.. _ddos_zone_template_dns: ddos zone-template dns ====================== DNS template Configuration dns Specification ----------------- ===================================== ====================================================================== **Parameter** **Value** ===================================== ====================================================================== **Type** *Collection* **Object Key(s)** *name* **Collection Name** :ref:`1246_dns_list` **Collection URI** /axapi/v3/ddos/zone-template/dns **Element Name** dns **Element URI** /axapi/v3/ddos/zone-template/dns/{name} **Element Attributes** dns_attributes **Partition Visibility** shared **Schema** :download:`dns schema ` ===================================== ====================================================================== **Operations Allowed:** .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html
OperationMethodURIPayload
Create Object .. raw:: html POST .. raw:: html /axapi/v3/ddos/zone-template/dns .. raw:: html :ref:`1246_dns_attributes` .. raw:: html
Create List .. raw:: html POST .. raw:: html /axapi/v3/ddos/zone-template/dns .. raw:: html :ref:`1246_dns_attributes` .. raw:: html
Get Object .. raw:: html GET .. raw:: html /axapi/v3/ddos/zone-template/dns/{name} .. raw:: html :ref:`1246_dns_attributes` .. raw:: html
Get List .. raw:: html GET .. raw:: html /axapi/v3/ddos/zone-template/dns .. raw:: html :ref:`1246_dns_list` .. raw:: html
Modify Object .. raw:: html POST .. raw:: html /axapi/v3/ddos/zone-template/dns/{name} .. raw:: html :ref:`1246_dns_attributes` .. raw:: html
Replace Object .. raw:: html PUT .. raw:: html /axapi/v3/ddos/zone-template/dns/{name} .. raw:: html :ref:`1246_dns_attributes` .. raw:: html
Replace List .. raw:: html PUT .. raw:: html /axapi/v3/ddos/zone-template/dns .. raw:: html :ref:`1246_dns_list` .. raw:: html
Delete Object .. raw:: html DELETE .. raw:: html /axapi/v3/ddos/zone-template/dns/{name} .. raw:: html :ref:`1246_dns_attributes` .. raw:: html
.. _1246_dns_list: dns-list -------- dns-list is **JSON List** of :ref:`1246_dns_attributes` dns-list : [ { :ref:`1246_dns_attributes` }, { :ref:`1246_dns_attributes` }, ... ] .. _1246_dns_attributes: dns attributes -------------- **allow-query-class** **Description:** allow-query-class is a **JSON Block**. Please see below for :ref:`1246_allow-query-class` **Type:** Object **allow-record-type** **Description:** allow-record-type is a **JSON Block**. Please see below for :ref:`1246_allow-record-type` **Type:** Object **dns-any-check** **Description** Drop DNS queries of Type ANY **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dns-any-check-action** **Description** 'drop': Drop packets (Default); 'ignore': Take no action; 'blacklist-src': Blacklist-src; 'reset': Reset client connection; **Type:** string **Supported Values:** drop, ignore, blacklist-src, reset **Default:** drop **Mutual Exclusion:** dns-any-check-action and dns-any-check-action-list-name are mutually exclusive **dns-any-check-action-list-name** **Description** Configure action-list to take **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** dns-any-check-action-list-name and dns-any-check-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **dns-udp-authentication** **Description:** dns-udp-authentication is a **JSON Block**. Please see below for :ref:`1246_dns-udp-authentication` **Type:** Object **domain-group-name** **Description** Apply a domain-group to the DNS template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **dst** **Description:** dst is a **JSON Block**. Please see below for :ref:`1246_dst` **Type:** Object **fqdn-label-count-cfg** **Description:** fqdn-label-count-cfg is a **JSON Block**. Please see below for :ref:`1246_fqdn-label-count-cfg` **Type:** Object **fqdn-label-len-cfg** **Type:** List **malformed-query-check** **Description:** malformed-query-check is a **JSON Block**. Please see below for :ref:`1246_malformed-query-check` **Type:** Object **Reference Object:** :doc:`/axapi/v3/ddos/zone-template/dns/{name}/malformed-query-check ` **multi-pu-threshold-distribution** **Description:** multi-pu-threshold-distribution is a **JSON Block**. Please see below for :ref:`1246_multi-pu-threshold-distribution` **Type:** Object **name** **Description** **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **on-no-match** **Description** 'permit': permit; 'deny': deny (default); **Type:** string **Supported Values:** permit, deny **Default:** deny **src** **Description:** src is a **JSON Block**. Please see below for :ref:`1246_src` **Type:** Object **symtimeout-cfg** **Description:** symtimeout-cfg is a **JSON Block**. Please see below for :ref:`1246_symtimeout-cfg` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _1246_src: src ^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **rate-limit** **Description:** rate-limit is a **JSON Block**. Please see below for :ref:`1246_src_rate-limit` **Type:** Object .. _1246_src_rate-limit: src_rate-limit ^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **nxdomain** **Description:** nxdomain is a **JSON Block**. Please see below for :ref:`1246_src_rate-limit_nxdomain` **Type:** Object **request** **Description:** request is a **JSON Block**. Please see below for :ref:`1246_src_rate-limit_request` **Type:** Object .. _1246_src_rate-limit_request: src_rate-limit_request ^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **src-dns-request-rate-limit-action** **Description** 'drop': Drop packets (Default); 'ignore': Take no action; 'blacklist-src': Blacklist-src; 'reset': Reset client connection; **Type:** string **Supported Values:** drop, ignore, blacklist-src, reset **Mutual Exclusion:** src-dns-request-rate-limit-action and src-dns-request-rate-limit-action-list-name are mutually exclusive **src-dns-request-rate-limit-action-list-name** **Description** Configure action-list to take **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** src-dns-request-rate-limit-action-list-name and src-dns-request-rate-limit-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **type** **Description:** type is a **JSON Block**. Please see below for :ref:`1246_src_rate-limit_request_type` **Type:** Object .. _1246_src_rate-limit_request_type: src_rate-limit_request_type ^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **A-cfg** **Description:** A-cfg is a **JSON Block**. Please see below for :ref:`1246_src_rate-limit_request_type_A-cfg` **Type:** Object **AAAA-cfg** **Description:** AAAA-cfg is a **JSON Block**. Please see below for :ref:`1246_src_rate-limit_request_type_AAAA-cfg` **Type:** Object **CNAME-cfg** **Description:** CNAME-cfg is a **JSON Block**. Please see below for :ref:`1246_src_rate-limit_request_type_CNAME-cfg` **Type:** Object **MX-cfg** **Description:** MX-cfg is a **JSON Block**. Please see below for :ref:`1246_src_rate-limit_request_type_MX-cfg` **Type:** Object **NS-cfg** **Description:** NS-cfg is a **JSON Block**. Please see below for :ref:`1246_src_rate-limit_request_type_NS-cfg` **Type:** Object **SRV-cfg** **Description:** SRV-cfg is a **JSON Block**. Please see below for :ref:`1246_src_rate-limit_request_type_SRV-cfg` **Type:** Object **dns-type-cfg** **Type:** List .. _1246_src_rate-limit_request_type_SRV-cfg: src_rate-limit_request_type_SRV-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **SRV** **Description** Service locator **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **src-dns-srv-rate** **Description** DNS request rate **Type:** number **Range:** 1-16000000 .. _1246_src_rate-limit_request_type_CNAME-cfg: src_rate-limit_request_type_CNAME-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **CNAME** **Description** Canonical name record **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **src-dns-cname-rate** **Description** **Type:** number **Range:** 1-16000000 .. _1246_src_rate-limit_request_type_dns-type-cfg: src_rate-limit_request_type_dns-type-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **src-dns-request-type** **Description** Other type value **Type:** number **Range:** 1-65535 **src-dns-request-type-rate** **Description** request rate limit **Type:** number **Range:** 1-16000000 .. _1246_src_rate-limit_request_type_AAAA-cfg: src_rate-limit_request_type_AAAA-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **AAAA** **Description** IPv6 address record **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **src-dns-aaaa-rate** **Description** **Type:** number **Range:** 1-16000000 .. _1246_src_rate-limit_request_type_A-cfg: src_rate-limit_request_type_A-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **A** **Description** Address record **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **src-dns-a-rate** **Description** **Type:** number **Range:** 1-16000000 .. _1246_src_rate-limit_request_type_MX-cfg: src_rate-limit_request_type_MX-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **MX** **Description** Mail