servers (dnsconfig)
- Sri Raghu
*Mandatory parameters are denoted by an * (asterisk).
header | type | description | required | encoding | sample | object_headers |
|
|
|
|
|
|
|
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
HEADER-dnsconfig-v2-server* | string | The primary identifier of the header stating the type of object. | TRUE | string |
|
|
|
|
|
|
|
|
|
|
key* | string | The primary identifier of an individual object. | TRUE | string |
|
|
|
|
|
|
|
|
|
|
name | string | The name of the configuration. | TRUE | string |
|
|
|
|
|
|
|
|
|
|
comment | string | The comment for the configuration. | FALSE | string |
|
|
|
|
|
|
|
|
|
|
query_port | integer | The source port for outbound DNS queries. | FALSE | string |
|
|
|
|
|
|
|
|
|
|
secondary_soa_query_limit | integer | The maximum number of concurrent outbound SOA queries. | FALSE | string |
|
|
|
|
|
|
|
|
|
|
secondary_axfr_query_limit | integer | The maximum number of concurrent inbound AXFRs. | FALSE | string |
|
|
|
|
|
|
|
|
|
|
query_acl | array | To make authoritative queries, clients must match this ACL. | FALSE | nios |
| element | access | address | acl | tsig_key | tsig_name | tsig_comment | tsig_algorithm | tsig_secret |
minimal_responses | boolean | When enabled, the DNS server will only add records to the authority and additional data sections when they are required. | FALSE | string |
|
|
|
|
|
|
|
|
|
|
transfer_acl | array | To receive zone transfers, clients must match this ACL. | FALSE | nios |
| element | access | address | acl | tsig_key | tsig_name | tsig_comment | tsig_algorithm | tsig_secret |
recursion_enabled | boolean | Indicates whether recursive DNS queries are allowed. | FALSE | string |
|
|
|
|
|
|
|
|
|
|
recursion_acl | array | To make recursive queries, clients must match this ACL. If this ACL is empty, then query_acl will be used, instead. | FALSE | nios |
| element | access | address | acl | tsig_key | tsig_name | tsig_comment | tsig_algorithm | tsig_secret |
resolver_query_timeout | integer | Seconds before a recursive query times out. | FALSE | string |
|
|
|
|
|
|
|
|
|
|
lame_ttl | integer | Not used in the current implementation of the on-prem DNS server. | FALSE | string |
|
|
|
|
|
|
|
|
|
|
max_cache_ttl | integer | Seconds to cache positive responses. | FALSE | string |
|
|
|
|
|
|
|
|
|
|
max_negative_ttl | integer | Seconds to cache negative responses. | FALSE | string |
|
|
|
|
|
|
|
|
|
|
custom_root_ns_enabled | boolean | Indicates whether custom root nameservers are to be used instead of the default ones. | FALSE | string |
|
|
|
|
|
|
|
|
|
|
custom_root_ns | array | The list of custom root nameservers. The order does not matter. | FALSE | nios |
| root_ns_fqdn | root_ns_address |
|
|
|
|
|
|
|
forwarders_only | boolean | Set to "true" to only forward. | FALSE | string |
|
|
|
|
|
|
|
|
|
|
forwarders | array | The list of forwarders. | FALSE | nios |
| forwarder_fqdn | forwarder_address |
|
|
|
|
|
|
|
ecs_enabled | boolean | Set to "true" to enable EDNS client subnet for recursive queries. | FALSE | string |
|
|
|
|
|
|
|
|
|
|
ecs_forwarding | boolean | Set to "true" to enable ECS options in outbound queries. This functionality has additional overhead, so it is disabled by default. | FALSE | string |
|
|
|
|
|
|
|
|
|
|
ecs_prefix_v4 | integer | Maximum scope length for v4 ECS. | FALSE | string |
|
|
|
|
|
|
|
|
|
|
ecs_prefix_v6 | integer | Maximum scope length for v6 ECS. | FALSE | string |
|
|
|
|
|
|
|
|
|
|
