grid:dns : Grid DNS properties object.

This object supports DNS service management and configuration such as time-to-live (TTL) settings, zone transfers, queries, root name servers, dynamic updates, sort lists, Transaction Signatures (TSIG) for DNS and others, all at the grid level. The service configurations of a grid are inherited by all members, zones, and networks unless you specifically override them for selected members, zones, and networks. For this reason, it is recommended that you configure services at the grid level before configuring member, zone and network services.

Object Reference

References to grid:dns are object references. The name part of a Grid DNS properties object reference has the following components:

  • The name of the Infoblox Grid to which the DNS properties apply.

Example: grid:dns/ZG5zLm5ldHdvcmtfdmlldyQxMTk:Infoblox

Restrictions

The object does not support the following operations:

  • Create (insert)
  • Delete
  • Permissions
  • Scheduling
  • CSV export

The object cannot be managed on Cloud Platform members.

Fields

These fields are actual members of the object; thus, they can be requested by using _return_fields, if the fields are readable.

add_client_ip_mac_options

add_client_ip_mac_options

Add custom IP, MAC and DNS View name ENDS0 options to outgoing recursive queries.

Type

Bool.

Create

The default value is False.

Search

The field is not available for search.

allow_bulkhost_ddns

allow_bulkhost_ddns

Determines if DDNS bulk host is allowed or not.

Type

String.

Valid values are:
  • REFUSAL
  • SUCCESS

Create

The default value is REFUSAL.

Search

The field is not available for search.

allow_gss_tsig_zone_updates

allow_gss_tsig_zone_updates

Determines whether GSS-TSIG zone update is enabled for all Grid members.

Type

Bool.

Create

The default value is False.

Search

The field is not available for search.

allow_query

allow_query

Determines if queries from the specified IPv4 or IPv6 addresses and networks are allowed or not. The appliance can also use Transaction Signature (TSIG) keys to authenticate the queries.

Type

One of the following: Address ac struct, TSIG ac struct array.

Create

The default value is:

empty

Search

The field is not available for search.

allow_recursive_query

allow_recursive_query

Determines if the responses to recursive queries are enabled or not.

Type

Bool.

Create

The default value is False.

Search

The field is not available for search.

allow_transfer

allow_transfer

Determines if zone transfers from specified IPv4 or IPv6 addresses and networks or transfers from hosts authenticated by Transaction signature (TSIG) key are allowed or not.

Type

One of the following: Address ac struct, TSIG ac struct array.

Create

The default value is:

empty

Search

The field is not available for search.

allow_update

allow_update

Determines if dynamic updates from specified IPv4 or IPv6 addresses, networks or from host authenticated by TSIG key are allowed or not.

Type

One of the following: Address ac struct, TSIG ac struct array.

Create

The default value is:

empty

Search

The field is not available for search.

anonymize_response_logging

anonymize_response_logging

Determines if the anonymization of captured DNS responses is enabled or disabled.

Type

Bool.

Create

The default value is False.

Search

The field is not available for search.

attack_mitigation

attack_mitigation

Mitigation settings for DNS attacks.

Type

A/An DNS Attack Mitigation object struct.

Create

The default value is:

  { 'detect_chr': { 'enable': True,
                'high': 80,
                'interval_max': 100000,
                'interval_min': 1000,
                'interval_time': 10,
                'low': 70},
'detect_chr_grace': 75,
'detect_nxdomain_responses': { 'enable': True,
                               'high': 80,
                               'interval_max': 100000,
                               'interval_min': 1000,
                               'interval_time': 10,
                               'low': 70},
'detect_udp_drop': { 'enable': True,
                     'high': 30,
                     'interval_min': 1000,
                     'interval_time': 10,
                     'low': 20},
'interval': 10,
'mitigate_nxdomain_lru': False}

Search

The field is not available for search.

auto_blackhole

auto_blackhole

The auto blackhole settings.

Type

A/An DNS Auto Blackhole settings struct.

Create

The default value is:

  { 'enable_fetches_per_server': False,
'enable_fetches_per_zone': False,
'enable_holddown': False,
'fetches_per_server': 500,
'fetches_per_zone': 200,
'fps_freq': 200,
'holddown': 60,
'holddown_threshold': 5,
'holddown_timeout': 1000}

Search

The field is not available for search.

bind_check_names_policy

bind_check_names_policy

The BIND check names policy, which indicates the action the appliance takes when it encounters host names that do not comply with the Strict Hostname Checking policy. This method applies only if the host name restriction policy is set to “Strict Hostname Checking”.

Type

String.

Valid values are:
  • FAIL
  • WARN

Create

The default value is WARN.

Search

The field is not available for search.

bind_hostname_directive

bind_hostname_directive

The value of the hostname directive for BIND.

Type

String.

Valid values are:
  • HOSTNAME
  • NONE

Create

The default value is NONE.

Search

The field is not available for search.

blackhole_list

blackhole_list

The list of IPv4 or IPv6 addresses and networks from which DNS queries are blocked.

Type

One of the following: Address ac struct, TSIG ac struct array.

Create

The default value is:

empty

Search

The field is not available for search.

blacklist_action

blacklist_action

The action to perform when a domain name matches the pattern defined in a rule that is specified by the blacklist ruleset.

Type

String.

Valid values are:
  • REDIRECT
  • REFUSE

Create

The default value is REDIRECT.

Search

The field is not available for search.

blacklist_log_query

blacklist_log_query

Determines if blacklist redirection queries are logged or not.

Type

Bool.

Create

The default value is False.

Search

The field is not available for search.

blacklist_redirect_addresses

blacklist_redirect_addresses

The IP addresses the appliance includes in the response it sends in place of a blacklisted IP address.

Type

String array.

Create

The default value is empty.

Search

The field is not available for search.

blacklist_redirect_ttl

blacklist_redirect_ttl

The TTL value (in seconds) of the synthetic DNS responses that result from blacklist redirection.

Type

Unsigned integer.

