ddos template dns

DNS template Configuration

dns Specification

Parameter Value
Type Collection
Object Key(s) name
Collection Name dns-list
Collection URI /axapi/v3/ddos/template/dns
Element Name dns
Element URI /axapi/v3/ddos/template/dns/{name}
Element Attributes dns_attributes
Partition Visibility shared
Schema dns schema

Operations Allowed:

OperationMethodURIPayload

Create Object

POST

/axapi/v3/ddos/template/dns

dns attributes

Create List

POST

/axapi/v3/ddos/template/dns

dns attributes

Get Object

GET

/axapi/v3/ddos/template/dns/{name}

dns attributes

Get List

GET

/axapi/v3/ddos/template/dns

dns-list

Modify Object

POST

/axapi/v3/ddos/template/dns/{name}

dns attributes

Replace Object

PUT

/axapi/v3/ddos/template/dns/{name}

dns attributes

Replace List

PUT

/axapi/v3/ddos/template/dns

dns-list

Delete Object

DELETE

/axapi/v3/ddos/template/dns/{name}

dns attributes

dns-list

dns-list is JSON List of dns attributes

dns-list : [

]

dns attributes

action

Description ‘drop’: Drop packets (Default action); ‘reset’: Send Client RST for TCP connections;

Type: string

Supported Values: drop, reset

Default: drop

allow-query-class

Description: allow-query-class is a JSON Block. Please see below for allow-query-class

Type: Object

allow-record-type

Description: allow-record-type is a JSON Block. Please see below for allow-record-type

Type: Object

dns-any-check

Description Drop DNS queries of Type ANY

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

dns-auth-cfg

Description: dns-auth-cfg is a JSON Block. Please see below for dns-auth-cfg

Type: Object

dns-request-rate-limit

Description: dns-request-rate-limit is a JSON Block. Please see below for dns-request-rate-limit

Type: Object

domain-group-name

Description Apply a domain-group to the DNS template

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

domain-group-rate-exceed-action

Description ‘drop’: Drop the query (default); ‘tunnel-encap-packet’: Encapsulate the query and send on a tunnel;

Type: string

Supported Values: drop, tunnel-encap-packet

Default: drop

domain-group-rate-per-service

Description Enable per service domain rate checking

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

encap-template

Description DDOS encap template to sepcify the tunnel endpoint

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

fqdn-cfg

Type: List

fqdn-label-count

Description Maximum number of length of FQDN labels

Type: number

Range: 1-10

fqdn-label-len-cfg

Type: List

malformed-query-check

Description: malformed-query-check is a JSON Block. Please see below for malformed-query-check

Type: Object

Reference Object: /axapi/v3/ddos/template/dns/{name}/malformed-query-check

multi-pu-threshold-distribution

Description: multi-pu-threshold-distribution is a JSON Block. Please see below for multi-pu-threshold-distribution

Type: Object

name

Description

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

nxdomain-cfg

Description: nxdomain-cfg is a JSON Block. Please see below for nxdomain-cfg

Type: Object

on-no-match

Description ‘permit’: permit; ‘deny’: deny (default);

Type: string

Supported Values: permit, deny

Default: deny

query-rate-threshold-for-cache-serving

Description This is for DNS cache mode only, it sets a DNS query rate threshold such that queries under the rate threshold would be forward

Type: number

Range: 1-16000000

symtimeout-cfg

Description: symtimeout-cfg is a JSON Block. Please see below for symtimeout-cfg

Type: Object

user-tag

Description Customized tag

Type: string

Format: string-rlx

Maximum Length: 127 characters

Maximum Length: 1 characters

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

dns-request-rate-limit

Specification Value
Type object

type

Description: type is a JSON Block. Please see below for dns-request-rate-limit_type

Type: Object

dns-request-rate-limit_type

Specification Value
Type object

A-cfg

Description: A-cfg is a JSON Block. Please see below for dns-request-rate-limit_type_A-cfg

