This object supports DNS service management and configuration such as time-to-live (TTL) settings, zone transfers, queries, root name servers, dynamic updates, sort lists, Transaction Signatures (TSIG) for DNS and others, all at the grid level. The service configurations of a grid are inherited by all members, zones, and networks unless you specifically override them for selected members, zones, and networks. For this reason, it is recommended that you configure services at the grid level before configuring member, zone and network services.
References to grid:dns are object references. The name part of a Grid DNS properties object reference has the following components:
Example: grid:dns/ZG5zLm5ldHdvcmtfdmlldyQxMTk:Infoblox
The object does not support the following operations:
The object cannot be managed on Cloud Platform members.
These fields are actual members of the object; thus, they can be requested by using _return_fields, if the fields are readable.
Add custom IP, MAC and DNS View name ENDS0 options to outgoing recursive queries.
Type
Bool.
Create
The default value is False.
Search
The field is not available for search.
Determines if DDNS bulk host is allowed or not.
Type
String.
Create
The default value is REFUSAL.
Search
The field is not available for search.
Determines whether GSS-TSIG zone update is enabled for all Grid members.
Type
Bool.
Create
The default value is False.
Search
The field is not available for search.
Determines if queries from the specified IPv4 or IPv6 addresses and networks are allowed or not. The appliance can also use Transaction Signature (TSIG) keys to authenticate the queries.
Type
One of the following: Address ac struct, TSIG ac struct array.
Create
The default value is:
empty
Search
The field is not available for search.
Determines if the responses to recursive queries are enabled or not.
Type
Bool.
Create
The default value is False.
Search
The field is not available for search.
Determines if zone transfers from specified IPv4 or IPv6 addresses and networks or transfers from hosts authenticated by Transaction signature (TSIG) key are allowed or not.
Type
One of the following: Address ac struct, TSIG ac struct array.
Create
The default value is:
empty
Search
The field is not available for search.
Determines if dynamic updates from specified IPv4 or IPv6 addresses, networks or from host authenticated by TSIG key are allowed or not.
Type
One of the following: Address ac struct, TSIG ac struct array.
Create
The default value is:
empty
Search
The field is not available for search.
Determines if the anonymization of captured DNS responses is enabled or disabled.
Type
Bool.
Create
The default value is False.
Search
The field is not available for search.
Mitigation settings for DNS attacks.
Type
A/An DNS Attack Mitigation object struct.
Create
The default value is:
{ 'detect_chr': { 'enable': True,
'high': 80,
'interval_max': 100000,
'interval_min': 1000,
'interval_time': 10,
'low': 70},
'detect_chr_grace': 75,
'detect_nxdomain_responses': { 'enable': True,
'high': 80,
'interval_max': 100000,
'interval_min': 1000,
'interval_time': 10,
'low': 70},
'detect_udp_drop': { 'enable': True,
'high': 30,
'interval_min': 1000,
'interval_time': 10,
'low': 20},
'interval': 10,
'mitigate_nxdomain_lru': False}
Search
The field is not available for search.
The auto blackhole settings.
Type
A/An DNS Auto Blackhole settings struct.
Create
The default value is:
{ 'enable_fetches_per_server': False,
'enable_fetches_per_zone': False,
'enable_holddown': False,
'fetches_per_server': 500,
'fetches_per_zone': 200,
'fps_freq': 200,
'holddown': 60,
'holddown_threshold': 5,
'holddown_timeout': 1000}
Search
The field is not available for search.
The BIND check names policy, which indicates the action the appliance takes when it encounters host names that do not comply with the Strict Hostname Checking policy. This method applies only if the host name restriction policy is set to “Strict Hostname Checking”.
Type
String.
Create
The default value is WARN.
Search
The field is not available for search.
The value of the hostname directive for BIND.
Type
String.
Create
The default value is NONE.
Search
The field is not available for search.
The list of IPv4 or IPv6 addresses and networks from which DNS queries are blocked.
Type
One of the following: Address ac struct, TSIG ac struct array.
Create
The default value is:
empty
Search
The field is not available for search.
The action to perform when a domain name matches the pattern defined in a rule that is specified by the blacklist ruleset.
Type
String.
Create
The default value is REDIRECT.