Create

The default value is 60.

Search

The field is not available for search.

blacklist_rulesets

blacklist_rulesets

The DNS Ruleset object names assigned at the Grid level for blacklist redirection.

Type

String array.

Create

The default value is empty.

Search

The field is not available for search.

bulk_host_name_templates

bulk_host_name_templates

The list of bulk host name templates. There are four Infoblox predefined bulk host name templates. Template Name Template Format “Four Octets” -$1-$2-$3-$4 “Three Octets” -$2-$3-$4 “Two Octets” -$3-$4 “One Octet” -$4

Type

A/An bulkhostnametemplate object array.

This field supports nested return fields as described here.

Create

The default value is [{‘template_name’: ‘Four Octets’, ‘is_grid_default’: True, ‘template_format’: ‘-$1-$2-$3-$4’}, {‘template_name’: ‘Three Octets’, ‘is_grid_default’: False, ‘template_format’: ‘-$2-$3-$4’}, {‘template_name’: ‘Two Octets’, ‘is_grid_default’: False, ‘template_format’: ‘-$3-$4’}, {‘template_name’: ‘One Octet’, ‘is_grid_default’: False, ‘template_format’: ‘-$4’}].

Search

The field is not available for search.

capture_dns_queries_on_all_domains

capture_dns_queries_on_all_domains

Determines if the capture of DNS queries for all domains is enabled or disabled.

Type

Bool.

Create

The default value is False.

Search

The field is not available for search.

check_names_for_ddns_and_zone_transfer

check_names_for_ddns_and_zone_transfer

Determines whether the application of BIND check-names for zone transfers and DDNS updates are enabled.

Type

Bool.

Create

The default value is False.

Search

The field is not available for search.

client_subnet_domains

client_subnet_domains

The list of zone domain names that are allowed or forbidden for EDNS client subnet (ECS) recursion.

Type

A/An The client subnet domain structure struct array.

Create

The default value is:

empty

Search

The field is not available for search.

client_subnet_ipv4_prefix_length

client_subnet_ipv4_prefix_length

Default IPv4 Source Prefix-Length used when sending queries with EDNS client subnet option.

Type

Unsigned integer.

Create

The default value is 24.

Search

The field is not available for search.

client_subnet_ipv6_prefix_length

client_subnet_ipv6_prefix_length

Default IPv6 Source Prefix-Length used when sending queries with EDNS client subnet option.

Type

Unsigned integer.

Create

The default value is 56.

Search

The field is not available for search.

copy_client_ip_mac_options

copy_client_ip_mac_options

Copy custom IP, MAC and DNS View name ENDS0 options from incoming to outgoing recursive queries.

Type

Bool.

Create

The default value is False.

Search

The field is not available for search.

copy_xfer_to_notify

copy_xfer_to_notify

The allowed IPs, from the zone transfer list, added to the also-notify statement in the named.conf file.

Type

Bool.

Create

The default value is False.

Search

The field is not available for search.

custom_root_name_servers

custom_root_name_servers

The list of customized root nameserver(s). You can use Internet root name servers or specify host names and IP addresses of custom root name servers.

Type

A/An External Server struct array.

Create

The default value is:

empty

Search

The field is not available for search.

ddns_force_creation_timestamp_update

ddns_force_creation_timestamp_update

Defines whether creation timestamp of RR should be updated ‘ when DDNS update happens even if there is no change to ‘ the RR.

Type

Bool.

Create

The default value is False.

Search

The field is not available for search.

ddns_principal_group

ddns_principal_group

The DDNS Principal cluster group name.

Type

String.

Create

The default value is empty.

Search

The field is not available for search.

ddns_principal_tracking

ddns_principal_tracking

Determines if the DDNS principal track is enabled or disabled.

Type

Bool.

Create

The default value is False.

Search

The field is not available for search.

ddns_restrict_patterns

ddns_restrict_patterns

Determines if an option to restrict DDNS update request based on FQDN patterns is enabled or disabled.

Type

Bool.

Create

The default value is False.

Search

The field is not available for search.

ddns_restrict_patterns_list

ddns_restrict_patterns_list

The unordered list of restriction patterns for an option of to restrict DDNS updates based on FQDN patterns.

Type

String array.

Create

The default value is empty.

Search

The field is not available for search.

ddns_restrict_protected

ddns_restrict_protected

Determines if an option to restrict DDNS update request to protected resource records is enabled or disabled.

Type

Bool.

Create

The default value is False.

Search

The field is not available for search.

ddns_restrict_secure

ddns_restrict_secure

Determines if DDNS update request for principal other than target resource record’s principal is restricted.

Type

Bool.

Create

The default value is False.

Search

The field is not available for search.

ddns_restrict_static

ddns_restrict_static

Determines if an option to restrict DDNS update request to resource records which are marked as ‘STATIC’ is enabled or disabled.

Type

Bool.

Create

The default value is False.

Search

The field is not available for search.

default_bulk_host_name_template

default_bulk_host_name_template

Default bulk host name of a Grid DNS.

Type

String.

Create

The default value is Four Octets.

Search

The field is not available for search.

default_ttl

default_ttl

The default TTL value of a Grid DNS object. This interval tells the secondary how long the data can be cached.

Type

Unsigned integer.

Create

The default value is 28800.

Search

The field is not available for search.

disable_edns

disable_edns

Determines if the EDNS0 support for queries that require recursive resolution on Grid members is enabled or not.

Type

Bool.

Create

The default value is False.

Search

The field is not available for search.

dns64_groups

dns64_groups

The list of DNS64 synthesis groups associated with this Grid DNS object.

Type

String array.

Create

The default value is empty.

Search

The field is not available for search.

dns_cache_acceleration_ttl

dns_cache_acceleration_ttl

The minimum TTL value, in seconds, that a DNS record must have in order for it to be cached by the DNS Cache Acceleration service.

An integer from 1 to 65000 that represents the TTL in seconds.

Type

Unsigned integer.

Create

The default value is 1.

