gslb policy dns

Configure DNS parameters for the policy.

dns Specification

Type Configuration Resource
Element Name dns
Element URI /axapi/v3/gslb/policy/{name}/dns
Element Attributes dns_attributes
Schema dns schema

Operations Allowed:

Operation Method URI Payload

Create Object

POST

/axapi/v3/gslb/policy/{name}/dns

dns Attributes

Get Object

GET

/axapi/v3/gslb/policy/{name}/dns

dns Attributes

Modify Object

POST

/axapi/v3/gslb/policy/{name}/dns

dns Attributes

Replace Object

PUT

/axapi/v3/gslb/policy/{name}/dns

dns Attributes

Delete Object

DELETE

/axapi/v3/gslb/policy/{name}/dns

dns Attributes

dns Attributes

action

Description: Enable GSLB to perform the DNS actions specified in the service configurations.

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

action-type

Description: Action to take when blocking.

  • drop : Drop query.
  • reject : Send refuse response.
  • ignore : Send empty response.

Type: string

Supported Values: drop, reject, ignore

active-only

Description: Removes IP addresses from DNS replies when those addresses fail health checks. If none of the IP addresses in the DNS reply pass the health check, the GSLB Thunder Series does not use this metric, since it would result in an empty IP address list.

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

active-only-fail-safe

Description: Returns a list of server IP addresses for failed servers to the client. Without this option, IP addresses of failed servers are omitted from the reply.

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

aging-time

Description: You can override the entry TTL by setting the cache aging time. 0 means using the TTL in the DNS record as aging time.

Type: number

Range: 0-1000000000

Default: 0

backup-alias

Description: Returns the alias CNAME record configured for the service, if GSLB does not receive an answer to a query for the service and no active DNS server exists. This option is valid in server mode or proxy mode.

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

backup-server

Description: Designates one or more backup servers that can be returned to the client if the primaries should fail.

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

block-action

Description: Blocks DNS queries from being sent to an internal DNS server. The ACOS device must be in GSLB proxy mode for the feature to work.

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

block-type

Description:

Type: string

Format: enum-list

block-value

Description: block-value is a JSON List . Please see below for block-value

Type: List

cache

Description: Enables the GSLB ACOS device to cache DNS replies. The ACOS device uses information in the cached DNS entries to reply to subsequent client requests, as opposed to sending a new DNS request for every client query. When you enable this option, the ACOS device caches a DNS reply for the duration of the TTL in the reply.

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

cname-detect

Description: Disabling this option skips the Cname response. If enabled, the GSLB-ACOS applies the zone and service policy to the Cname record instead of applying it to the address record.

Type: boolean

Supported Values: true, false, 1, 0

Default: 1

delegation

Description: Enables sub-zone delegation. The feature allows you to delegate authority or responsibility for a portion of the DNS name space from the parent domain to a separate subdomain which may reside on one or more remote servers and may be managed by someone other than the network administrator who is responsible for the parent zone.

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

dns-addition-mx

Description: Appends MX records in the Additional section in replies for A records, when the device is configured for DNS proxy or cache mode.

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

dns-auto-map

Description: Enables automatic creation of A and AAAA records for IP resources configured on the ACOS device. For example, this option is useful for auto-mapping VIP addresses to service-IP addresses.

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

external-ip

Description: Returns the external IP address configured for a service IP. If this option is disabled, the internal address is returned instead. The external IP address must be configured on the service IP.

Type: boolean

Supported Values: true, false, 1, 0

Default: 1

external-soa

Description: Replaces the internal SOA record with an external SOA record to prevent external clients from gaining information that should only be available to internal clients. If this option is disabled, the internal address is returned instead.

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

geoloc-action

Description: Performs the DNS traffic handling action specified for the client’s geo-location. The action is specified as part of service configuration in a zone.

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

geoloc-alias

Description: Returns the alias name configured for the client’s geo-location.

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

geoloc-policy

Description: Uses the GSLB policy assigned to the client’s geo-location.

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

hint

Description: Enables hints, which appear in the Additional Section of the DNS response. Hints are A or AAAA records that are sent in the response to a client’s DNS request. These records provide a mapping between the host names and IP addresses.

  • none : Does not append hints in the DNS response.
  • answer : Appends hints in the Answer Section.
  • addition : Appends hints in the Additional Section.

Type: string

Supported Values: none, answer, addition

Default: addition

ip-replace

Description: Replaces the IP addresses in the DNS reply with the service IP addresses configured for the service.