Search
The field is not available for search.
Determines if blacklist redirection queries are logged or not.
Type
Bool.
Create
The default value is False.
Search
The field is not available for search.
The IP addresses the appliance includes in the response it sends in place of a blacklisted IP address.
Type
String array.
Create
The default value is empty.
Search
The field is not available for search.
The TTL value (in seconds) of the synthetic DNS responses that result from blacklist redirection.
Type
Unsigned integer.
Create
The default value is 60.
Search
The field is not available for search.
The DNS Ruleset object names assigned at the Grid level for blacklist redirection.
Type
String array.
Create
The default value is empty.
Search
The field is not available for search.
The list of bulk host name templates. There are four Infoblox predefined bulk host name templates. Template Name Template Format “Four Octets” -$1-$2-$3-$4 “Three Octets” -$2-$3-$4 “Two Octets” -$3-$4 “One Octet” -$4
Type
A/An bulkhostnametemplate object array.
This field supports nested return fields as described here.
Create
The default value is [{‘template_name’: ‘Four Octets’, ‘is_grid_default’: True, ‘template_format’: ‘-$1-$2-$3-$4’}, {‘template_name’: ‘Three Octets’, ‘is_grid_default’: False, ‘template_format’: ‘-$2-$3-$4’}, {‘template_name’: ‘Two Octets’, ‘is_grid_default’: False, ‘template_format’: ‘-$3-$4’}, {‘template_name’: ‘One Octet’, ‘is_grid_default’: False, ‘template_format’: ‘-$4’}].
Search
The field is not available for search.
Determines if the capture of DNS queries for all domains is enabled or disabled.
Type
Bool.
Create
The default value is False.
Search
The field is not available for search.
Determines whether the application of BIND check-names for zone transfers and DDNS updates are enabled.
Type
Bool.
Create
The default value is False.
Search
The field is not available for search.
The list of zone domain names that are allowed or forbidden for EDNS client subnet (ECS) recursion.
Type
A/An The client subnet domain structure struct array.
Create
The default value is:
empty
Search
The field is not available for search.
Default IPv4 Source Prefix-Length used when sending queries with EDNS client subnet option.
Type
Unsigned integer.
Create
The default value is 24.
Search
The field is not available for search.
Default IPv6 Source Prefix-Length used when sending queries with EDNS client subnet option.
Type
Unsigned integer.
Create
The default value is 56.
Search
The field is not available for search.
Copy custom IP, MAC and DNS View name ENDS0 options from incoming to outgoing recursive queries.
Type
Bool.
Create
The default value is False.
Search
The field is not available for search.
The allowed IPs, from the zone transfer list, added to the also-notify statement in the named.conf file.
Type
Bool.
Create
The default value is False.
Search
The field is not available for search.
The list of customized root nameserver(s). You can use Internet root name servers or specify host names and IP addresses of custom root name servers.
Type
A/An External Server struct array.
Create
The default value is:
empty
Search
The field is not available for search.
Defines whether creation timestamp of RR should be updated ‘ when DDNS update happens even if there is no change to ‘ the RR.
Type
Bool.
Create
The default value is False.
Search
The field is not available for search.
The DDNS Principal cluster group name.
Type
String.
Create
The default value is empty.
Search
The field is not available for search.
Determines if the DDNS principal track is enabled or disabled.
Type
Bool.
Create
The default value is False.
Search
The field is not available for search.
Determines if an option to restrict DDNS update request based on FQDN patterns is enabled or disabled.
Type
Bool.
Create
The default value is False.
Search
The field is not available for search.
The unordered list of restriction patterns for an option of to restrict DDNS updates based on FQDN patterns.
Type
String array.
Create
The default value is empty.
Search
The field is not available for search.
Determines if an option to restrict DDNS update request to protected resource records is enabled or disabled.
Type
Bool.
Create
The default value is False.
Search
The field is not available for search.
Determines if DDNS update request for principal other than target resource record’s principal is restricted.
Type
Bool.
Create
The default value is False.
Search
The field is not available for search.
Determines if an option to restrict DDNS update request to resource records which are marked as ‘STATIC’ is enabled or disabled.
Type
Bool.
Create
The default value is False.
