Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Current »

*Mandatory parameters are denoted by an * (asterisk).

header

type

description

required

encoding

sample

object_headers

HEADER-dnsconfig-v2-server*

string

The primary identifier of the header stating the type of object.

TRUE

string

key*

string

The primary identifier of an individual object.
For DNS Server, the name of the server object (Configuration) is used as the key.

TRUE

string

name

string

The name of the configuration.

TRUE

string

comment

string

The comment for the configuration.

FALSE

string

query_port

integer

The source port for outbound DNS queries.
When set to 0, the port is unspecified and the implementation may randomize it by using any available port.
Defaults to 0.

FALSE

string

secondary_soa_query_limit

integer

The maximum number of concurrent outbound SOA queries.
When set to 0, a host-dependent default will be used. Defaults to 0.

FALSE

string

secondary_axfr_query_limit

integer

The maximum number of concurrent inbound AXFRs.
When set to 0, a host-dependent default will be used.
Defaults to 0.

FALSE

string

query_acl

array

To make authoritative queries, clients must match this ACL.
Also used for recursive queries, if that ACL is unset.
Defaults to empty.

FALSE

nios

element

access

address

acl

tsig_key

tsig_name

tsig_comment

tsig_algorithm

tsig_secret

minimal_responses

boolean

When enabled, the DNS server will only add records to the authority and additional data sections when they are required.
Defaults to "false".

FALSE

string

transfer_acl

array

To receive zone transfers, clients must match this ACL.
Defaults to empty.

FALSE

nios

element

access

address

acl

tsig_key

tsig_name

tsig_comment

tsig_algorithm

tsig_secret

recursion_enabled

boolean

Indicates whether recursive DNS queries are allowed.
Defaults to "true".

FALSE

string

recursion_acl

array

To make recursive queries, clients must match this ACL. If this ACL is empty, then query_acl will be used, instead.
Defaults to empty.

FALSE

nios

element

access

address

acl

tsig_key

tsig_name

tsig_comment

tsig_algorithm

tsig_secret

resolver_query_timeout

integer

Seconds before a recursive query times out.
Varies from 10 to 30.
Defaults to 10.

FALSE

string

lame_ttl

integer

Not used in the current implementation of the on-prem DNS server.
Varies from 0 to 1 hour (3600).
Defaults to 600.

FALSE

string

max_cache_ttl

integer

Seconds to cache positive responses.
Varies from 1 to 7 days (604800).
Defaults to 604800 (7 days).

FALSE

string

max_negative_ttl

integer

Seconds to cache negative responses.
Varies from 1 to 7 days (604800).
Defaults to 10800 (3 hours).

FALSE

string

custom_root_ns_enabled

boolean

Indicates whether custom root nameservers are to be used instead of the default ones.
When this is enabled, custom_root_ns is validated.
Alex: please check the edit
Defaults to "false".

FALSE

string

custom_root_ns

array

The list of custom root nameservers. The order does not matter.
Error if empty while custom_root_ns_enabled is "true".
Error if there are duplicate items in the list.
Defaults to empty.

FALSE

nios

root_ns_fqdn

root_ns_address

forwarders_only

boolean

Set to "true" to only forward.
Defaults to "false".

FALSE

string

forwarders

array

The list of forwarders.
Error if empty while forwarders_only or use_root_forwarders_for_local_resolution_with_b1td is "true".
Error if the list contains duplicate addresses.
Defaults to empty.

FALSE

nios

forwarder_fqdn

forwarder_address

ecs_enabled

boolean

Set to "true" to enable EDNS client subnet for recursive queries.
Other ecs_* fields are ignored if this field is not enabled.
Defaults to "false".

FALSE

string

ecs_forwarding

boolean

Set to "true" to enable ECS options in outbound queries. This functionality has additional overhead, so it is disabled by default.
Defaults to "false".

FALSE

string

ecs_prefix_v4

integer

Maximum scope length for v4 ECS.
Varies from 1 to 24.
Defaults to 24.

FALSE

string

ecs_prefix_v6

integer

Maximum scope length for v6 ECS.
Varies from 1 to 56.
Defaults to 56.

FALSE

string

ecs_zones

array

The list of zones where ECS queries may be sent.
Error if empty while ecs_enabled_ is "true".
Error if there are duplicate FQDNs in the list.
Defaults to empty.

FALSE

nios

ecs_zone_fqdn

ecs_zone_access

dnssec_enabled

boolean

The master toggle for all DNSSEC processing.
If this is disabled, other dnssec_*_ configuration is not used.
Defaults to "true".

FALSE

string

dnssec_enable_validation

boolean

Set to "true" to perform DNSSEC validation.
Ignored if dnssec_enabled is "false".
Defaults to "true".

FALSE

string

dnssec_validate_expiry

boolean

Set to "true" to reject expired DNSSEC keys.
Ignored if either dnssec_enabled or dnssec_enable_validation is "false".
Defaults to "true".

FALSE

string

dnssec_root_keys

array

DNSSEC root keys. The root keys are not configurable.

FALSE

nios

trust_anchor_zone

trust_anchor_sep

trust_anchor_algorithm

trust_anchor_public_key

query_port_action

string

The inheritance configuration for the query_port field of a Server object.