Type: Object

AAAA-cfg

Description: AAAA-cfg is a JSON Block. Please see below for dns-request-rate-limit_type_AAAA-cfg

Type: Object

CNAME-cfg

Description: CNAME-cfg is a JSON Block. Please see below for dns-request-rate-limit_type_CNAME-cfg

Type: Object

MX-cfg

Description: MX-cfg is a JSON Block. Please see below for dns-request-rate-limit_type_MX-cfg

Type: Object

NS-cfg

Description: NS-cfg is a JSON Block. Please see below for dns-request-rate-limit_type_NS-cfg

Type: Object

SRV-cfg

Description: SRV-cfg is a JSON Block. Please see below for dns-request-rate-limit_type_SRV-cfg

Type: Object

dns-type-cfg

Type: List

dns-request-rate-limit_type_SRV-cfg

Specification Value
Type object

SRV

Description Service locator

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

dns-srv-rate

Description DNS request rate

Type: number

Range: 1-16000000

dns-request-rate-limit_type_CNAME-cfg

Specification Value
Type object

CNAME

Description Canonical name record

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

dns-cname-rate

Description

Type: number

Range: 1-16000000

dns-request-rate-limit_type_dns-type-cfg

Specification Value
Type list
Block object keys  

dns-request-type

Description Other type value

Type: number

Range: 1-65535

dns-request-type-rate

Description request rate limit

Type: number

Range: 1-16000000

dns-request-rate-limit_type_AAAA-cfg

Specification Value
Type object

AAAA

Description IPv6 address record

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

dns-aaaa-rate

Description

Type: number

Range: 1-16000000

dns-request-rate-limit_type_A-cfg

Specification Value
Type object

A

Description Address record

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

dns-a-rate

Description

Type: number

Range: 1-16000000

dns-request-rate-limit_type_MX-cfg

Specification Value
Type object

MX

Description Mail exchange record

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

dns-mx-rate

Description

Type: number

Range: 1-16000000

dns-request-rate-limit_type_NS-cfg

Specification Value
Type object

NS

Description Name server record

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

dns-ns-rate

Description

Type: number

Range: 1-16000000

multi-pu-threshold-distribution

Specification Value
Type object

multi-pu-threshold-distribution-disable

Description ‘disable’: Destination side rate limit only. Default: Enable;

Type: string

Supported Values: disable

Mutual Exclusion: multi-pu-threshold-distribution-disable and multi-pu-threshold-distribution-value are mutually exclusive

multi-pu-threshold-distribution-value

Description Destination side rate limit only. Default: 0

Type: number

Range: 1-16000000

Mutual Exclusion: multi-pu-threshold-distribution-value and multi-pu-threshold-distribution-disable are mutually exclusive

nxdomain-cfg

Specification Value
Type object

dns-nxdomain-rate

Description Limiting rate

Type: number

Range: 1-16000000

dns-nxdomain-rate-limit

Description DNS NXDOMAIN Rate Limiting (SRC support only)

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

dns-nxdomain-rate-limit-action

Description ‘drop’: Drop queries if rate is exceeded; ‘black-list’: Black-List source if rate is exceeded;

Type: string

Supported Values: drop, black-list

fqdn-cfg

Specification Value
Type list
Block object keys  

by

Description ‘domain-name’: Domain Name; ‘src-ip’: Source IP address; ‘both’: Use both Domain Name and Source IP address for rate-limiting;

Type: string

Supported Values: domain-name, src-ip, both

Mutual Exclusion: by and per are mutually exclusive

dns-fqdn-rate

Description Limiting rate (Range: 5-8000 for FQDN domain based rate limiting, 5-16000000 for FQDN label count based rate limiting)

Type: number

Range: 5-16000000

dns-fqdn-rate-limit

Description DNS Rate limiting on the basis of FQDN

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

fqdn-rate-label-count

Description FQDN label count (Range: 1-8)