Search
The field is not available for search.
Default bulk host name of a Grid DNS.
Type
String.
Create
The default value is Four Octets.
Search
The field is not available for search.
The default TTL value of a Grid DNS object. This interval tells the secondary how long the data can be cached.
Type
Unsigned integer.
Create
The default value is 28800.
Search
The field is not available for search.
Determines if the EDNS0 support for queries that require recursive resolution on Grid members is enabled or not.
Type
Bool.
Create
The default value is False.
Search
The field is not available for search.
The list of DNS64 synthesis groups associated with this Grid DNS object.
Type
String array.
Create
The default value is empty.
Search
The field is not available for search.
The minimum TTL value, in seconds, that a DNS record must have in order for it to be cached by the DNS Cache Acceleration service.
An integer from 1 to 65000 that represents the TTL in seconds.
Type
Unsigned integer.
Create
The default value is 1.
Search
The field is not available for search.
Determines if the anycast failure (BFD session down) is enabled on member failure or not.
Type
Bool.
Create
The default value is False.
Search
The field is not available for search.
The list of domain names for the DNS health check.
Type
String array.
Create
The default value is empty.
Search
The field is not available for search.
The time interval (in seconds) for DNS health check.
Type
Unsigned integer.
Create
The default value is 30.
Search
The field is not available for search.
Determines if the recursive DNS health check is enabled or not.
Type
Bool.
Create
The default value is False.
Search
The field is not available for search.
The number of DNS health check retries.
Type
Unsigned integer.
Create
The default value is 3.
Search
The field is not available for search.
The DNS health check timeout interval (in seconds).
Type
Unsigned integer.
Create
The default value is 3.
Search
The field is not available for search.
The time limit (in minutes) for the DNS query capture file.
Type
Unsigned integer.
Create
The default value is 10.
Search
The field is not available for search.
Determines if the blacklist rules for DNSSEC-enabled clients are enabled or not.
Type
Bool.
Create
The default value is False.
Search
The field is not available for search.
Determines if the DNS64 groups for DNSSEC-enabled clients are enabled or not.
Type
Bool.
Create
The default value is False.
Search
The field is not available for search.
Determines if the DNS security extension is enabled or not.
Type
Bool.
Create
The default value is True.
Search
The field is not available for search.
Determines when the DNS member accepts expired signatures.
Type
Bool.
Create
The default value is False.
Search
The field is not available for search.
This structure contains the DNSSEC key parameters for this zone.
Type
A/An DNSSEC Key parameters struct.
Create
The default value is:
{ 'enable_ksk_auto_rollover': True,
'ksk_algorithm': '8',
'ksk_algorithms': [{ 'algorithm': 'RSASHA256', 'size': 2048}],
'ksk_email_notification_enabled': False,
'ksk_rollover': 31536000,
'ksk_rollover_notification_config': 'REQUIRE_MANUAL_INTERVENTION',
'ksk_size': 2048,
'ksk_snmp_notification_enabled': True,
'next_secure_type': 'NSEC3',
'nsec3_iterations': 10,
'nsec3_salt_max_length': 15,
'nsec3_salt_min_length': 1,
'signature_expiration': 345600,
'zsk_algorithm': '8',
'zsk_algorithms': [{ 'algorithm': 'RSASHA256', 'size': 1024}],
'zsk_rollover': 2592000,
'zsk_rollover_mechanism': 'PRE_PUBLISH',
'zsk_size': 1024}
Search
The field is not available for search.
A list of zones for which the server does not perform DNSSEC validation.
Type
String array.
Create
The default value is empty.
Search
The field is not available for search.
Determines if the NXDOMAIN rules for DNSSEC-enabled clients are enabled or not.
Type
Bool.
Create
The default value is False.
Search
The field is not available for search.
Determines if the RPZ policies for DNSSEC-enabled clients are enabled or not.
Type
Bool.
Create
The default value is False.
Search
The field is not available for search.
The list of trusted keys for the DNSSEC feature.
Type
A/An DNSSEC Trusted Key struct array.
Create
The default value is:
empty
Search
The field is not available for search.
Determines if the DNS security validation is enabled or not.
Type
Bool.
Create
The default value is True.
Search
The field is not available for search.
