ddos zone-template dns¶
DNS template Configuration
dns Specification¶
Parameter Value Type Collection Object Key(s) name Collection Name dns-list Collection URI /axapi/v3/ddos/zone-template/dns Element Name dns Element URI /axapi/v3/ddos/zone-template/dns/{name} Element Attributes dns_attributes Partition Visibility shared Schema dns schema
Operations Allowed:
Operation | Method | URI | Payload | |
---|---|---|---|---|
Create Object | POST | /axapi/v3/ddos/zone-template/dns | ||
Create List | POST | /axapi/v3/ddos/zone-template/dns | ||
Get Object | GET | /axapi/v3/ddos/zone-template/dns/{name} | ||
Get List | GET | /axapi/v3/ddos/zone-template/dns | ||
Modify Object | POST | /axapi/v3/ddos/zone-template/dns/{name} | ||
Replace Object | PUT | /axapi/v3/ddos/zone-template/dns/{name} | ||
Replace List | PUT | /axapi/v3/ddos/zone-template/dns | ||
Delete Object | DELETE | /axapi/v3/ddos/zone-template/dns/{name} | ||
dns-list¶
dns-list is JSON List of dns attributes
dns-list : [
]
dns attributes¶
allow-query-class
Description: allow-query-class is a JSON Block. Please see below for allow-query-class
Type: Object
allow-record-type
Description: allow-record-type is a JSON Block. Please see below for allow-record-type
Type: Object
dns-any-check
Description Drop DNS queries of Type ANY
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dns-any-check-action
Description ‘drop’: Drop packets (Default); ‘ignore’: Take no action; ‘blacklist-src’: Blacklist-src; ‘reset’: Reset client connection;
Type: string
Supported Values: drop, ignore, blacklist-src, reset
Default: drop
Mutual Exclusion: dns-any-check-action and dns-any-check-action-list-name are mutually exclusive
dns-any-check-action-list-name
Description Configure action-list to take
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: dns-any-check-action-list-name and dns-any-check-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
dns-udp-authentication
Description: dns-udp-authentication is a JSON Block. Please see below for dns-udp-authentication
Type: Object
domain-group-name
Description Apply a domain-group to the DNS template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
dst
Description: dst is a JSON Block. Please see below for dst
Type: Object
fqdn-label-count-cfg
Description: fqdn-label-count-cfg is a JSON Block. Please see below for fqdn-label-count-cfg
Type: Object
fqdn-label-len-cfg
Type: Listmalformed-query-check
Description: malformed-query-check is a JSON Block. Please see below for malformed-query-check
Type: Object
Reference Object: /axapi/v3/ddos/zone-template/dns/{name}/malformed-query-check
multi-pu-threshold-distribution
Description: multi-pu-threshold-distribution is a JSON Block. Please see below for multi-pu-threshold-distribution
Type: Object
name
Description
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
on-no-match
Description ‘permit’: permit; ‘deny’: deny (default);
Type: string
Supported Values: permit, deny
Default: deny
src
Description: src is a JSON Block. Please see below for src
Type: Object
symtimeout-cfg
Description: symtimeout-cfg is a JSON Block. Please see below for symtimeout-cfg
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
src¶
Specification Value Type object rate-limit
Description: rate-limit is a JSON Block. Please see below for src_rate-limit
Type: Object
src_rate-limit¶
Specification Value Type object nxdomain
Description: nxdomain is a JSON Block. Please see below for src_rate-limit_nxdomain
Type: Object
request
Description: request is a JSON Block. Please see below for src_rate-limit_request
Type: Object
src_rate-limit_request¶
Specification Value Type object src-dns-request-rate-limit-action
Description ‘drop’: Drop packets (Default); ‘ignore’: Take no action; ‘blacklist-src’: Blacklist-src; ‘reset’: Reset client connection;
Type: string
Supported Values: drop, ignore, blacklist-src, reset
Mutual Exclusion: src-dns-request-rate-limit-action and src-dns-request-rate-limit-action-list-name are mutually exclusive
src-dns-request-rate-limit-action-list-name
Description Configure action-list to take
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: src-dns-request-rate-limit-action-list-name and src-dns-request-rate-limit-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
type
Description: type is a JSON Block. Please see below for src_rate-limit_request_type