exchange record **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **src-dns-mx-rate** **Description** **Type:** number **Range:** 1-16000000 .. _1246_src_rate-limit_request_type_NS-cfg: src_rate-limit_request_type_NS-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **NS** **Description** Name server record **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **src-dns-ns-rate** **Description** **Type:** number **Range:** 1-16000000 .. _1246_src_rate-limit_nxdomain: src_rate-limit_nxdomain ^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **dns-nxdomain-rate** **Description** Limiting rate **Type:** number **Range:** 1-16000000 **dns-nxdomain-rate-limit-action** **Description** 'drop': Drop packets (Default); 'ignore': Take no action; 'blacklist-src': Blacklist-src; 'reset': Reset client connection; **Type:** string **Supported Values:** drop, ignore, blacklist-src, reset **Mutual Exclusion:** dns-nxdomain-rate-limit-action and dns-nxdomain-rate-limit-action-list-name are mutually exclusive **dns-nxdomain-rate-limit-action-list-name** **Description** Configure action-list to take **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** dns-nxdomain-rate-limit-action-list-name and dns-nxdomain-rate-limit-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` .. _1246_fqdn-label-count-cfg: fqdn-label-count-cfg ^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **fqdn-label-count-action** **Description** 'drop': Drop packets (Default); 'ignore': Take no action; 'blacklist-src': Blacklist-src; 'reset': Send reset to client; **Type:** string **Supported Values:** drop, ignore, blacklist-src, reset **Mutual Exclusion:** fqdn-label-count-action and fqdn-label-count-action-list-name are mutually exclusive **fqdn-label-count-action-list-name** **Description** Configure action-list to take **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** fqdn-label-count-action-list-name and fqdn-label-count-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **label-count** **Description** Maximum number of FQDN labels per FQDN **Type:** number **Range:** 1-10 .. _1246_malformed-query-check: malformed-query-check ^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **dns-malformed-query-action** **Description** 'drop': Drop packets (Default); 'ignore': Take no action; 'blacklist-src': Blacklist-src; 'reset': Reset client connection; **Type:** string **Supported Values:** drop, ignore, blacklist-src, reset **Mutual Exclusion:** dns-malformed-query-action and dns-malformed-query-action-list-name are mutually exclusive **dns-malformed-query-action-list-name** **Description** Configure action-list to take **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** dns-malformed-query-action-list-name and dns-malformed-query-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **non-query-opcode-check** **Description** 'disable': When malform check is enabled, TPS always drops DNS query with non query opcode, this option disables this opcode check; **Type:** string **Supported Values:** disable **skip-multi-packet-check** **Description** Bypass DNS fragmented and TCP segmented Queries(Default: dropped) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **validation-type** **Description** 'basic-header-check': Basic header validation for DNS TCP/UDP queries; 'extended-header-check': Extended header/query validation for DNS TCP/UDP queries; 'disable': Disable Malform query validation for DNS TCP/UDP; **Type:** string **Supported Values:** basic-header-check, extended-header-check, disable .. _1246_dst: dst ^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **rate-limit** **Description:** rate-limit is a **JSON Block**. Please see below for :ref:`1246_dst_rate-limit` **Type:** Object .. _1246_dst_rate-limit: dst_rate-limit ^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **domain-group-rate-exceed-action** **Description** 'drop': Drop the query (default); 'tunnel-encap-packet': Encapsulate the query and send on a tunnel; **Type:** string **Supported Values:** drop, tunnel-encap-packet **Default:** drop **domain-group-rate-per-service** **Description** Enable per service domain rate checking **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **encap-template** **Description** DDOS encap template to sepcify the tunnel endpoint **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **fqdn** **Description:** fqdn is a **JSON Block**. Please see below for :ref:`1246_dst_rate-limit_fqdn` **Type:** Object **request** **Description:** request is a **JSON Block**. Please see below for :ref:`1246_dst_rate-limit_request` **Type:** Object .. _1246_dst_rate-limit_request: dst_rate-limit_request ^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **dst-dns-request-rate-limit-action** **Description** 'drop': Drop packets (Default); 'ignore': Take no action; 'reset': Reset client connection; 'blacklist-src': Blacklist-src; **Type:** string **Supported Values:** drop, ignore, reset, blacklist-src **Mutual Exclusion:** dst-dns-request-rate-limit-action and dst-dns-request-rate-limit-action-list-name are mutually exclusive **dst-dns-request-rate-limit-action-list-name** **Description** Configure action-list to take **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** dst-dns-request-rate-limit-action-list-name and dst-dns-request-rate-limit-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **type** **Description:** type is a **JSON Block**. Please see below for :ref:`1246_dst_rate-limit_request_type` **Type:** Object .. _1246_dst_rate-limit_request_type: dst_rate-limit_request_type ^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **A-cfg** **Description:** A-cfg is a **JSON Block**. Please see below for :ref:`1246_dst_rate-limit_request_type_A-cfg` **Type:** Object **AAAA-cfg** **Description:** AAAA-cfg is a **JSON Block**. Please see below for :ref:`1246_dst_rate-limit_request_type_AAAA-cfg` **Type:** Object **CNAME-cfg** **Description:** CNAME-cfg is a **JSON Block**. Please see below for :ref:`1246_dst_rate-limit_request_type_CNAME-cfg` **Type:** Object **MX-cfg** **Description:** MX-cfg is a **JSON Block**. Please see below for :ref:`1246_dst_rate-limit_request_type_MX-cfg` **Type:** Object **NS-cfg** **Description:** NS-cfg is a **JSON Block**. Please see below for :ref:`1246_dst_rate-limit_request_type_NS-cfg` **Type:** Object **SRV-cfg** **Description:** SRV-cfg is a **JSON Block**. Please see below for :ref:`1246_dst_rate-limit_request_type_SRV-cfg` **Type:** Object **dns-type-cfg** **Type:** List .. _1246_dst_rate-limit_request_type_SRV-cfg: dst_rate-limit_request_type_SRV-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **SRV** **Description** Service locator **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dns-srv-rate** **Description** DNS request rate **Type:** number **Range:** 1-16000000 .. _1246_dst_rate-limit_request_type_CNAME-cfg: dst_rate-limit_request_type_CNAME-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **CNAME** **Description** Canonical name record **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dns-cname-rate** **Description** **Type:** number **Range:** 1-16000000 .. _1246_dst_rate-limit_request_type_dns-type-cfg: dst_rate-limit_request_type_dns-type-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **dns-request-type** **Description** Other type value **Type:** number **Range:** 1-65535 **dns-request-type-rate** **Description** request rate limit **Type:** number **Range:** 1-16000000 .. _1246_dst_rate-limit_request_type_AAAA-cfg: dst_rate-limit_request_type_AAAA-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **AAAA** **Description** IPv6 address record **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dns-aaaa-rate** **Description** **Type:** number **Range:** 1-16000000 .. _1246_dst_rate-limit_request_type_A-cfg: dst_rate-limit_request_type_A-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **A** **Description** Address record **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dns-a-rate** **Description** **Type:** number **Range:** 1-16000000 .. _1246_dst_rate-limit_request_type_MX-cfg: dst_rate-limit_request_type_MX-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **MX** **Description** Mail exchange record **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dns-mx-rate** **Description** **Type:** number **Range:** 1-16000000 .. _1246_dst_rate-limit_request_type_NS-cfg: dst_rate-limit_request_type_NS-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **NS** **Description** Name server record **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dns-ns-rate** **Description** **Type:** number **Range:** 1-16000000 .. _1246_dst_rate-limit_fqdn: dst_rate-limit_fqdn ^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **dns-fqdn-rate-cfg** **Type:** List **dns-fqdn-rate-limit-action** **Description** 'drop': Drop packets (Default); 'ignore': Take no action; 'reset': Reset client connection; 