The DNSTAP settings.
Type
A/An DNSTAP Setting struct.
Create
The default value is:
{ 'dnstap_identity': 'Infoblox',
'dnstap_receiver_port': 6000,
'dnstap_version': '1.0'}
Search
The field is not available for search.
The list of domains for DNS query capture.
Type
String array.
Create
The default value is empty.
Search
The field is not available for search.
Setting to control specific behavior for DTC DNS responses for incoming lbdn matched queries.
Type
String.
Create
The default value is DNS_RESPONSE_IF_NO_DTC.
Search
The field is not available for search.
DTC DNSSEC operation mode.
Type
String.
Create
The default value is SIGNED.
Search
The field is not available for search.
Determines whether to prefer the client address from the edns-client-subnet option for DTC or not.
Type
Bool.
Create
The default value is False.
Search
The field is not available for search.
The scheduled backup configuration.
Type
A/An Scheduled backup settings struct.
Create
The default value is:
{ 'backup_frequency': 'WEEKLY',
'backup_type': 'LOCAL',
'discovery_data': True,
'download_keys': False,
'enable': False,
'hour_of_day': 3,
'keep_local_copy': False,
'minutes_past_hour': 0,
'nios_data': True,
'operation': 'NONE',
'restore_type': 'FTP',
'splunk_app_data': True,
'status': 'IDLE',
'upload_keys': False,
'use_keys': False,
'weekday': 'SATURDAY'}
Search
The field is not available for search.
The DTC topology extensible attribute definition list. When configuring a DTC topology, users may configure classification as either “Geographic” or “Extensible Attributes”. Selecting extensible attributes will replace supported Topology database labels (Continent, Country, Subdivision, City) with the names of the selection EA types and provide values extracted from DHCP Network Container, Network and Range objects with those extensible attributes.
Type
String array.
Create
The default value is empty.
Search
The field is not available for search.
Advertises the EDNS0 buffer size to the upstream server. The value should be between 512 and 4096 bytes. The recommended value is between 512 and 1220 bytes.
Type
Unsigned integer.
Create
The default value is 1220.
Search
The field is not available for search.
The email address of a Grid DNS object.
Type
String.
Create
The default value is empty.
Search
The field is not available for search.
Determines if the blocking of DNS queries is enabled or not.
Type
Bool.
Create
The default value is False.
Search
The field is not available for search.
Determines if a blacklist is enabled or not.
Type
Bool.
Create
The default value is False.
Search
The field is not available for search.
Determines if the capture of DNS queries is enabled or disabled.
Type
Bool.
Create
The default value is False.
Search
The field is not available for search.
Determines if the capture of DNS responses is enabled or disabled.
Type
Bool.
Create
The default value is False.
Search
The field is not available for search.
Determines whether to enable forwarding EDNS client subnet options to upstream servers.
Type
Bool.
Create
The default value is False.
Search
The field is not available for search.
Determines whether to enable adding EDNS client subnet options in recursive resolution.
Type
Bool.
Create
The default value is False.
Search
The field is not available for search.
Determines if the ability to automatically remove associated PTR records while deleting A or AAAA records is enabled or not.
Type
Bool.
Create
The default value is False.
Search
The field is not available for search.
Determines if the DNS64 support is enabled or not.
Type
Bool.
Create
The default value is False.
Search
The field is not available for search.
Determines if the DNS health check is enabled or not.
Type
Bool.
Create
The default value is False.
Search
The field is not available for search.
Determines whether the query messages need to be forwarded to DNSTAP or not.
Type
Bool.
Create
The default value is False.
Search
The field is not available for search.
Determines whether the response messages need to be forwarded to DNSTAP or not.
Type
Bool.
Create
The default value is False.
Search
The field is not available for search.
Determines if excluding domain names from captured DNS queries and responses is enabled or disabled.
Type
Bool.
Create
The default value is False.
Search
The field is not available for search.
Determines if the fixed RRset order FQDN is enabled or not.
Type
Bool.
Create
The default value is False.
Search
The field is not available for search.
Determines whether Fault Tolerant Caching (FTC) is enabled.
Type
Bool.
Create
The default value is False.
Search
The field is not available for search.
