ddos template dns¶
DNS template Configuration
dns Specification¶
Parameter Value Type Collection Object Key(s) name Collection Name dns-list Collection URI /axapi/v3/ddos/template/dns Element Name dns Element URI /axapi/v3/ddos/template/dns/{name} Element Attributes dns_attributes Partition Visibility shared Schema dns schema
Operations Allowed:
Operation | Method | URI | Payload | |
---|---|---|---|---|
Create Object | POST | /axapi/v3/ddos/template/dns | ||
Create List | POST | /axapi/v3/ddos/template/dns | ||
Get Object | GET | /axapi/v3/ddos/template/dns/{name} | ||
Get List | GET | /axapi/v3/ddos/template/dns | ||
Modify Object | POST | /axapi/v3/ddos/template/dns/{name} | ||
Replace Object | PUT | /axapi/v3/ddos/template/dns/{name} | ||
Replace List | PUT | /axapi/v3/ddos/template/dns | ||
Delete Object | DELETE | /axapi/v3/ddos/template/dns/{name} | ||
dns-list¶
dns-list is JSON List of dns attributes
dns-list : [
]
dns attributes¶
action
Description ‘drop’: Drop packets (Default action); ‘reset’: Send Client RST for TCP connections;
Type: string
Supported Values: drop, reset
Default: drop
allow-query-class
Description: allow-query-class is a JSON Block. Please see below for allow-query-class
Type: Object
allow-record-type
Description: allow-record-type is a JSON Block. Please see below for allow-record-type
Type: Object
dns-any-check
Description Drop DNS queries of Type ANY
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dns-auth-cfg
Description: dns-auth-cfg is a JSON Block. Please see below for dns-auth-cfg
Type: Object
dns-request-rate-limit
Description: dns-request-rate-limit is a JSON Block. Please see below for dns-request-rate-limit
Type: Object
domain-group-name
Description Apply a domain-group to the DNS template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
domain-group-rate-exceed-action
Description ‘drop’: Drop the query (default); ‘tunnel-encap-packet’: Encapsulate the query and send on a tunnel;
Type: string
Supported Values: drop, tunnel-encap-packet
Default: drop
domain-group-rate-per-service
Description Enable per service domain rate checking
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
encap-template
Description DDOS encap template to sepcify the tunnel endpoint
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
fqdn-cfg
Type: Listfqdn-label-count
Description Maximum number of length of FQDN labels
Type: number
Range: 1-10
fqdn-label-len-cfg
Type: Listmalformed-query-check
Description: malformed-query-check is a JSON Block. Please see below for malformed-query-check
Type: Object
Reference Object: /axapi/v3/ddos/template/dns/{name}/malformed-query-check
multi-pu-threshold-distribution
Description: multi-pu-threshold-distribution is a JSON Block. Please see below for multi-pu-threshold-distribution
Type: Object
name
Description
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
nxdomain-cfg
Description: nxdomain-cfg is a JSON Block. Please see below for nxdomain-cfg
Type: Object
on-no-match
Description ‘permit’: permit; ‘deny’: deny (default);
Type: string
Supported Values: permit, deny
Default: deny
query-rate-threshold-for-cache-serving
Description This is for DNS cache mode only, it sets a DNS query rate threshold such that queries under the rate threshold would be forward
Type: number
Range: 1-16000000
symtimeout-cfg
Description: symtimeout-cfg is a JSON Block. Please see below for symtimeout-cfg
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
dns-request-rate-limit¶
Specification Value Type object type
Description: type is a JSON Block. Please see below for dns-request-rate-limit_type
Type: Object
dns-request-rate-limit_type¶
Specification Value Type object A-cfg
Description: A-cfg is a JSON Block. Please see below for dns-request-rate-limit_type_A-cfg
Type: Object
AAAA-cfg
Description: AAAA-cfg is a JSON Block. Please see below for dns-request-rate-limit_type_AAAA-cfg
Type: Object
CNAME-cfg
Description: CNAME-cfg is a JSON Block. Please see below for dns-request-rate-limit_type_CNAME-cfg
Type: Object
MX-cfg
Description: MX-cfg is a JSON Block. Please see below for dns-request-rate-limit_type_MX-cfg
Type: Object
NS-cfg
Description: NS-cfg is a JSON Block. Please see below for dns-request-rate-limit_type_NS-cfg
Type: Object
SRV-cfg
Description: SRV-cfg is a JSON Block. Please see below for dns-request-rate-limit_type_SRV-cfg
Type: Object
dns-type-cfg
Type: List
dns-request-rate-limit_type_SRV-cfg¶
Specification Value Type object SRV
Description Service locator
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dns-srv-rate
Description DNS request rate
Type: number
Range: 1-16000000
dns-request-rate-limit_type_CNAME-cfg¶
Specification Value Type object CNAME
Description Canonical name record
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dns-cname-rate
Description
Type: number
Range: 1-16000000
dns-request-rate-limit_type_dns-type-cfg¶
Specification Value Type list Block object keys dns-request-type
Description Other type value
Type: number
Range: 1-65535
dns-request-type-rate
Description request rate limit
Type: number
Range: 1-16000000
dns-request-rate-limit_type_AAAA-cfg¶
Specification Value Type object AAAA
Description IPv6 address record
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dns-aaaa-rate
Description
Type: number
Range: 1-16000000
dns-request-rate-limit_type_A-cfg¶
Specification Value Type object A
Description Address record
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dns-a-rate
Description
Type: number
Range: 1-16000000
dns-request-rate-limit_type_MX-cfg¶
Specification Value Type object MX
Description Mail exchange record
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dns-mx-rate
Description
Type: number
Range: 1-16000000
dns-request-rate-limit_type_NS-cfg¶
Specification Value Type object NS
Description Name server record
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dns-ns-rate
Description
Type: number
Range: 1-16000000
multi-pu-threshold-distribution¶
Specification Value Type object multi-pu-threshold-distribution-disable
Description ‘disable’: Destination side rate limit only. Default: Enable;
Type: string
Supported Values: disable