Type: Object
src_rate-limit_request_type¶
Specification Value Type object A-cfg
Description: A-cfg is a JSON Block. Please see below for src_rate-limit_request_type_A-cfg
Type: Object
AAAA-cfg
Description: AAAA-cfg is a JSON Block. Please see below for src_rate-limit_request_type_AAAA-cfg
Type: Object
CNAME-cfg
Description: CNAME-cfg is a JSON Block. Please see below for src_rate-limit_request_type_CNAME-cfg
Type: Object
MX-cfg
Description: MX-cfg is a JSON Block. Please see below for src_rate-limit_request_type_MX-cfg
Type: Object
NS-cfg
Description: NS-cfg is a JSON Block. Please see below for src_rate-limit_request_type_NS-cfg
Type: Object
SRV-cfg
Description: SRV-cfg is a JSON Block. Please see below for src_rate-limit_request_type_SRV-cfg
Type: Object
dns-type-cfg
Type: List
src_rate-limit_request_type_SRV-cfg¶
Specification Value Type object SRV
Description Service locator
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
src-dns-srv-rate
Description DNS request rate
Type: number
Range: 1-16000000
src_rate-limit_request_type_CNAME-cfg¶
Specification Value Type object CNAME
Description Canonical name record
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
src-dns-cname-rate
Description
Type: number
Range: 1-16000000
src_rate-limit_request_type_dns-type-cfg¶
Specification Value Type list Block object keys src-dns-request-type
Description Other type value
Type: number
Range: 1-65535
src-dns-request-type-rate
Description request rate limit
Type: number
Range: 1-16000000
src_rate-limit_request_type_AAAA-cfg¶
Specification Value Type object AAAA
Description IPv6 address record
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
src-dns-aaaa-rate
Description
Type: number
Range: 1-16000000
src_rate-limit_request_type_A-cfg¶
Specification Value Type object A
Description Address record
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
src-dns-a-rate
Description
Type: number
Range: 1-16000000
src_rate-limit_request_type_MX-cfg¶
Specification Value Type object MX
Description Mail exchange record
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
src-dns-mx-rate
Description
Type: number
Range: 1-16000000
src_rate-limit_request_type_NS-cfg¶
Specification Value Type object NS
Description Name server record
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
src-dns-ns-rate
Description
Type: number
Range: 1-16000000
src_rate-limit_nxdomain¶
Specification Value Type object dns-nxdomain-rate
Description Limiting rate
Type: number
Range: 1-16000000
dns-nxdomain-rate-limit-action
Description ‘drop’: Drop packets (Default); ‘ignore’: Take no action; ‘blacklist-src’: Blacklist-src; ‘reset’: Reset client connection;
Type: string
Supported Values: drop, ignore, blacklist-src, reset
Mutual Exclusion: dns-nxdomain-rate-limit-action and dns-nxdomain-rate-limit-action-list-name are mutually exclusive
dns-nxdomain-rate-limit-action-list-name
Description Configure action-list to take
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: dns-nxdomain-rate-limit-action-list-name and dns-nxdomain-rate-limit-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
fqdn-label-count-cfg¶
Specification Value Type object fqdn-label-count-action
Description ‘drop’: Drop packets (Default); ‘ignore’: Take no action; ‘blacklist-src’: Blacklist-src; ‘reset’: Send reset to client;
Type: string
Supported Values: drop, ignore, blacklist-src, reset
Mutual Exclusion: fqdn-label-count-action and fqdn-label-count-action-list-name are mutually exclusive
fqdn-label-count-action-list-name
Description Configure action-list to take
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: fqdn-label-count-action-list-name and fqdn-label-count-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
label-count
Description Maximum number of FQDN labels per FQDN
Type: number
Range: 1-10
malformed-query-check¶
Specification Value Type object dns-malformed-query-action
Description ‘drop’: Drop packets (Default); ‘ignore’: Take no action; ‘blacklist-src’: Blacklist-src; ‘reset’: Reset client connection;
Type: string
Supported Values: drop, ignore, blacklist-src, reset
Mutual Exclusion: dns-malformed-query-action and dns-malformed-query-action-list-name are mutually exclusive
dns-malformed-query-action-list-name
Description Configure action-list to take