Determines whether all appliances in the Grid are enabled to receive GSS-TSIG authenticated updates from DNS clients.
Type
Bool.
Create
The default value is False.
Search
The field is not available for search.
Determines if the host RRset order is enabled or not.
Type
Bool.
Create
The default value is False.
Search
The field is not available for search.
Determines whether Hardware Security Modules (HSMs) are enabled for key generation and signing. Note, that you must configure the HSM group with at least one enabled HSM.
Type
Bool.
Create
The default value is False.
Search
The field is not available for search.
Determines if the notify source port at the Grid Level is enabled or not.
Type
Bool.
Create
The default value is False.
Search
The field is not available for search.
Determines if the DNS query rewrite is enabled or not.
Type
Bool.
Create
The default value is False.
Search
The field is not available for search.
Determines if the query source port at the Grid Level is enabled or not.
Type
Bool.
Create
The default value is False.
Search
The field is not available for search.
The list of domains that are excluded from DNS query and response capture.
Type
String array.
Create
The default value is empty.
Search
The field is not available for search.
The expiration time of a Grid DNS object. If the secondary DNS server fails to contact the primary server for the specified interval, the secondary server stops giving out answers about the zone because the zone data is too old to be useful.
Type
Unsigned integer.
Create
The default value is 2419200.
Search
The field is not available for search.
The DNS capture file transfer settings.Include the specified parameter to set the attribute value. Omit the parameter to retrieve the attribute value.
Type
A/An File Transfer Setting struct.
Create
The default value is:
{ 'type': 'FTP'}
Search
The field is not available for search.
The type of AAAA filtering for this member DNS object.
Type
String.
Create
The default value is NO.
Search
The field is not available for search.
The list of IPv4 addresses and networks from which queries are received. AAAA filtering is applied to these addresses.
Type
A/An Address ac struct array.
Create
The default value is:
empty
Search
The field is not available for search.
The fixed RRset order FQDN. If this field does not contain an empty value, the appliance will automatically set the enable_fixed_rrset_order_fqdns field to ‘true’, unless the same request sets the enable field to ‘false’.
Type
A/An Fixed RRset order FQDN struct array.
Create
The default value is:
empty
Search
The field is not available for search.
Determines if member sends queries to forwarders only. When the value is “true”, the member sends queries to forwarders only, and not to other internal or Internet root servers.
Type
Bool.
Create
The default value is False.
Search
The field is not available for search.
Determines if secondary servers is allowed to forward updates to the DNS server or not.
Type
Bool.
Create
The default value is False.
Search
The field is not available for search.
The forwarders for the member. A forwarder is essentially a name server to which other name servers first send all of their off-site queries. The forwarder builds up a cache of information, avoiding the need for the other name servers to send queries off-site.
Type
String array.
Create
The default value is empty.
Search
The field is not available for search.
The timeout interval (in seconds) after which the expired Fault Tolerant Caching (FTC)record is stale and no longer valid.
Type
Unsigned integer.
Create
The default value is 86400.
Search
The field is not available for search.
The TTL value (in seconds) of the expired Fault Tolerant Caching (FTC) record in DNS responses.
Type
Unsigned integer.
Create
The default value is 5.
Search
The field is not available for search.
Flag for taking EA values from IPAM Hosts into consideration for the DTC topology EA database.
Type
Bool.
Create
The default value is True.
Search
The field is not available for search.
Flag for taking EA values from IPAM Network Containers into consideration for the DTC topology EA database.
Type
Bool.
Create
The default value is True.
Search
The field is not available for search.
Flag for taking EA values from IPAM Network into consideration for the DTC topology EA database.
Type
Bool.
Create
The default value is True.
Search
The field is not available for search.
Flag for taking EA values from IPAM Ranges into consideration for the DTC topology EA database.
Type
Bool.
Create
The default value is True.
Search
The field is not available for search.
The list of GSS-TSIG keys for a Grid DNS object.
Type
A/An kerberoskey object array.
This field supports nested return fields as described here.
Create
The default value is empty.
Search
The field is not available for search.
Determines last queried ACL for the specified IPv4 or IPv6 addresses and networks in scavenging settings.
Type
A/An Address ac struct array.
Create
The default value is:
empty
Search
The field is not available for search.