'blacklist-src': Blacklist-src; **Type:** string **Supported Values:** drop, ignore, reset, blacklist-src **Mutual Exclusion:** dns-fqdn-rate-limit-action and dns-fqdn-rate-limit-action-list-name are mutually exclusive **dns-fqdn-rate-limit-action-list-name** **Description** Configure action-list to take **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** dns-fqdn-rate-limit-action-list-name and dns-fqdn-rate-limit-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` .. _1246_dst_rate-limit_fqdn_dns-fqdn-rate-cfg: dst_rate-limit_fqdn_dns-fqdn-rate-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **dns-fqdn-rate** **Description** Limiting rate (Range: 5-8000 for FQDN domain based rate limiting, 5-16000000 for FQDN label count based rate limiting) **Type:** number **Range:** 5-16000000 **fqdn-rate-label-count** **Description** FQDN label count (Range: 1-8) **Type:** number **Range:** 1-8 **fqdn-rate-suffix** **Description** Suffix count **Type:** number **Range:** 1-5 **per** **Description** 'domain-name': Domain Name; 'src-ip': Source IP address; 'label-count': FQDN label count; **Type:** string **Supported Values:** domain-name, src-ip, label-count **per-domain-per-src-ip** **Description** Use both Domain Name and Source IP address for rate-limiting **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _1246_allow-record-type: allow-record-type ^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **allow-a-type** **Description** Address record **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **allow-aaaa-type** **Description** IPv6 address record **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **allow-cname-type** **Description** Canonical name record **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **allow-mx-type** **Description** Mail exchange record **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **allow-ns-type** **Description** Name server record **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **allow-record-type-action** **Description** 'drop': Drop packets (Default); 'blacklist-src': Blacklist-src; 'reset': Reset client connection; **Type:** string **Supported Values:** drop, blacklist-src, reset **Mutual Exclusion:** allow-record-type-action and allow-record-type-action-list-name are mutually exclusive **allow-record-type-action-list-name** **Description** Configure action-list to take **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** allow-record-type-action-list-name and allow-record-type-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **allow-srv-type** **Description** Service locator **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **record-num-cfg** **Type:** List .. _1246_allow-record-type_record-num-cfg: allow-record-type_record-num-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **allow-num-type** **Description** Other record type value **Type:** number **Range:** 1-65535 .. _1246_allow-query-class: allow-query-class ^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **allow-any-query-class** **Description** ANY query class **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **allow-chaos-query-class** **Description** CHAOS query class **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **allow-csnet-query-class** **Description** CSNET query class **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **allow-hesiod-query-class** **Description** HESIOD query class **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **allow-internet-query-class** **Description** INTERNET query class **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **allow-none-query-class** **Description** NONE query class **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **allow-query-class-action** **Description** 'drop': Drop packets (Default); 'blacklist-src': Blacklist-src; 'reset': Reset client connection; **Type:** string **Supported Values:** drop, blacklist-src, reset **Mutual Exclusion:** allow-query-class-action and allow-query-class-action-list-name are mutually exclusive **allow-query-class-action-list-name** **Description** Configure action-list to take when query class doesn't match **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** allow-query-class-action-list-name and allow-query-class-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` .. _1246_dns-udp-authentication: dns-udp-authentication ^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **dns-udp-auth-fail-action** **Description** 'drop': Drop