Search

The field is not available for search.

dns_health_check_anycast_control

dns_health_check_anycast_control

Determines if the anycast failure (BFD session down) is enabled on member failure or not.

Type

Bool.

Create

The default value is False.

Search

The field is not available for search.

dns_health_check_domain_list

dns_health_check_domain_list

The list of domain names for the DNS health check.

Type

String array.

Create

The default value is empty.

Search

The field is not available for search.

dns_health_check_interval

dns_health_check_interval

The time interval (in seconds) for DNS health check.

Type

Unsigned integer.

Create

The default value is 30.

Search

The field is not available for search.

dns_health_check_recursion_flag

dns_health_check_recursion_flag

Determines if the recursive DNS health check is enabled or not.

Type

Bool.

Create

The default value is False.

Search

The field is not available for search.

dns_health_check_retries

dns_health_check_retries

The number of DNS health check retries.

Type

Unsigned integer.

Create

The default value is 3.

Search

The field is not available for search.

dns_health_check_timeout

dns_health_check_timeout

The DNS health check timeout interval (in seconds).

Type

Unsigned integer.

Create

The default value is 3.

Search

The field is not available for search.

dns_query_capture_file_time_limit

dns_query_capture_file_time_limit

The time limit (in minutes) for the DNS query capture file.

Type

Unsigned integer.

Create

The default value is 10.

Search

The field is not available for search.

dnssec_blacklist_enabled

dnssec_blacklist_enabled

Determines if the blacklist rules for DNSSEC-enabled clients are enabled or not.

Type

Bool.

Create

The default value is False.

Search

The field is not available for search.

dnssec_dns64_enabled

dnssec_dns64_enabled

Determines if the DNS64 groups for DNSSEC-enabled clients are enabled or not.

Type

Bool.

Create

The default value is False.

Search

The field is not available for search.

dnssec_enabled

dnssec_enabled

Determines if the DNS security extension is enabled or not.

Type

Bool.

Create

The default value is True.

Search

The field is not available for search.

dnssec_expired_signatures_enabled

dnssec_expired_signatures_enabled

Determines when the DNS member accepts expired signatures.

Type

Bool.

Create

The default value is False.

Search

The field is not available for search.

dnssec_key_params

dnssec_key_params

This structure contains the DNSSEC key parameters for this zone.

Type

A/An DNSSEC Key parameters struct.

Create

The default value is:

  { 'enable_ksk_auto_rollover': True,
'ksk_algorithm': '8',
'ksk_algorithms': [{ 'algorithm': 'RSASHA256', 'size': 2048}],
'ksk_email_notification_enabled': False,
'ksk_rollover': 31536000,
'ksk_rollover_notification_config': 'REQUIRE_MANUAL_INTERVENTION',
'ksk_size': 2048,
'ksk_snmp_notification_enabled': True,
'next_secure_type': 'NSEC3',
'nsec3_iterations': 10,
'nsec3_salt_max_length': 15,
'nsec3_salt_min_length': 1,
'signature_expiration': 345600,
'zsk_algorithm': '8',
'zsk_algorithms': [{ 'algorithm': 'RSASHA256', 'size': 1024}],
'zsk_rollover': 2592000,
'zsk_rollover_mechanism': 'PRE_PUBLISH',
'zsk_size': 1024}

Search

The field is not available for search.

dnssec_negative_trust_anchors

dnssec_negative_trust_anchors

A list of zones for which the server does not perform DNSSEC validation.

Type

String array.

Create

The default value is empty.

Search

The field is not available for search.

dnssec_nxdomain_enabled

dnssec_nxdomain_enabled

Determines if the NXDOMAIN rules for DNSSEC-enabled clients are enabled or not.

Type

Bool.

Create

The default value is False.

Search

The field is not available for search.

dnssec_rpz_enabled

dnssec_rpz_enabled

Determines if the RPZ policies for DNSSEC-enabled clients are enabled or not.

Type

Bool.

Create

The default value is False.

Search

The field is not available for search.

dnssec_trusted_keys

dnssec_trusted_keys

The list of trusted keys for the DNSSEC feature.

Type

A/An DNSSEC Trusted Key struct array.

Create

The default value is:

empty

Search

The field is not available for search.

dnssec_validation_enabled

dnssec_validation_enabled

Determines if the DNS security validation is enabled or not.

Type

Bool.

Create

The default value is True.

Search

The field is not available for search.

dnstap_setting

dnstap_setting

The DNSTAP settings.

Type

A/An DNSTAP Setting struct.

Create

The default value is:

  { 'dnstap_identity': 'Infoblox',
'dnstap_receiver_port': 6000,
'dnstap_version': '1.0'}

Search

The field is not available for search.

domains_to_capture_dns_queries

domains_to_capture_dns_queries

The list of domains for DNS query capture.

Type

String array.

Create

The default value is empty.

Search

The field is not available for search.

dtc_dns_queries_specific_behavior

dtc_dns_queries_specific_behavior

Setting to control specific behavior for DTC DNS responses for incoming lbdn matched queries.

Type

String.

Valid values are:
  • DNS_RESPONSE_IF_NO_DTC
  • DROP_LBDN_MATCHED_QUERY
  • DTC_RESPONSE_ANYWAY

Create

The default value is DNS_RESPONSE_IF_NO_DTC.

Search

The field is not available for search.

dtc_dnssec_mode

dtc_dnssec_mode

DTC DNSSEC operation mode.

Type

String.

Valid values are:
  • SIGNED
  • UNSIGNED

Create

The default value is SIGNED.

Search

The field is not available for search.

dtc_edns_prefer_client_subnet

dtc_edns_prefer_client_subnet

Determines whether to prefer the client address from the edns-client-subnet option for DTC or not.

Type

Bool.

Create

The default value is False.

Search

The field is not available for search.

dtc_scheduled_backup

dtc_scheduled_backup

The scheduled backup configuration.

Type

A/An Scheduled backup settings struct.