The logging categories.
Type
A/An Grid logging setting information struct.
Create
The default value is:
{ 'log_client': True,
'log_config': True,
'log_database': True,
'log_dnssec': True,
'log_dtc_gslb': False,
'log_dtc_health': False,
'log_general': True,
'log_lame_servers': True,
'log_network': True,
'log_notify': True,
'log_queries': False,
'log_query_rewrite': False,
'log_rate_limit': True,
'log_resolver': True,
'log_responses': False,
'log_rpz': False,
'log_security': True,
'log_update': True,
'log_update_security': True,
'log_xfer_in': True,
'log_xfer_out': True}
Search
The field is not available for search.
The maximum time (in seconds) for which the server will cache positive answers.
Type
Unsigned integer.
Create
The default value is 604800.
Search
The field is not available for search.
The maximum time (in seconds) a DNS response can be stored in the hardware acceleration cache.
Valid values are unsigned integer between 60 and 86400, inclusive.
Type
Unsigned integer.
Create
The default value is 86400.
Search
The field is not available for search.
The maximum time (in seconds) for which the server will cache negative (NXDOMAIN) responses.
The maximum allowed value is 604800.
Type
Unsigned integer.
Create
The default value is 10800.
Search
The field is not available for search.
The value is used by authoritative DNS servers to never send DNS responses larger than the configured value. The value should be between 512 and 4096 bytes. The recommended value is between 512 and 1220 bytes.
Type
Unsigned integer.
Create
The default value is 1220.
Search
The field is not available for search.
Determines if Grid members that are authoritative secondary servers are allowed to send notification messages to external name servers, if the Grid member that is primary for a zone fails or loses connectivity.
Type
Bool.
Create
The default value is True.
Search
The field is not available for search.
The negative TTL value of a Grid DNS object. This interval tells the secondary how long data can be cached for “Does Not Respond” responses.
Type
Unsigned integer.
Create
The default value is 900.
Search
The field is not available for search.
Specifies with how many seconds of delay the notify messages are sent to secondaries.
Type
Unsigned integer.
Create
The default value is 5.
Search
The field is not available for search.
The source port for notify messages. When requesting zone transfers from the primary server, some secondary DNS servers use the source port number (the primary server used to send the notify message) as the destination port number in the zone transfer request.
Valid values are between 1 and 63999. The default is picked by BIND.
Type
Unsigned integer.
Create
The default value is empty.
Search
The field is not available for search.
The default nameserver group.
Type
String.
Create
The default value is undefined.
Search
The field is not available for search.
A name server group is a collection of one primary DNS server and one or more secondary DNS servers.
Type
String array.
Create
The default value is empty.
Search
The field is not available for search.
Determines if NXDOMAIN redirection queries are logged or not.
Type
Bool.
Create
The default value is False.
Search
The field is not available for search.
Determines if NXDOMAIN redirection is enabled or not.
Type
Bool.
Create
The default value is False.
Search
The field is not available for search.
The list of IPv4 NXDOMAIN redirection addresses.
Type
String array.
Create
The default value is empty.
Search
The field is not available for search.
The list of IPv6 NXDOMAIN redirection addresses.
Type
String array.
Create
The default value is empty.
Search
The field is not available for search.
The TTL value (in seconds) of synthetic DNS responses that result from NXDOMAIN redirection.
Type
Unsigned integer.
Create
The default value is 60.
Search
The field is not available for search.
The Ruleset object names assigned at the Grid level for NXDOMAIN redirection.
Type
String array.
Create
The default value is empty.
Search
The field is not available for search.
Determines if the host RRset order on secondaries is preserved or not.
Type
Bool.
Create
The default value is False.
Search
The field is not available for search.
The list of record name policies.
Type
A/An recordnamepolicy object array.
This field supports nested return fields as described here.
Create
The default value is [{‘regex’: ‘^[a-zA-Z0-9]$|^[a-zA-Z0-9][-a-zA-Z0-9.]*[a-zA-Z0-9]$’, ‘is_default’: False, ‘name’: ‘Strict Hostname Checking’}, {‘regex’: ‘^[-a-zA-Z0-9_.]+$’, ‘is_default’: True, ‘name’: ‘Allow Underscore’}, {‘regex’: ‘.+’, ‘is_default’: False, ‘name’: ‘Allow Any’}].