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: dns-malformed-query-action-list-name and dns-malformed-query-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
non-query-opcode-check
Description ‘disable’: When malform check is enabled, TPS always drops DNS query with non query opcode, this option disables this opcode check;
Type: string
Supported Values: disable
skip-multi-packet-check
Description Bypass DNS fragmented and TCP segmented Queries(Default: dropped)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
validation-type
Description ‘basic-header-check’: Basic header validation for DNS TCP/UDP queries; ‘extended-header-check’: Extended header/query validation for DNS TCP/UDP queries; ‘disable’: Disable Malform query validation for DNS TCP/UDP;
Type: string
Supported Values: basic-header-check, extended-header-check, disable
dst¶
Specification Value Type object rate-limit
Description: rate-limit is a JSON Block. Please see below for dst_rate-limit
Type: Object
dst_rate-limit¶
Specification Value Type object domain-group-rate-exceed-action
Description ‘drop’: Drop the query (default); ‘tunnel-encap-packet’: Encapsulate the query and send on a tunnel;
Type: string
Supported Values: drop, tunnel-encap-packet
Default: drop
domain-group-rate-per-service
Description Enable per service domain rate checking
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
encap-template
Description DDOS encap template to sepcify the tunnel endpoint
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
fqdn
Description: fqdn is a JSON Block. Please see below for dst_rate-limit_fqdn
Type: Object
request
Description: request is a JSON Block. Please see below for dst_rate-limit_request
Type: Object
dst_rate-limit_request¶
Specification Value Type object dst-dns-request-rate-limit-action
Description ‘drop’: Drop packets (Default); ‘ignore’: Take no action; ‘reset’: Reset client connection; ‘blacklist-src’: Blacklist-src;
Type: string
Supported Values: drop, ignore, reset, blacklist-src
Mutual Exclusion: dst-dns-request-rate-limit-action and dst-dns-request-rate-limit-action-list-name are mutually exclusive
dst-dns-request-rate-limit-action-list-name
Description Configure action-list to take
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: dst-dns-request-rate-limit-action-list-name and dst-dns-request-rate-limit-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
type
Description: type is a JSON Block. Please see below for dst_rate-limit_request_type
Type: Object
dst_rate-limit_request_type¶
Specification Value Type object A-cfg
Description: A-cfg is a JSON Block. Please see below for dst_rate-limit_request_type_A-cfg
Type: Object
AAAA-cfg
Description: AAAA-cfg is a JSON Block. Please see below for dst_rate-limit_request_type_AAAA-cfg
Type: Object
CNAME-cfg
Description: CNAME-cfg is a JSON Block. Please see below for dst_rate-limit_request_type_CNAME-cfg
Type: Object
MX-cfg
Description: MX-cfg is a JSON Block. Please see below for dst_rate-limit_request_type_MX-cfg
Type: Object
NS-cfg
Description: NS-cfg is a JSON Block. Please see below for dst_rate-limit_request_type_NS-cfg
Type: Object
SRV-cfg
Description: SRV-cfg is a JSON Block. Please see below for dst_rate-limit_request_type_SRV-cfg
Type: Object
dns-type-cfg
Type: List
dst_rate-limit_request_type_SRV-cfg¶
Specification Value Type object SRV
Description Service locator
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dns-srv-rate
Description DNS request rate
Type: number
Range: 1-16000000
dst_rate-limit_request_type_CNAME-cfg¶
Specification Value Type object CNAME
Description Canonical name record
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dns-cname-rate
Description
Type: number
Range: 1-16000000
dst_rate-limit_request_type_dns-type-cfg¶
Specification Value Type list Block object keys dns-request-type
Description Other type value
Type: number
Range: 1-65535
dns-request-type-rate
Description request rate limit
Type: number
Range: 1-16000000
dst_rate-limit_request_type_AAAA-cfg¶
Specification Value Type object AAAA
Description IPv6 address record
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dns-aaaa-rate
Description
Type: number
Range: 1-16000000
dst_rate-limit_request_type_A-cfg¶
Specification Value Type object A
Description Address record
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dns-a-rate