Create

The default value is:

  { 'backup_frequency': 'WEEKLY',
'backup_type': 'LOCAL',
'discovery_data': True,
'download_keys': False,
'enable': False,
'hour_of_day': 3,
'keep_local_copy': False,
'minutes_past_hour': 0,
'nios_data': True,
'operation': 'NONE',
'restore_type': 'FTP',
'splunk_app_data': True,
'status': 'IDLE',
'upload_keys': False,
'use_keys': False,
'weekday': 'SATURDAY'}

Search

The field is not available for search.

dtc_topology_ea_list

dtc_topology_ea_list

The DTC topology extensible attribute definition list. When configuring a DTC topology, users may configure classification as either “Geographic” or “Extensible Attributes”. Selecting extensible attributes will replace supported Topology database labels (Continent, Country, Subdivision, City) with the names of the selection EA types and provide values extracted from DHCP Network Container, Network and Range objects with those extensible attributes.

Type

String array.

Create

The default value is empty.

Search

The field is not available for search.

edns_udp_size

edns_udp_size

Advertises the EDNS0 buffer size to the upstream server. The value should be between 512 and 4096 bytes. The recommended value is between 512 and 1220 bytes.

Type

Unsigned integer.

Create

The default value is 1220.

Search

The field is not available for search.

email

email

The email address of a Grid DNS object.

Type

String.

Create

The default value is empty.

Search

The field is not available for search.

enable_blackhole

enable_blackhole

Determines if the blocking of DNS queries is enabled or not.

Type

Bool.

Create

The default value is False.

Search

The field is not available for search.

enable_blacklist

enable_blacklist

Determines if a blacklist is enabled or not.

Type

Bool.

Create

The default value is False.

Search

The field is not available for search.

enable_capture_dns_queries

enable_capture_dns_queries

Determines if the capture of DNS queries is enabled or disabled.

Type

Bool.

Create

The default value is False.

Search

The field is not available for search.

enable_capture_dns_responses

enable_capture_dns_responses

Determines if the capture of DNS responses is enabled or disabled.

Type

Bool.

Create

The default value is False.

Search

The field is not available for search.

enable_client_subnet_forwarding

enable_client_subnet_forwarding

Determines whether to enable forwarding EDNS client subnet options to upstream servers.

Type

Bool.

Create

The default value is False.

Search

The field is not available for search.

enable_client_subnet_recursive

enable_client_subnet_recursive

Determines whether to enable adding EDNS client subnet options in recursive resolution.

Type

Bool.

Create

The default value is False.

Search

The field is not available for search.

enable_delete_associated_ptr

enable_delete_associated_ptr

Determines if the ability to automatically remove associated PTR records while deleting A or AAAA records is enabled or not.

Type

Bool.

Create

The default value is False.

Search

The field is not available for search.

enable_dns64

enable_dns64

Determines if the DNS64 support is enabled or not.

Type

Bool.

Create

The default value is False.

Search

The field is not available for search.

enable_dns_health_check

enable_dns_health_check

Determines if the DNS health check is enabled or not.

Type

Bool.

Create

The default value is False.

Search

The field is not available for search.

enable_dnstap_queries

enable_dnstap_queries

Determines whether the query messages need to be forwarded to DNSTAP or not.

Type

Bool.

Create

The default value is False.

Search

The field is not available for search.

enable_dnstap_responses

enable_dnstap_responses

Determines whether the response messages need to be forwarded to DNSTAP or not.

Type

Bool.

Create

The default value is False.

Search

The field is not available for search.

enable_excluded_domain_names

enable_excluded_domain_names

Determines if excluding domain names from captured DNS queries and responses is enabled or disabled.

Type

Bool.

Create

The default value is False.

Search

The field is not available for search.

enable_fixed_rrset_order_fqdns

enable_fixed_rrset_order_fqdns

Determines if the fixed RRset order FQDN is enabled or not.

Type

Bool.

Create

The default value is False.

Search

The field is not available for search.

enable_ftc

enable_ftc

Determines whether Fault Tolerant Caching (FTC) is enabled.

Type

Bool.

Create

The default value is False.

Search

The field is not available for search.

enable_gss_tsig

enable_gss_tsig

Determines whether all appliances in the Grid are enabled to receive GSS-TSIG authenticated updates from DNS clients.

Type

Bool.

Create

The default value is False.

Search

The field is not available for search.

enable_host_rrset_order

enable_host_rrset_order

Determines if the host RRset order is enabled or not.

Type

Bool.

Create

The default value is False.

Search

The field is not available for search.

enable_hsm_signing

enable_hsm_signing

Determines whether Hardware Security Modules (HSMs) are enabled for key generation and signing. Note, that you must configure the HSM group with at least one enabled HSM.

Type

Bool.

Create

The default value is False.

Search

The field is not available for search.

enable_notify_source_port

enable_notify_source_port

Determines if the notify source port at the Grid Level is enabled or not.

Type

Bool.

Create

The default value is False.

Search

The field is not available for search.

enable_query_rewrite

enable_query_rewrite

Determines if the DNS query rewrite is enabled or not.

Type

Bool.

Create

The default value is False.

Search

The field is not available for search.

enable_query_source_port

enable_query_source_port

Determines if the query source port at the Grid Level is enabled or not.

Type

Bool.

Create

The default value is False.

Search

The field is not available for search.

excluded_domain_names

excluded_domain_names

The list of domains that are excluded from DNS query and response capture.

Type

String array.

Create

The default value is empty.

Search

The field is not available for search.

expire_after

expire_after

The expiration time of a Grid DNS object. If the secondary DNS server fails to contact the primary server for the specified interval, the secondary server stops giving out answers about the zone because the zone data is too old to be useful.

Type

Unsigned integer.

Create

The default value is 2419200.

Search

The field is not available for search.

file_transfer_setting

file_transfer_setting

The DNS capture file transfer settings.Include the specified parameter to set the attribute value. Omit the parameter to retrieve the attribute value.