Mutual Exclusion: multi-pu-threshold-distribution-disable and multi-pu-threshold-distribution-value are mutually exclusive
multi-pu-threshold-distribution-value
Description Destination side rate limit only. Default: 0
Type: number
Range: 1-16000000
Mutual Exclusion: multi-pu-threshold-distribution-value and multi-pu-threshold-distribution-disable are mutually exclusive
nxdomain-cfg¶
Specification Value Type object dns-nxdomain-rate
Description Limiting rate
Type: number
Range: 1-16000000
dns-nxdomain-rate-limit
Description DNS NXDOMAIN Rate Limiting (SRC support only)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dns-nxdomain-rate-limit-action
Description ‘drop’: Drop queries if rate is exceeded; ‘black-list’: Black-List source if rate is exceeded;
Type: string
Supported Values: drop, black-list
fqdn-cfg¶
Specification Value Type list Block object keys by
Description ‘domain-name’: Domain Name; ‘src-ip’: Source IP address; ‘both’: Use both Domain Name and Source IP address for rate-limiting;
Type: string
Supported Values: domain-name, src-ip, both
Mutual Exclusion: by and per are mutually exclusive
dns-fqdn-rate
Description Limiting rate (Range: 5-8000 for FQDN domain based rate limiting, 5-16000000 for FQDN label count based rate limiting)
Type: number
Range: 5-16000000
dns-fqdn-rate-limit
Description DNS Rate limiting on the basis of FQDN
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
fqdn-rate-label-count
Description FQDN label count (Range: 1-8)
Type: number
Range: 1-8
fqdn-rate-suffix
Description Suffix count
Type: number
Range: 1-5
fqdn-rate-suffix-by
Description Number of suffixes
Type: number
Range: 1-5
per
Description ‘domain-name’: Domain Name; ‘src-ip’: Source IP address; ‘label-count’: FQDN label count;
Type: string
Supported Values: domain-name, src-ip, label-count
Mutual Exclusion: per and by are mutually exclusive
per-domain-per-src-ip
Description Use both Domain Name and Source IP address for rate-limiting
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dns-auth-cfg¶
Specification Value Type object dns-auth
Description DNS authentication
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dns-auth-type
Description ‘udp’: Drop DNS request and monitor client retry; ‘force-tcp’: Force DNS request over TCP;
Type: string
Supported Values: udp, force-tcp
force-tcp-ignore-client-source-port
Description Allow client to retransmit DNS request using different source port during udp-auth (supported in asymmetric mode only)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
force-tcp-min-retry-gap
Description Minimum sec gap in between 2 dns-udp packets for auth to pass
Type: number
Range: 1-15
force-tcp-timeout
Description TCP authentication timeout in seconds
Type: number
Range: 1-16
min-retry-gap
Description Optional minimum sec gap in between 2 dns-udp packets for auth to pass, unit is specified by min-retry-gap-interval
Type: number
Range: 1-80
min-retry-gap-interval
Description ‘100ms’: 100ms; ‘1sec’: 1sec;
Type: string
Supported Values: 100ms, 1sec
Default: 1sec
udp-timeout
Description UDP authentication timeout in seconds
Type: number
Range: 1-16
udp-timeout-val-only
Description UDP authentication timeout in seconds
Type: number
Range: 1-16
with-udp-auth
Description Monitor client retry
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
symtimeout-cfg¶
Specification Value Type object sym-timeout
Description Timeout for DNS Symmetric session
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
sym-timeout-value
Description Session timeout value in seconds
Type: number
Range: 1-31
allow-query-class¶
Specification Value Type object allow-any-query-class
Description ANY query class
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
allow-chaos-query-class
Description CHAOS query class
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
allow-csnet-query-class
Description CSNET query class
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
allow-hesiod-query-class
Description HESIOD query class
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
allow-internet-query-class
Description INTERNET query class
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
allow-none-query-class
Description NONE query class
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
fqdn-label-len-cfg¶
Specification Value Type list Block object keys fqdn-label-length
Description Maximum FQDN label length
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
fqdn-label-suffix
Description Number of suffixes
Type: number
Range: 1-5
label-length
Description Maximum length of FQDN label
Type: number
Range: 1-63
allow-record-type¶
Specification Value Type object allow-a-type
Description Address record
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
allow-aaaa-type
Description IPv6 address record
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
allow-cname-type
Description Canonical name record
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
allow-mx-type
Description Mail exchange record
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
allow-ns-type
Description Name server record
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
allow-srv-type
Description Service locator
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
record-num-cfg
Type: List
allow-record-type_record-num-cfg¶
Specification Value Type list Block object keys allow-num-type
Description Other record type value
Type: number
Range: 1-65535
malformed-query-check¶
Specification Value Type object non-query-opcode-check
Description ‘disable’: When malform check is enabled, TPS always drops DNS query with non query opcode, this option disables this opcode check;
Type: string
Supported Values: disable
skip-multi-packet-check
Description Bypass DNS fragmented and TCP segmented Queries(Default: dropped)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
validation-type
Description ‘basic-header-check’: Basic header validation for DNS TCP/UDP queries; ‘extended-header-check’: Extended header/query validation for DNS TCP/UDP queries; ‘disable’: Disable Malform query validation for DNS TCP/UDP;
Type: string
Supported Values: basic-header-check, extended-header-check, disable