Force DNS request over TCP; **Type:** string **Supported Values:** udp, force-tcp **force-tcp-ignore-client-source-port** **Description** Allow client to retransmit DNS request using different source port during udp-auth (supported in asymmetric mode only) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **force-tcp-min-retry-gap** **Description** Minimum sec gap in between 2 dns-udp packets for auth to pass **Type:** number **Range:** 1-15 **force-tcp-timeout** **Description** TCP authentication timeout in seconds **Type:** number **Range:** 1-16 **min-retry-gap** **Description** Optional minimum sec gap in between 2 dns-udp packets for auth to pass, unit is specified by min-retry-gap-interval **Type:** number **Range:** 1-80 **min-retry-gap-interval** **Description** '100ms': 100ms; '1sec': 1sec; **Type:** string **Supported Values:** 100ms, 1sec **Default:** 1sec **udp-timeout** **Description** UDP authentication timeout in seconds **Type:** number **Range:** 1-16 **udp-timeout-val-only** **Description** UDP authentication timeout in seconds **Type:** number **Range:** 1-16 **with-udp-auth** **Description** Monitor client retry **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _1186_symtimeout-cfg: symtimeout-cfg ^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **sym-timeout** **Description** Timeout for DNS Symmetric session **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **sym-timeout-value** **Description** Session timeout value in seconds **Type:** number **Range:** 1-31 .. _1186_allow-query-class: allow-query-class ^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **allow-any-query-class** **Description** ANY query class **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **allow-chaos-query-class** **Description** CHAOS query class **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **allow-csnet-query-class** **Description** CSNET query class **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **allow-hesiod-query-class** **Description** HESIOD query class **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **allow-internet-query-class** **Description** INTERNET query class **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **allow-none-query-class** **Description** NONE query class **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _1186_fqdn-label-len-cfg: fqdn-label-len-cfg ^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **fqdn-label-length** **Description** Maximum FQDN label length **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **fqdn-label-suffix** **Description** Number of suffixes **Type:** number **Range:** 1-5 **label-length** **Description** Maximum length of FQDN label **Type:** number **Range:** 1-63 .. _1186_allow-record-type: allow-record-type ^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **allow-a-type** **Description** Address record **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **allow-aaaa-type** **Description** IPv6 address record **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **allow-cname-type** **Description** Canonical name record **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **allow-mx-type** **Description** Mail exchange record **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **allow-ns-type** **Description** Name server record **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **allow-srv-type** **Description** Service locator **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **record-num-cfg** **Type:** List .. _1186_allow-record-type_record-num-cfg: allow-record-type_record-num-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **allow-num-type** **Description** Other record type value **Type:** number **Range:** 1-65535 .. _1186_malformed-query-check: malformed-query-check ^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **non-query-opcode-check** **Description** 'disable': When malform check is enabled, TPS always drops DNS query with non query opcode, this option disables this opcode check; **Type:** string **Supported Values:** disable **skip-multi-packet-check** **Description** Bypass DNS fragmented and TCP segmented Queries(Default: dropped) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **validation-type** **Description** 'basic-header-check': Basic header validation for DNS TCP/UDP queries; 'extended-header-check': Extended header/query validation for DNS TCP/UDP queries; 'disable': Disable Malform query validation for DNS TCP/UDP; **Type:** string **Supported Values:** basic-header-check, extended-header-check, disable