packets (Default); 'blacklist-src': Blacklist-src; **Type:** string **Supported Values:** drop, blacklist-src **Mutual Exclusion:** dns-udp-auth-fail-action and dns-udp-auth-fail-action-list-name are mutually exclusive **dns-udp-auth-fail-action-list-name** **Description** Configure action-list to take for failing the authentication. (Applicable to dns-udp retry only) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** dns-udp-auth-fail-action-list-name and dns-udp-auth-fail-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **dns-udp-auth-pass-action** **Description** 'authenticate-src': authenticate-src (Default); **Type:** string **Supported Values:** authenticate-src **Mutual Exclusion:** dns-udp-auth-pass-action and dns-udp-auth-pass-action-list-name are mutually exclusive **dns-udp-auth-pass-action-list-name** **Description** Configure action-list to take for passing the authentication **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** dns-udp-auth-pass-action-list-name and dns-udp-auth-pass-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **force-tcp-cfg** **Description:** force-tcp-cfg is a **JSON Block**. Please see below for :ref:`1246_dns-udp-authentication_force-tcp-cfg` **Type:** Object **min-delay** **Description** Optional minimum delay between DNS retransmits for authentication to pass, unit is specified by min-delay-interval **Type:** number **Range:** 1-80 **Mutual Exclusion:** min-delay and force-tcp are mutually exclusive **min-delay-interval** **Description** '100ms': 100ms; '1sec': 1sec; **Type:** string **Supported Values:** 100ms, 1sec **udp-timeout** **Description** UDP authentication timeout in seconds **Type:** number **Range:** 1-16 **Mutual Exclusion:** udp-timeout and force-tcp are mutually exclusive .. _1246_dns-udp-authentication_force-tcp-cfg: dns-udp-authentication_force-tcp-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **force-tcp** **Description** Force DNS request over TCP **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** force-tcp, udp-timeout, and min-delay are mutually exclusive **force-tcp-ignore-client-source-port** **Description** Allow client to retransmit DNS request using different source port during udp-auth (supported in asymmetric mode only) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **force-tcp-min-delay** **Description** Optional minimum delay (seconds) between DNS retransmits for authentication to pass **Type:** number **Range:** 1-15 **force-tcp-timeout** **Description** UDP authentication timeout in seconds **Type:** number **Range:** 1-16 .. _1246_multi-pu-threshold-distribution: multi-pu-threshold-distribution ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **multi-pu-threshold-distribution-disable** **Description** 'disable': Destination side rate limit only. Default: Enable; **Type:** string **Supported Values:** disable **Mutual Exclusion:** multi-pu-threshold-distribution-disable and multi-pu-threshold-distribution-value are mutually exclusive **multi-pu-threshold-distribution-value** **Description** Destination side rate limit only. Default: 0 **Type:** number **Range:** 1-16000000 **Mutual Exclusion:** multi-pu-threshold-distribution-value and multi-pu-threshold-distribution-disable are mutually exclusive .. _1246_fqdn-label-len-cfg: fqdn-label-len-cfg ^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **fqdn-label-length-action** **Description** 'drop': Drop packets (Default); 'ignore': Take no action; 'blacklist-src': Blacklist-src; 'reset': Reset client connection; **Type:** string **Supported Values:** drop, ignore, blacklist-src, reset **Mutual Exclusion:** fqdn-label-length-action and fqdn-label-length-action-list-name are mutually exclusive **fqdn-label-length-action-list-name** **Description** Configure action-list to take **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** fqdn-label-length-action-list-name and fqdn-label-length-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **fqdn-label-suffix** **Description** Number of suffixes **Type:** number **Range:** 1-5 **label-length** **Description** Maximum length of FQDN label **Type:** number **Range:** 1-63 .. _1246_symtimeout-cfg: symtimeout-cfg ^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **sym-timeout** **Description** Timeout for DNS Symmetric session **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **sym-timeout-value** **Description** Session timeout value in seconds **Type:** number **Range:** 1-31