ecs_zones | array | The list of zones where ECS queries may be sent. | FALSE | nios |
| ecs_zone_fqdn | ecs_zone_access |
|
|
|
|
|
|
|
dnssec_enabled | boolean | The master toggle for all DNSSEC processing. | FALSE | string |
|
|
|
|
|
|
|
|
|
|
dnssec_enable_validation | boolean | Set to "true" to perform DNSSEC validation. | FALSE | string |
|
|
|
|
|
|
|
|
|
|
dnssec_validate_expiry | boolean | Set to "true" to reject expired DNSSEC keys. | FALSE | string |
|
|
|
|
|
|
|
|
|
|
dnssec_root_keys | array | DNSSEC root keys. The root keys are not configurable. | FALSE | nios |
| trust_anchor_zone | trust_anchor_sep | trust_anchor_algorithm | trust_anchor_public_key |
|
|
|
|
|
query_port_action | string | The inheritance configuration for the query_port field of a Server object. | FALSE | string | inherit |
|
|
|
|
|
|
|
|
|
secondary_soa_query_limit_action | string | The inheritance configuration for the secondary_soa_query_limit field of a Server object. | FALSE | string | inherit |
|
|
|
|
|
|
|
|
|
secondary_axfr_query_limit_action | string | The inheritance configuration for the secondary_axfr_query_limit field of a Server object. | FALSE | string | inherit |
|
|
|
|
|
|
|
|
|
minimal_responses_action | string | The inheritance configuration for the minimal_responses field of a Server object. | FALSE | string | inherit |
|
|
|
|
|
|
|
|
|
recursion_enabled_action | string | The inheritance configuration for the recursion_enabled field of a Server object. | FALSE | string | inherit |
|
|
|
|
|
|
|
|
|
resolver_query_timeout_action | string | The inheritance configuration for the resolver_query_timeout field of a Server object. | FALSE | string | inherit |
|
|
|
|
|
|
|
|
|
lame_ttl_action | string | The inheritance configuration for the lame_ttl field of a Server object. | FALSE | string | inherit |
|
|
|
|
|
|
|
|
|
max_cache_ttl_action | string | The inheritance configuration for the max_cache_ttl field of a Server object. | FALSE | string | inherit |
|
|
|
|
|
|
|
|
|
max_negative_ttl_action | string | The inheritance configuration for the max_negative_ttl field of a Server object. | FALSE | string | inherit |
|
|
|
|
|
|
|
|
|
query_acl_action | string | The inheritance configuration for the query_acl field of a Server object. | FALSE | string | inherit |
|
|
|
|
|
|
|
|
|
transfer_acl_action | string | The inheritance configuration for the transfer_acl field of a Server object. | FALSE | string | inherit |
|
|
|
|
|
|
|
|
|
recursion_acl_action | string | The inheritance configuration for the recursion_acl field of a Server object. | FALSE | string | inherit |
|
|
|
|
|
|
|
|
|
custom_root_ns_block_action | string | The inheritance configuration for the custom_root_ns_block field of a Server object. | FALSE | string | inherit |
|
|
|
|
|
|
|
|
|
forwarders_block_action | string | The inheritance configuration for the forwarders_block field of a Server object. | FALSE | string | inherit |
|
|
|
|
|
|
|
|
|
ecs_block_action | string | The inheritance configuration for the ecs_block field of a Server object. | FALSE | string | inherit |
|
|
|
|
|
|
|
|
|
dnssec_validation_block_action | string | The inheritance configuration for the dnssec_validation_block field of a Server object. | FALSE | string | inherit |
|
|
|
|
|
|
|
|
|
use_forwarders_for_subzones_action | string | The inheritance configuration for the use_forwarders_for_subzones field of a Server object. | FALSE | string | inherit |
|
|
|
|
|
|
|
|
|