Type

A/An File Transfer Setting struct.

Create

The default value is:

{ 'type': 'FTP'}

Search

The field is not available for search.

filter_aaaa

filter_aaaa

The type of AAAA filtering for this member DNS object.

Type

String.

Valid values are:
  • BREAK_DNSSEC
  • NO
  • YES

Create

The default value is NO.

Search

The field is not available for search.

filter_aaaa_list

filter_aaaa_list

The list of IPv4 addresses and networks from which queries are received. AAAA filtering is applied to these addresses.

Type

A/An Address ac struct array.

Create

The default value is:

empty

Search

The field is not available for search.

fixed_rrset_order_fqdns

fixed_rrset_order_fqdns

The fixed RRset order FQDN. If this field does not contain an empty value, the appliance will automatically set the enable_fixed_rrset_order_fqdns field to ‘true’, unless the same request sets the enable field to ‘false’.

Type

A/An Fixed RRset order FQDN struct array.

Create

The default value is:

empty

Search

The field is not available for search.

forward_only

forward_only

Determines if member sends queries to forwarders only. When the value is “true”, the member sends queries to forwarders only, and not to other internal or Internet root servers.

Type

Bool.

Create

The default value is False.

Search

The field is not available for search.

forward_updates

forward_updates

Determines if secondary servers is allowed to forward updates to the DNS server or not.

Type

Bool.

Create

The default value is False.

Search

The field is not available for search.

forwarders

forwarders

The forwarders for the member. A forwarder is essentially a name server to which other name servers first send all of their off-site queries. The forwarder builds up a cache of information, avoiding the need for the other name servers to send queries off-site.

Type

String array.

Create

The default value is empty.

Search

The field is not available for search.

ftc_expired_record_timeout

ftc_expired_record_timeout

The timeout interval (in seconds) after which the expired Fault Tolerant Caching (FTC)record is stale and no longer valid.

Type

Unsigned integer.

Create

The default value is 86400.

Search

The field is not available for search.

ftc_expired_record_ttl

ftc_expired_record_ttl

The TTL value (in seconds) of the expired Fault Tolerant Caching (FTC) record in DNS responses.

Type

Unsigned integer.

Create

The default value is 5.

Search

The field is not available for search.

gen_eadb_from_hosts

gen_eadb_from_hosts

Flag for taking EA values from IPAM Hosts into consideration for the DTC topology EA database.

Type

Bool.

Create

The default value is True.

Search

The field is not available for search.

gen_eadb_from_network_containers

gen_eadb_from_network_containers

Flag for taking EA values from IPAM Network Containers into consideration for the DTC topology EA database.

Type

Bool.

Create

The default value is True.

Search

The field is not available for search.

gen_eadb_from_networks

gen_eadb_from_networks

Flag for taking EA values from IPAM Network into consideration for the DTC topology EA database.

Type

Bool.

Create

The default value is True.

Search

The field is not available for search.

gen_eadb_from_ranges

gen_eadb_from_ranges

Flag for taking EA values from IPAM Ranges into consideration for the DTC topology EA database.

Type

Bool.

Create

The default value is True.

Search

The field is not available for search.

gss_tsig_keys

gss_tsig_keys

The list of GSS-TSIG keys for a Grid DNS object.

Type

A/An kerberoskey object array.

This field supports nested return fields as described here.

Create

The default value is empty.

Search

The field is not available for search.

last_queried_acl

last_queried_acl

Determines last queried ACL for the specified IPv4 or IPv6 addresses and networks in scavenging settings.

Type

A/An Address ac struct array.

Create

The default value is:

empty

Search

The field is not available for search.

logging_categories

logging_categories

The logging categories.

Type

A/An Grid logging setting information struct.

Create

The default value is:

  { 'log_client': True,
'log_config': True,
'log_database': True,
'log_dnssec': True,
'log_dtc_gslb': False,
'log_dtc_health': False,
'log_general': True,
'log_lame_servers': True,
'log_network': True,
'log_notify': True,
'log_queries': False,
'log_query_rewrite': False,
'log_rate_limit': True,
'log_resolver': True,
'log_responses': False,
'log_rpz': False,
'log_security': True,
'log_update': True,
'log_update_security': True,
'log_xfer_in': True,
'log_xfer_out': True}

Search

The field is not available for search.

max_cache_ttl

max_cache_ttl

The maximum time (in seconds) for which the server will cache positive answers.

Type

Unsigned integer.

Create

The default value is 604800.

Search

The field is not available for search.

max_cached_lifetime

max_cached_lifetime

The maximum time (in seconds) a DNS response can be stored in the hardware acceleration cache.

Valid values are unsigned integer between 60 and 86400, inclusive.

Type

Unsigned integer.

Create

The default value is 86400.

Search

The field is not available for search.

max_ncache_ttl

max_ncache_ttl

The maximum time (in seconds) for which the server will cache negative (NXDOMAIN) responses.

The maximum allowed value is 604800.

Type

Unsigned integer.

Create

The default value is 10800.

Search

The field is not available for search.

max_udp_size

max_udp_size

The value is used by authoritative DNS servers to never send DNS responses larger than the configured value. The value should be between 512 and 4096 bytes. The recommended value is between 512 and 1220 bytes.

Type

Unsigned integer.

Create

The default value is 1220.

Search

The field is not available for search.

member_secondary_notify

member_secondary_notify

Determines if Grid members that are authoritative secondary servers are allowed to send notification messages to external name servers, if the Grid member that is primary for a zone fails or loses connectivity.

Type

Bool.

Create

The default value is True.

Search

The field is not available for search.

negative_ttl

negative_ttl

The negative TTL value of a Grid DNS object. This interval tells the secondary how long data can be cached for “Does Not Respond” responses.

Type

Unsigned integer.

Create

The default value is 900.

Search

The field is not available for search.

notify_delay

notify_delay

Specifies with how many seconds of delay the notify messages are sent to secondaries.

Type

Unsigned integer.

Create

The default value is 5.