FALSE

string

inherit

secondary_soa_query_limit_action

string

The inheritance configuration for the secondary_soa_query_limit field of a Server object.

FALSE

string

inherit

secondary_axfr_query_limit_action

string

The inheritance configuration for the secondary_axfr_query_limit field of a Server object.

FALSE

string

inherit

minimal_responses_action

string

The inheritance configuration for the minimal_responses field of a Server object.

FALSE

string

inherit

recursion_enabled_action

string

The inheritance configuration for the recursion_enabled field of a Server object.

FALSE

string

inherit

resolver_query_timeout_action

string

The inheritance configuration for the resolver_query_timeout field of a Server object.

FALSE

string

inherit

lame_ttl_action

string

The inheritance configuration for the lame_ttl field of a Server object.

FALSE

string

inherit

max_cache_ttl_action

string

The inheritance configuration for the max_cache_ttl field of a Server object.

FALSE

string

inherit

max_negative_ttl_action

string

The inheritance configuration for the max_negative_ttl field of a Server object.

FALSE

string

inherit

query_acl_action

string

The inheritance configuration for the query_acl field of a Server object.

FALSE

string

inherit

transfer_acl_action

string

The inheritance configuration for the transfer_acl field of a Server object.

FALSE

string

inherit

recursion_acl_action

string

The inheritance configuration for the recursion_acl field of a Server object.

FALSE

string

inherit

custom_root_ns_block_action

string

The inheritance configuration for the custom_root_ns_block field of a Server object.

FALSE

string

inherit

forwarders_block_action

string

The inheritance configuration for the forwarders_block field of a Server object.

FALSE

string

inherit

ecs_block_action

string

The inheritance configuration for the ecs_block field of a Server object.

FALSE

string

inherit

dnssec_validation_block_action

string

The inheritance configuration for the dnssec_validation_block field of a Server object.

FALSE

string

inherit

use_forwarders_for_subzones_action

string

The inheritance configuration for the use_forwarders_for_subzones field of a Server object.

FALSE

string

inherit

update_acl_action

string

The inheritance configuration for the update_acl field of a Server object.

FALSE

string

inherit

match_recursive_only_action

string

The inheritance configuration for the match_recursive_only field of a Server object.

FALSE

string

inherit

log_query_response_action

string

The inheritance configuration for the log_queries_response field of a Server object.

FALSE

string

inherit

recursive_clients_action

string

The inheritance configuration for the recursive_clients field of a Server object.

FALSE

string

inherit

notify_action

string

The inheritance configuration for the notify field of a Server object.

FALSE

string

inherit

gss_tsig_enabled_action

string

The inheritance configuration for the gss_tsig_enabled field of a Server object.

FALSE

string

inherit

kerberos_keys_action

string

The inheritance configuration for the kerberos_keys field of a Server object.

FALSE

string

inherit

add_edns_option_in_outgoing_query_action

string

The inheritance configuration for the add_edns_option_in_outgoing_query field of a Server object.

FALSE

string

inherit

synthesize_address_records_from_https_action

string

The inheritance configuration for the synthesize_address_records_from_https field of a Server object.

FALSE

string

inherit

tags

string

The tags for the DNS Config profile, in JSON format.

FALSE

expandtags

{}

use_forwarders_for_subzones

boolean

Use default forwarders to resolve queries for subzones.
Defaults to "true".

FALSE

string

update_acl

array

Specifies which hosts are allowed to issue Dynamic DNS updates for authoritative zones of the primary_type cloud.
Defaults to empty.

FALSE

nios

element

access

address

acl

tsig_key

tsig_name

tsig_comment

tsig_algorithm

tsig_secret

views

array

The ordered list of dns/display_view objects served by any DNS/host assigned to a particular DNS Config profile.
Determined automatically. Allows reordering only.

FALSE

nios

view

name

comment

auto_sort_views

boolean

Controls the order of manual and automatic views.
Defaults to "true".

FALSE

string

match_recursive_only

boolean

If "true", then only recursive queries from matching clients can access the view.
Defaults to "true".

FALSE

string

log_query_response

boolean

Controls the functionality for logging DNS queries and responses.
Defaults to "true".

FALSE

string

recursive_clients

integer

Defines the number of simultaneous recursive lookups the server will perform on behalf of its clients.
Defaults to 1000.

FALSE

string

notify

boolean

Notify all external secondary DNS servers.
Defaults to "false".

FALSE

string

gss_tsig_enabled

boolean

gss_tsig_enabled enables or disables GSS-TSIG signed dynamic updates.
Defaults to "false".

FALSE

string

kerberos_keys

array

kerberos_keys contains a list of keys for GSS-TSIG signed dynamic updates.
Defaults to empty.

FALSE

stringarray

add_edns_option_in_outgoing_query

boolean

add_edns_option_in_outgoing_query adds the client IP, MAC address, and view name into the outgoing recursive query.
Defaults to "false".

FALSE

string

synthesize_address_records_from_https

boolean

synthesize_address_records_from_https enables or disables creation of A/AAAA records from HTTPS RR.
Defaults to "false".

FALSE

string

  • No labels