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

ipv6

Description: ipv6 is a JSON List . Please see below for ipv6

Type: List

logging

Description: Configures DNS logging.

  • none : None.
  • query : DNS Query.
  • response : DNS Response.
  • both : Both DNS Query and Response.

Type: string

Supported Values: none, query, response, both

proxy-block-port-range-list

Description: proxy-block-port-range-list is a JSON List . Please see below for proxy-block-port-range-list

Type: List

selected-only

Description: Enables return of only the selected IP addresses.

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

selected-only-value

Description: For use with selected-only . The value number for the records that can be returned after selection occurs. If the number is greater than the selected number, then GSLB ignores this configuration.

Type: number

Range: 1-128

server

Description: Enables the GSLB ACOS device to act as a DNS server, for specific service IPs in the GSLB zone. When you enable the server option, the GSLB ACOS directly responds to Address queries for specific service IP addresses in the GSLB zone. The ACOS device still forwards other types of queries to the DNS server.

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

server-addition-mx

Description: Enables the GSLB ACOS device to provide the A record containing the mail server’s IP address in the Additional section, when the device is configured for DNS server mode.

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

server-any

Description: Enables the GSLB ACOS device to provide all resource records that are available, when the ACOS device is configured for DNS server mode. When a client issues a type “ANY” request (which is actually a pseudo resource record that is expressed by the wildcard code “*”), then the ACOS device includes all RR information it has available.

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

server-authoritative

Description: Makes the ACOS device the authoritative DNS server for the GSLB zone, for the service IPs in which you enable the static option.

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

server-auto-ns

Description: Causes the policy to provide A records for NS records automatically.

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

server-auto-ptr

Description: Causes the policy to provide pointer records automatically.

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

server-full-list

Description: The full-list option appends all A records in the Authoritative section of DNS replies.

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

server-mode-only

Description: Only run GSLB as DNS server mode

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

server-mx

Description: Provides the MX record in the Answer section, and the A record for the mail server in the Additional section, when the device is configured for DNS server mode.

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

server-ns

Description: Provides the name server record.

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

server-ns-list

Description: This option appends all Name Server (NS) Resource Records (RR) in the Authority section of DNS replies.

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

server-ptr

Description: Provides the pointer record.

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

server-sec

Description: Provides DNSSEC support.

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

server-srv

Description: Provides the service record.

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

server-txt

Description: Provides the service record. TXT resource records can be used to carry multiple pieces of DNS TXT data within a single record.

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

sticky

Description: Sends the same service IP address to a client for all requests from that client for the service address. Sticky DNS ensures that, during the aging-time, a client is always directed to the same site.

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

sticky-aging-time

Description: Specifies how many minutes a DNS reply remains sticky.

Type: number

Range: 1-65535

Default: 5

sticky-ipv6-mask

Description: Adjusts the granularity of the feature for IPv6.

Type: number

Range: 1-128

Default: 128

sticky-mask

Description: Adjusts the granularity of the feature for IPv4.

Type: string

Format: ipv4-netmask-brief

ttl

Description: Changes the TTL of each DNS record contained in DNS replies received from the DNS for which the Thunder Series is a proxy.

Type: number

Range: 0-1000000000

Default: 10

Mutual Exclusion: ttl and use-server-ttl are mutually exclusive

use-server-ttl

Description: Use DNS Server Response TTL value in GSLB Proxy mode

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: use-server-ttl and ttl are mutually exclusive

uuid

Description: uuid of the object

Type: string

ipv6

Specification
Type list
Block object keys

dns-ipv6-mapping-type

Description: ‘addition’: Append Mapped Record in DNS Addition Section; ‘answer’: Append Mapped Record in DNS Answer Section; ‘exclusive’: Only return AAAA Record; ‘replace’: Replace Record with Mapped Record;

Type: string

Supported Values: addition, answer, exclusive, replace

dns-ipv6-option

Description: ‘mix’: Return both AAAA Record and A Record; ‘smart’: Return AAAA Record by DNS Query Type; ‘mapping’: Map A Record to AAAA Record;

Type: string

Supported Values: mix, smart, mapping

block-value

Specification
Type list
Block object keys

block-value

Description: Specify Type Number

Type: number

Range: 1-255

proxy-block-port-range-list

Specification
Type list
Block object keys

proxy-block-range-from

Description: Specify Type Range (From)

Type: number

proxy-block-range-to

Description: To

Type: number