Search

The field is not available for search.

notify_source_port

notify_source_port

The source port for notify messages. When requesting zone transfers from the primary server, some secondary DNS servers use the source port number (the primary server used to send the notify message) as the destination port number in the zone transfer request.

Valid values are between 1 and 63999. The default is picked by BIND.

Type

Unsigned integer.

Create

The default value is empty.

Search

The field is not available for search.

nsgroup_default

nsgroup_default

The default nameserver group.

Type

String.

Create

The default value is undefined.

Search

The field is not available for search.

nsgroups

nsgroups

A name server group is a collection of one primary DNS server and one or more secondary DNS servers.

Type

String array.

Create

The default value is empty.

Search

The field is not available for search.

nxdomain_log_query

nxdomain_log_query

Determines if NXDOMAIN redirection queries are logged or not.

Type

Bool.

Create

The default value is False.

Search

The field is not available for search.

nxdomain_redirect

nxdomain_redirect

Determines if NXDOMAIN redirection is enabled or not.

Type

Bool.

Create

The default value is False.

Search

The field is not available for search.

nxdomain_redirect_addresses

nxdomain_redirect_addresses

The list of IPv4 NXDOMAIN redirection addresses.

Type

String array.

Create

The default value is empty.

Search

The field is not available for search.

nxdomain_redirect_addresses_v6

nxdomain_redirect_addresses_v6

The list of IPv6 NXDOMAIN redirection addresses.

Type

String array.

Create

The default value is empty.

Search

The field is not available for search.

nxdomain_redirect_ttl

nxdomain_redirect_ttl

The TTL value (in seconds) of synthetic DNS responses that result from NXDOMAIN redirection.

Type

Unsigned integer.

Create

The default value is 60.

Search

The field is not available for search.

nxdomain_rulesets

nxdomain_rulesets

The Ruleset object names assigned at the Grid level for NXDOMAIN redirection.

Type

String array.

Create

The default value is empty.

Search

The field is not available for search.

preserve_host_rrset_order_on_secondaries

preserve_host_rrset_order_on_secondaries

Determines if the host RRset order on secondaries is preserved or not.

Type

Bool.

Create

The default value is False.

Search

The field is not available for search.

protocol_record_name_policies

protocol_record_name_policies

The list of record name policies.

Type

A/An recordnamepolicy object array.

This field supports nested return fields as described here.

Create

The default value is [{‘regex’: ‘^[a-zA-Z0-9]$|^[a-zA-Z0-9][-a-zA-Z0-9.]*[a-zA-Z0-9]$’, ‘is_default’: False, ‘name’: ‘Strict Hostname Checking’}, {‘regex’: ‘^[-a-zA-Z0-9_.]+$’, ‘is_default’: True, ‘name’: ‘Allow Underscore’}, {‘regex’: ‘.+’, ‘is_default’: False, ‘name’: ‘Allow Any’}].

Search

The field is not available for search.

query_rewrite_domain_names

query_rewrite_domain_names

The list of domain names that trigger DNS query rewrite.

Type

String array.

Create

The default value is empty.

Search

The field is not available for search.

query_rewrite_prefix

query_rewrite_prefix

The domain name prefix for DNS query rewrite.

Type

String.

Create

The default value is empty.

Search

The field is not available for search.

query_source_port

query_source_port

The source port for queries. Specifying a source port number for recursive queries ensures that a firewall will allow the response.

Valid values are between 1 and 63999. The default is picked by BIND.

Type

Unsigned integer.

Create

The default value is empty.

Search

The field is not available for search.

recursive_query_list

recursive_query_list

The list of IPv4 or IPv6 addresses, networks or hosts authenticated by Transaction signature (TSIG) key from which recursive queries are allowed or denied.

Type

A/An Address ac struct array.

Create

The default value is:

empty

Search

The field is not available for search.

refresh_timer

refresh_timer

The refresh time. This interval tells the secondary how often to send a message to the primary for a zone to check that its data is current, and retrieve fresh data if it is not.

Type

Unsigned integer.

Create

The default value is 10800.

Search

The field is not available for search.

resolver_query_timeout

resolver_query_timeout

The recursive query timeout for the member.

Type

Unsigned integer.

Create

The default value is 0.

Search

The field is not available for search.

response_rate_limiting

response_rate_limiting

The response rate limiting settings for the member.

Type

A/An DNS Response Rate Limiting struct.

Create

The default value is:

  { 'enable_rrl': False,
'log_only': False,
'responses_per_second': 100,
'slip': 2,
'window': 15}

Search

The field is not available for search.

restart_setting

restart_setting

The restart setting.

Type

A/An Restart Setting struct.

Create

The default value is:

{ 'delay': 10, 'restart_offline': True, 'timeout': 60}

Search

The field is not available for search.

retry_timer

retry_timer

The retry time. This interval tells the secondary how long to wait before attempting to recontact the primary after a connection failure occurs between the two servers.

Type

Unsigned integer.

Create

The default value is 3600.

Search

The field is not available for search.

root_name_server_type

root_name_server_type

Determines the type of root name servers.

Type

String.

Valid values are:
  • CUSTOM
  • INTERNET

Create

The default value is INTERNET.

Search

The field is not available for search.

rpz_disable_nsdname_nsip

rpz_disable_nsdname_nsip

Determines if NSDNAME and NSIP resource records from RPZ feeds are enabled or not.

Type

Bool.

Create

The default value is False.

Search

The field is not available for search.

rpz_drop_ip_rule_enabled

rpz_drop_ip_rule_enabled

Enables the appliance to ignore RPZ-IP triggers with prefix lengths less than the specified minimum prefix length.

Type

Bool.

Create

The default value is False.

Search

The field is not available for search.

rpz_drop_ip_rule_min_prefix_length_ipv4

rpz_drop_ip_rule_min_prefix_length_ipv4

The minimum prefix length for IPv4 RPZ-IP triggers. The appliance ignores RPZ-IP triggers with prefix lengths less than the specified minimum IPv4 prefix length.