Search
The field is not available for search.
The list of domain names that trigger DNS query rewrite.
Type
String array.
Create
The default value is empty.
Search
The field is not available for search.
The domain name prefix for DNS query rewrite.
Type
String.
Create
The default value is empty.
Search
The field is not available for search.
The source port for queries. Specifying a source port number for recursive queries ensures that a firewall will allow the response.
Valid values are between 1 and 63999. The default is picked by BIND.
Type
Unsigned integer.
Create
The default value is empty.
Search
The field is not available for search.
The list of IPv4 or IPv6 addresses, networks or hosts authenticated by Transaction signature (TSIG) key from which recursive queries are allowed or denied.
Type
A/An Address ac struct array.
Create
The default value is:
empty
Search
The field is not available for search.
The refresh time. This interval tells the secondary how often to send a message to the primary for a zone to check that its data is current, and retrieve fresh data if it is not.
Type
Unsigned integer.
Create
The default value is 10800.
Search
The field is not available for search.
The recursive query timeout for the member.
Type
Unsigned integer.
Create
The default value is 0.
Search
The field is not available for search.
The response rate limiting settings for the member.
Type
A/An DNS Response Rate Limiting struct.
Create
The default value is:
{ 'enable_rrl': False,
'log_only': False,
'responses_per_second': 100,
'slip': 2,
'window': 15}
Search
The field is not available for search.
The restart setting.
Type
A/An Restart Setting struct.
Create
The default value is:
{ 'delay': 10, 'restart_offline': True, 'timeout': 60}
Search
The field is not available for search.
The retry time. This interval tells the secondary how long to wait before attempting to recontact the primary after a connection failure occurs between the two servers.
Type
Unsigned integer.
Create
The default value is 3600.
Search
The field is not available for search.
Determines the type of root name servers.
Type
String.
Create
The default value is INTERNET.
Search
The field is not available for search.
Determines if NSDNAME and NSIP resource records from RPZ feeds are enabled or not.
Type
Bool.
Create
The default value is False.
Search
The field is not available for search.
Enables the appliance to ignore RPZ-IP triggers with prefix lengths less than the specified minimum prefix length.
Type
Bool.
Create
The default value is False.
Search
The field is not available for search.
The minimum prefix length for IPv4 RPZ-IP triggers. The appliance ignores RPZ-IP triggers with prefix lengths less than the specified minimum IPv4 prefix length.
Type
Unsigned integer.
Create
The default value is 29.
Search
The field is not available for search.
The minimum prefix length for IPv6 RPZ-IP triggers. The appliance ignores RPZ-IP triggers with prefix lengths less than the specified minimum IPv6 prefix length.
Type
Unsigned integer.
Create
The default value is 112.
Search
The field is not available for search.
Determines if recursive RPZ lookups are enabled.
Type
Bool.
Create
The default value is False.
Search
The field is not available for search.
The Grid level scavenging settings.
Type
A/An DNS scavenging settings struct.
Create
The default value is:
{ 'ea_expression_list': [],
'enable_auto_reclamation': False,
'enable_recurrent_scavenging': False,
'enable_rr_last_queried': False,
'enable_scavenging': False,
'enable_zone_last_queried': False,
'expression_list': [],
'reclaim_associated_records': False}
Search
The field is not available for search.
The number of maximum concurrent SOA queries per second.
Valid values are unsigned integer between 20 and 1000, inclusive.
Type
Unsigned integer.
Create
The default value is 20.
Search
The field is not available for search.
The value of the server-id directive for BIND and Unbound DNS.
Type
String.
Create
The default value is NONE.
Search
The field is not available for search.
A sort list determines the order of addresses in responses made to DNS queries.
Type
A/An DNS Sortlist struct array.
Create
The default value is:
empty
Search
The field is not available for search.
Determines if the storage of query capture reports on the appliance is enabled or disabled.
Type
Bool.
Create
The default value is False.
Search
The field is not available for search.
The syslog facility. This is the location on the syslog server to which you want to sort the DNS logging messages.
Type
String.
Create
The default value is DAEMON.