Type: number

Range: 1-8

fqdn-rate-suffix

Description Suffix count

Type: number

Range: 1-5

fqdn-rate-suffix-by

Description Number of suffixes

Type: number

Range: 1-5

per

Description ‘domain-name’: Domain Name; ‘src-ip’: Source IP address; ‘label-count’: FQDN label count;

Type: string

Supported Values: domain-name, src-ip, label-count

Mutual Exclusion: per and by are mutually exclusive

per-domain-per-src-ip

Description Use both Domain Name and Source IP address for rate-limiting

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

dns-auth-cfg

Specification Value
Type object

dns-auth

Description DNS authentication

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

dns-auth-type

Description ‘udp’: Drop DNS request and monitor client retry; ‘force-tcp’: Force DNS request over TCP;

Type: string

Supported Values: udp, force-tcp

force-tcp-ignore-client-source-port

Description Allow client to retransmit DNS request using different source port during udp-auth (supported in asymmetric mode only)

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

force-tcp-min-retry-gap

Description Minimum sec gap in between 2 dns-udp packets for auth to pass

Type: number

Range: 1-15

force-tcp-timeout

Description TCP authentication timeout in seconds

Type: number

Range: 1-16

min-retry-gap

Description Optional minimum sec gap in between 2 dns-udp packets for auth to pass, unit is specified by min-retry-gap-interval

Type: number

Range: 1-80

min-retry-gap-interval

Description ‘100ms’: 100ms; ‘1sec’: 1sec;

Type: string

Supported Values: 100ms, 1sec

Default: 1sec

udp-timeout

Description UDP authentication timeout in seconds

Type: number

Range: 1-16

udp-timeout-val-only

Description UDP authentication timeout in seconds

Type: number

Range: 1-16

with-udp-auth

Description Monitor client retry

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

symtimeout-cfg

Specification Value
Type object

sym-timeout

Description Timeout for DNS Symmetric session

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

sym-timeout-value

Description Session timeout value in seconds

Type: number

Range: 1-31

allow-query-class

Specification Value
Type object

allow-any-query-class

Description ANY query class

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

allow-chaos-query-class

Description CHAOS query class

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

allow-csnet-query-class

Description CSNET query class

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

allow-hesiod-query-class

Description HESIOD query class

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

allow-internet-query-class

Description INTERNET query class

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

allow-none-query-class

Description NONE query class

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

fqdn-label-len-cfg

Specification Value
Type list
Block object keys  

fqdn-label-length

Description Maximum FQDN label length

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

fqdn-label-suffix

Description Number of suffixes

Type: number

Range: 1-5

label-length

Description Maximum length of FQDN label

Type: number

Range: 1-63

allow-record-type

Specification Value
Type object

allow-a-type

Description Address record

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

allow-aaaa-type

Description IPv6 address record

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

allow-cname-type

Description Canonical name record

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

allow-mx-type

Description Mail exchange record

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

allow-ns-type

Description Name server record

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

allow-srv-type

Description Service locator

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

record-num-cfg

Type: List

allow-record-type_record-num-cfg

Specification Value
Type list
Block object keys  

allow-num-type

Description Other record type value

Type: number

Range: 1-65535

malformed-query-check

Specification Value
Type object

non-query-opcode-check

Description ‘disable’: When malform check is enabled, TPS always drops DNS query with non query opcode, this option disables this opcode check;

Type: string

Supported Values: disable

skip-multi-packet-check

Description Bypass DNS fragmented and TCP segmented Queries(Default: dropped)

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

validation-type

Description ‘basic-header-check’: Basic header validation for DNS TCP/UDP queries; ‘extended-header-check’: Extended header/query validation for DNS TCP/UDP queries; ‘disable’: Disable Malform query validation for DNS TCP/UDP;

Type: string

Supported Values: basic-header-check, extended-header-check, disable