Type

Unsigned integer.

Create

The default value is 29.

Search

The field is not available for search.

rpz_drop_ip_rule_min_prefix_length_ipv6

rpz_drop_ip_rule_min_prefix_length_ipv6

The minimum prefix length for IPv6 RPZ-IP triggers. The appliance ignores RPZ-IP triggers with prefix lengths less than the specified minimum IPv6 prefix length.

Type

Unsigned integer.

Create

The default value is 112.

Search

The field is not available for search.

rpz_qname_wait_recurse

rpz_qname_wait_recurse

Determines if recursive RPZ lookups are enabled.

Type

Bool.

Create

The default value is False.

Search

The field is not available for search.

scavenging_settings

scavenging_settings

The Grid level scavenging settings.

Type

A/An DNS scavenging settings struct.

Create

The default value is:

  { 'ea_expression_list': [],
'enable_auto_reclamation': False,
'enable_recurrent_scavenging': False,
'enable_rr_last_queried': False,
'enable_scavenging': False,
'enable_zone_last_queried': False,
'expression_list': [],
'reclaim_associated_records': False}

Search

The field is not available for search.

serial_query_rate

serial_query_rate

The number of maximum concurrent SOA queries per second.

Valid values are unsigned integer between 20 and 1000, inclusive.

Type

Unsigned integer.

Create

The default value is 20.

Search

The field is not available for search.

server_id_directive

server_id_directive

The value of the server-id directive for BIND and Unbound DNS.

Type

String.

Valid values are:
  • HOSTNAME
  • NONE

Create

The default value is NONE.

Search

The field is not available for search.

sortlist

sortlist

A sort list determines the order of addresses in responses made to DNS queries.

Type

A/An DNS Sortlist struct array.

Create

The default value is:

empty

Search

The field is not available for search.

store_locally

store_locally

Determines if the storage of query capture reports on the appliance is enabled or disabled.

Type

Bool.

Create

The default value is False.

Search

The field is not available for search.

syslog_facility

syslog_facility

The syslog facility. This is the location on the syslog server to which you want to sort the DNS logging messages.

Type

String.

Valid values are:
  • DAEMON
  • LOCAL0
  • LOCAL1
  • LOCAL2
  • LOCAL3
  • LOCAL4
  • LOCAL5
  • LOCAL6
  • LOCAL7

Create

The default value is DAEMON.

Search

The field is not available for search.

transfer_excluded_servers

transfer_excluded_servers

The list of excluded DNS servers during zone transfers.

Type

String array.

Create

The default value is empty.

Search

The field is not available for search.

transfer_format

transfer_format

The BIND format for a zone transfer. This provides tracking capabilities for single or multiple transfers and their associated servers.

Type

String.

Valid values are:
  • MANY_ANSWERS
  • ONE_ANSWER

Create

The default value is MANY_ANSWERS.

Search

The field is not available for search.

transfers_in

transfers_in

The number of maximum concurrent transfers for the Grid.

Valid values are unsigned integer between 10 and 10000, inclusive.

Type

Unsigned integer.

Create

The default value is 10.

Search

The field is not available for search.

transfers_out

transfers_out

The number of maximum outbound concurrent zone transfers.

Valid values are unsigned integer between 10 and 10000, inclusive.

Type

Unsigned integer.

Create

The default value is 10.

Search

The field is not available for search.

transfers_per_ns

transfers_per_ns

The number of maximum concurrent transfers per member.

Valid values are unsigned integer between 2 and 10000, inclusive.

Type

Unsigned integer.

Create

The default value is 2.

Search

The field is not available for search.

zone_deletion_double_confirm

zone_deletion_double_confirm

Determines if the double confirmation during zone deletion is enabled or not.

Type

Bool.

Create

The default value is True.

Search

The field is not available for search.

Function Calls

run_scavenging

This function performs the scavenging of the DNS Records.

This function does not support multiple object matches when called as part of an atomic insertion operation.

Input fields

action ( String. Valid values are: “ANALYZE”, “RECLAIM”, “ANALYZE_RECLAIM”, “RESET” ). This parameter is mandatory. The scavenging action to perform.