update_acl_action | string | The inheritance configuration for the update_acl field of a Server object. | FALSE | string | inherit |
|
|
|
|
|
|
|
|
|
match_recursive_only_action | string | The inheritance configuration for the match_recursive_only field of a Server object. | FALSE | string | inherit |
|
|
|
|
|
|
|
|
|
log_query_response_action | string | The inheritance configuration for the log_queries_response field of a Server object. | FALSE | string | inherit |
|
|
|
|
|
|
|
|
|
recursive_clients_action | string | The inheritance configuration for the recursive_clients field of a Server object. | FALSE | string | inherit |
|
|
|
|
|
|
|
|
|
notify_action | string | The inheritance configuration for the notify field of a Server object. | FALSE | string | inherit |
|
|
|
|
|
|
|
|
|
gss_tsig_enabled_action | string | The inheritance configuration for the gss_tsig_enabled field of a Server object. | FALSE | string | inherit |
|
|
|
|
|
|
|
|
|
kerberos_keys_action | string | The inheritance configuration for the kerberos_keys field of a Server object. | FALSE | string | inherit |
|
|
|
|
|
|
|
|
|
add_edns_option_in_outgoing_query_action | string | The inheritance configuration for the add_edns_option_in_outgoing_query field of a Server object. | FALSE | string | inherit |
|
|
|
|
|
|
|
|
|
synthesize_address_records_from_https_action | string | The inheritance configuration for the synthesize_address_records_from_https field of a Server object. | FALSE | string | inherit |
|
|
|
|
|
|
|
|
|
tags | string | The tags for the DNS Config profile, in JSON format. | FALSE | expandtags | {} |
|
|
|
|
|
|
|
|
|
use_forwarders_for_subzones | boolean | Use default forwarders to resolve queries for subzones. | FALSE | string |
|
|
|
|
|
|
|
|
|
|
update_acl | array | Specifies which hosts are allowed to issue Dynamic DNS updates for authoritative zones of the primary_type cloud. | FALSE | nios |
| element | access | address | acl | tsig_key | tsig_name | tsig_comment | tsig_algorithm | tsig_secret |
views | array | The ordered list of dns/display_view objects served by any DNS/host assigned to a particular DNS Config profile. | FALSE | nios |
| view | name | comment |
|
|
|
|
|
|
auto_sort_views | boolean | Controls the order of manual and automatic views. | FALSE | string |
|
|
|
|
|
|
|
|
|
|
match_recursive_only | boolean | If "true", then only recursive queries from matching clients can access the view. | FALSE | string |
|
|
|
|
|
|
|
|
|
|
log_query_response | boolean | Controls the functionality for logging DNS queries and responses. | FALSE | string |
|
|
|
|
|
|
|
|
|
|
recursive_clients | integer | Defines the number of simultaneous recursive lookups the server will perform on behalf of its clients. | FALSE | string |
|
|
|
|
|
|
|
|
|
|
notify | boolean | Notify all external secondary DNS servers. | FALSE | string |
|
|
|
|
|
|
|
|
|
|
gss_tsig_enabled | boolean | gss_tsig_enabled enables or disables GSS-TSIG signed dynamic updates. | FALSE | string |
|
|
|
|
|
|
|
|
|
|
kerberos_keys | array | kerberos_keys contains a list of keys for GSS-TSIG signed dynamic updates. | FALSE | stringarray |
|
|
|
|
|
|
|
|
|
|
add_edns_option_in_outgoing_query | boolean | add_edns_option_in_outgoing_query adds the client IP, MAC address, and view name into the outgoing recursive query. | FALSE | string |
|
|
|
|
|
|
|
|
|
|
synthesize_address_records_from_https | boolean | synthesize_address_records_from_https enables or disables creation of A/AAAA records from HTTPS RR. | FALSE | string |
|
|
|
|
|
|
|
|
|
|