Description
Type: number
Range: 1-16000000
dst_rate-limit_request_type_MX-cfg¶
Specification Value Type object MX
Description Mail exchange record
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dns-mx-rate
Description
Type: number
Range: 1-16000000
dst_rate-limit_request_type_NS-cfg¶
Specification Value Type object NS
Description Name server record
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
dns-ns-rate
Description
Type: number
Range: 1-16000000
dst_rate-limit_fqdn¶
Specification Value Type object dns-fqdn-rate-cfg
Type: Listdns-fqdn-rate-limit-action
Description ‘drop’: Drop packets (Default); ‘ignore’: Take no action; ‘reset’: Reset client connection; ‘blacklist-src’: Blacklist-src;
Type: string
Supported Values: drop, ignore, reset, blacklist-src
Mutual Exclusion: dns-fqdn-rate-limit-action and dns-fqdn-rate-limit-action-list-name are mutually exclusive
dns-fqdn-rate-limit-action-list-name
Description Configure action-list to take
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: dns-fqdn-rate-limit-action-list-name and dns-fqdn-rate-limit-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
dst_rate-limit_fqdn_dns-fqdn-rate-cfg¶
Specification Value Type list Block object keys dns-fqdn-rate
Description Limiting rate (Range: 5-8000 for FQDN domain based rate limiting, 5-16000000 for FQDN label count based rate limiting)
Type: number
Range: 5-16000000
fqdn-rate-label-count
Description FQDN label count (Range: 1-8)
Type: number
Range: 1-8
fqdn-rate-suffix
Description Suffix count
Type: number
Range: 1-5
per
Description ‘domain-name’: Domain Name; ‘src-ip’: Source IP address; ‘label-count’: FQDN label count;
Type: string
Supported Values: domain-name, src-ip, label-count
per-domain-per-src-ip
Description Use both Domain Name and Source IP address for rate-limiting
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
allow-record-type¶
Specification Value Type object allow-a-type
Description Address record
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
allow-aaaa-type
Description IPv6 address record
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
allow-cname-type
Description Canonical name record
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
allow-mx-type
Description Mail exchange record
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
allow-ns-type
Description Name server record
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
allow-record-type-action
Description ‘drop’: Drop packets (Default); ‘blacklist-src’: Blacklist-src; ‘reset’: Reset client connection;
Type: string
Supported Values: drop, blacklist-src, reset
Mutual Exclusion: allow-record-type-action and allow-record-type-action-list-name are mutually exclusive
allow-record-type-action-list-name
Description Configure action-list to take
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: allow-record-type-action-list-name and allow-record-type-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
allow-srv-type
Description Service locator
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
record-num-cfg
Type: List
allow-record-type_record-num-cfg¶
Specification Value Type list Block object keys allow-num-type
Description Other record type value
Type: number
Range: 1-65535
allow-query-class¶
Specification Value Type object allow-any-query-class
Description ANY query class
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
allow-chaos-query-class
Description CHAOS query class
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
allow-csnet-query-class
Description CSNET query class
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
allow-hesiod-query-class
Description HESIOD query class
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
allow-internet-query-class
Description INTERNET query class
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
allow-none-query-class
Description NONE query class
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
allow-query-class-action
Description ‘drop’: Drop packets (Default); ‘blacklist-src’: Blacklist-src; ‘reset’: Reset client connection;
Type: string
Supported Values: drop, blacklist-src, reset
Mutual Exclusion: allow-query-class-action and allow-query-class-action-list-name are mutually exclusive
allow-query-class-action-list-name