Output fields

None

Fields List

Field Type Req R/O Base Search
add_client_ip_mac_options Bool N N N N/A
allow_bulkhost_ddns String N N N N/A
allow_gss_tsig_zone_updates Bool N N N N/A
allow_query [struct] N N N N/A
allow_recursive_query Bool N N N N/A
allow_transfer [struct] N N N N/A
allow_update [struct] N N N N/A
anonymize_response_logging Bool N N N N/A
attack_mitigation struct N N N N/A
auto_blackhole struct N N N N/A
bind_check_names_policy String N N N N/A
bind_hostname_directive String N N N N/A
blackhole_list [struct] N N N N/A
blacklist_action String N N N N/A
blacklist_log_query Bool N N N N/A
blacklist_redirect_addresses [String] N N N N/A
blacklist_redirect_ttl Unsigned int N N N N/A
blacklist_rulesets [String] N N N N/A
bulk_host_name_templates [obj] N N N N/A
capture_dns_queries_on_all_domains Bool N N N N/A
check_names_for_ddns_and_zone_transfer Bool N N N N/A
client_subnet_domains [struct] N N N N/A
client_subnet_ipv4_prefix_length Unsigned int N N N N/A
client_subnet_ipv6_prefix_length Unsigned int N N N N/A
copy_client_ip_mac_options Bool N N N N/A
copy_xfer_to_notify Bool N N N N/A
custom_root_name_servers [struct] N N N N/A
ddns_force_creation_timestamp_update Bool N N N N/A
ddns_principal_group String N N N N/A
ddns_principal_tracking Bool N N N N/A
ddns_restrict_patterns Bool N N N N/A
ddns_restrict_patterns_list [String] N N N N/A
ddns_restrict_protected Bool N N N N/A
ddns_restrict_secure Bool N N N N/A
ddns_restrict_static Bool N N N N/A
default_bulk_host_name_template String N N N N/A
default_ttl Unsigned int N N N N/A
disable_edns Bool N N N N/A
dns64_groups [String] N N N N/A
dns_cache_acceleration_ttl Unsigned int N N N N/A
dns_health_check_anycast_control Bool N N N N/A
dns_health_check_domain_list [String] N N N N/A
dns_health_check_interval Unsigned int N N N N/A
dns_health_check_recursion_flag Bool N N N N/A
dns_health_check_retries Unsigned int N N N N/A
dns_health_check_timeout Unsigned int N N N N/A
dns_query_capture_file_time_limit Unsigned int N N N N/A
dnssec_blacklist_enabled Bool N N N N/A
dnssec_dns64_enabled Bool N N N N/A
dnssec_enabled Bool N N N N/A
dnssec_expired_signatures_enabled Bool N N N N/A
dnssec_key_params struct N N N N/A
dnssec_negative_trust_anchors [String] N N N N/A
dnssec_nxdomain_enabled Bool N N N N/A
dnssec_rpz_enabled Bool N N N N/A
dnssec_trusted_keys [struct] N N N N/A
dnssec_validation_enabled Bool N N N N/A
dnstap_setting struct N N N N/A
domains_to_capture_dns_queries [String] N N N N/A
dtc_dns_queries_specific_behavior String N N N N/A
dtc_dnssec_mode String N N N N/A
dtc_edns_prefer_client_subnet Bool N N N N/A
dtc_scheduled_backup struct N N N N/A
dtc_topology_ea_list [String] N N N N/A
edns_udp_size Unsigned int N N N N/A
email String N N N N/A
enable_blackhole Bool N N N N/A
enable_blacklist Bool N N N N/A
enable_capture_dns_queries Bool N N N N/A
enable_capture_dns_responses Bool N N N N/A
enable_client_subnet_forwarding Bool N N N N/A
enable_client_subnet_recursive Bool N N N N/A
enable_delete_associated_ptr Bool N N N N/A
enable_dns64 Bool N N N N/A
enable_dns_health_check Bool N N N N/A
enable_dnstap_queries Bool N N N N/A
enable_dnstap_responses Bool N N N N/A
enable_excluded_domain_names Bool N N N N/A
enable_fixed_rrset_order_fqdns Bool N N N N/A
enable_ftc Bool N N N N/A
enable_gss_tsig Bool N N N N/A
enable_host_rrset_order Bool N N N N/A
enable_hsm_signing Bool N N N N/A
enable_notify_source_port Bool N N N N/A
enable_query_rewrite Bool N N N N/A
enable_query_source_port Bool N N N N/A
excluded_domain_names [String] N N N N/A
expire_after Unsigned int N N N N/A
file_transfer_setting struct N N N N/A
filter_aaaa String N N N N/A
filter_aaaa_list [struct] N N N N/A
fixed_rrset_order_fqdns [struct] N N N N/A
forward_only Bool N N N N/A
forward_updates Bool N N N N/A
forwarders [String] N N N N/A
ftc_expired_record_timeout Unsigned int N N N N/A
ftc_expired_record_ttl Unsigned int N N N N/A
gen_eadb_from_hosts Bool N N N N/A
gen_eadb_from_network_containers Bool N N N N/A
gen_eadb_from_networks Bool N N N N/A
gen_eadb_from_ranges Bool N N N N/A
gss_tsig_keys [obj] N N N N/A
last_queried_acl [struct] N N N N/A
logging_categories struct N N N N/A
max_cache_ttl Unsigned int N N N N/A
max_cached_lifetime Unsigned int N N N N/A
max_ncache_ttl Unsigned int N N N N/A
max_udp_size Unsigned int N N N N/A
member_secondary_notify Bool N N N N/A
negative_ttl Unsigned int N N N N/A
notify_delay Unsigned int N N N N/A
notify_source_port Unsigned int N N N N/A
nsgroup_default String N N N N/A
nsgroups [String] N N N N/A
nxdomain_log_query Bool N N N N/A
nxdomain_redirect Bool N N N N/A
nxdomain_redirect_addresses [String] N N N N/A
nxdomain_redirect_addresses_v6 [String] N N N N/A
nxdomain_redirect_ttl Unsigned int N N N N/A
nxdomain_rulesets [String] N N N N/A
preserve_host_rrset_order_on_secondaries Bool N N N N/A
protocol_record_name_policies [obj] N N N N/A
query_rewrite_domain_names [String] N N N N/A
query_rewrite_prefix String N N N N/A
query_source_port Unsigned int N N N N/A
recursive_query_list [struct] N N N N/A
refresh_timer Unsigned int N N N N/A
resolver_query_timeout Unsigned int N N N N/A
response_rate_limiting struct N N N N/A
restart_setting struct N N N N/A
retry_timer Unsigned int N N N N/A
root_name_server_type String N N N N/A
rpz_disable_nsdname_nsip Bool N N N N/A
rpz_drop_ip_rule_enabled Bool N N N N/A
rpz_drop_ip_rule_min_prefix_length_ipv4 Unsigned int N N N N/A
rpz_drop_ip_rule_min_prefix_length_ipv6 Unsigned int N N N N/A
rpz_qname_wait_recurse Bool N N N N/A
scavenging_settings struct N N N N/A
serial_query_rate Unsigned int N N N N/A
server_id_directive String N N N N/A
sortlist [struct] N N N N/A
store_locally Bool N N N N/A
syslog_facility String N N N N/A
transfer_excluded_servers [String] N N N N/A
transfer_format String N N N N/A
transfers_in Unsigned int N N N N/A
transfers_out Unsigned int N N N N/A
transfers_per_ns Unsigned int N N N N/A
zone_deletion_double_confirm Bool N N N N/A

Table Of Contents

Previous topic

grid:dhcpproperties : Grid DHCP properties object.

Next topic

grid:filedistribution : Grid file distribution object.