Description Configure action-list to take when query class doesn’t match
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: allow-query-class-action-list-name and allow-query-class-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
dns-udp-authentication¶
Specification Value Type object dns-udp-auth-fail-action
Description ‘drop’: Drop packets (Default); ‘blacklist-src’: Blacklist-src;
Type: string
Supported Values: drop, blacklist-src
Mutual Exclusion: dns-udp-auth-fail-action and dns-udp-auth-fail-action-list-name are mutually exclusive
dns-udp-auth-fail-action-list-name
Description Configure action-list to take for failing the authentication. (Applicable to dns-udp retry only)
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: dns-udp-auth-fail-action-list-name and dns-udp-auth-fail-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
dns-udp-auth-pass-action
Description ‘authenticate-src’: authenticate-src (Default);
Type: string
Supported Values: authenticate-src
Mutual Exclusion: dns-udp-auth-pass-action and dns-udp-auth-pass-action-list-name are mutually exclusive
dns-udp-auth-pass-action-list-name
Description Configure action-list to take for passing the authentication
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: dns-udp-auth-pass-action-list-name and dns-udp-auth-pass-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
force-tcp-cfg
Description: force-tcp-cfg is a JSON Block. Please see below for dns-udp-authentication_force-tcp-cfg
Type: Object
min-delay
Description Optional minimum delay between DNS retransmits for authentication to pass, unit is specified by min-delay-interval
Type: number
Range: 1-80
Mutual Exclusion: min-delay and force-tcp are mutually exclusive
min-delay-interval
Description ‘100ms’: 100ms; ‘1sec’: 1sec;
Type: string
Supported Values: 100ms, 1sec
udp-timeout
Description UDP authentication timeout in seconds
Type: number
Range: 1-16
Mutual Exclusion: udp-timeout and force-tcp are mutually exclusive
dns-udp-authentication_force-tcp-cfg¶
Specification Value Type object force-tcp
Description Force DNS request over TCP
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
Mutual Exclusion: force-tcp, udp-timeout, and min-delay are mutually exclusive
force-tcp-ignore-client-source-port
Description Allow client to retransmit DNS request using different source port during udp-auth (supported in asymmetric mode only)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
force-tcp-min-delay
Description Optional minimum delay (seconds) between DNS retransmits for authentication to pass
Type: number
Range: 1-15
force-tcp-timeout
Description UDP authentication timeout in seconds
Type: number
Range: 1-16
multi-pu-threshold-distribution¶
Specification Value Type object multi-pu-threshold-distribution-disable
Description ‘disable’: Destination side rate limit only. Default: Enable;
Type: string
Supported Values: disable
Mutual Exclusion: multi-pu-threshold-distribution-disable and multi-pu-threshold-distribution-value are mutually exclusive
multi-pu-threshold-distribution-value
Description Destination side rate limit only. Default: 0
Type: number
Range: 1-16000000
Mutual Exclusion: multi-pu-threshold-distribution-value and multi-pu-threshold-distribution-disable are mutually exclusive
fqdn-label-len-cfg¶
Specification Value Type list Block object keys fqdn-label-length-action
Description ‘drop’: Drop packets (Default); ‘ignore’: Take no action; ‘blacklist-src’: Blacklist-src; ‘reset’: Reset client connection;
Type: string
Supported Values: drop, ignore, blacklist-src, reset
Mutual Exclusion: fqdn-label-length-action and fqdn-label-length-action-list-name are mutually exclusive
fqdn-label-length-action-list-name
Description Configure action-list to take
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Mutual Exclusion: fqdn-label-length-action-list-name and fqdn-label-length-action are mutually exclusive
Reference Object: /axapi/v3/ddos/action-list
fqdn-label-suffix
Description Number of suffixes
Type: number
Range: 1-5
label-length
Description Maximum length of FQDN label
Type: number
Range: 1-63
symtimeout-cfg¶
Specification Value Type object sym-timeout
Description Timeout for DNS Symmetric session
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
sym-timeout-value
Description Session timeout value in seconds
Type: number
Range: 1-31