Search
The field is not available for search.
The list of excluded DNS servers during zone transfers.
Type
String array.
Create
The default value is empty.
Search
The field is not available for search.
The BIND format for a zone transfer. This provides tracking capabilities for single or multiple transfers and their associated servers.
Type
String.
Create
The default value is MANY_ANSWERS.
Search
The field is not available for search.
The number of maximum concurrent transfers for the Grid.
Valid values are unsigned integer between 10 and 10000, inclusive.
Type
Unsigned integer.
Create
The default value is 10.
Search
The field is not available for search.
The number of maximum outbound concurrent zone transfers.
Valid values are unsigned integer between 10 and 10000, inclusive.
Type
Unsigned integer.
Create
The default value is 10.
Search
The field is not available for search.
This function performs the scavenging of the DNS Records.
This function does not support multiple object matches when called as part of an atomic insertion operation.
Input fields
action ( String. Valid values are: “ANALYZE”, “RECLAIM”, “ANALYZE_RECLAIM”, “RESET” ). This parameter is mandatory. The scavenging action to perform.
Output fields
None
| Field | Type | Req | R/O | Base | Search |
|---|---|---|---|---|---|
| add_client_ip_mac_options | Bool | N | N | N | N/A |
| allow_bulkhost_ddns | String | N | N | N | N/A |
| allow_gss_tsig_zone_updates | Bool | N | N | N | N/A |
| allow_query | [struct] | N | N | N | N/A |
| allow_recursive_query | Bool | N | N | N | N/A |
| allow_transfer | [struct] | N | N | N | N/A |
| allow_update | [struct] | N | N | N | N/A |
| anonymize_response_logging | Bool | N | N | N | N/A |
| attack_mitigation | struct | N | N | N | N/A |
| auto_blackhole | struct | N | N | N | N/A |
| bind_check_names_policy | String | N | N | N | N/A |
| bind_hostname_directive | String | N | N | N | N/A |
| blackhole_list | [struct] | N | N | N | N/A |
| blacklist_action | String | N | N | N | N/A |
| blacklist_log_query | Bool | N | N | N | N/A |
| blacklist_redirect_addresses | [String] | N | N | N | N/A |
| blacklist_redirect_ttl | Unsigned int | N | N | N | N/A |
| blacklist_rulesets | [String] | N | N | N | N/A |
| bulk_host_name_templates | [obj] | N | N | N | N/A |
| capture_dns_queries_on_all_domains | Bool | N | N | N | N/A |
| check_names_for_ddns_and_zone_transfer | Bool | N | N | N | N/A |
| client_subnet_domains | [struct] | N | N | N | N/A |
| client_subnet_ipv4_prefix_length | Unsigned int | N | N | N | N/A |
| client_subnet_ipv6_prefix_length | Unsigned int | N | N | N | N/A |
| copy_client_ip_mac_options | Bool | N | N | N | N/A |
| copy_xfer_to_notify | Bool | N | N | N | N/A |
| custom_root_name_servers | [struct] | N | N | N | N/A |
| ddns_force_creation_timestamp_update | Bool | N | N | N | N/A |
| ddns_principal_group | String | N | N | N | N/A |
| ddns_principal_tracking | Bool | N | N | N | N/A |
| ddns_restrict_patterns | Bool | N | N | N | N/A |
| ddns_restrict_patterns_list | [String] | N | N | N | N/A |
| ddns_restrict_protected | Bool | N | N | N | N/A |
| ddns_restrict_secure | Bool | N | N | N | N/A |
| ddns_restrict_static | Bool | N | N | N | N/A |
| default_bulk_host_name_template | String | N | N | N | N/A |
| default_ttl | Unsigned int | N | N | N | N/A |
| disable_edns | Bool | N | N | N | N/A |
| dns64_groups | [String] | N | N | N | N/A |
| dns_cache_acceleration_ttl | Unsigned int | N | N | N | N/A |
| dns_health_check_anycast_control | Bool | N | N | N | N/A |
| dns_health_check_domain_list | [String] | N | N | N | N/A |
| dns_health_check_interval | Unsigned int | N | N | N | N/A |
| dns_health_check_recursion_flag | Bool | N | N | N | N/A |
| dns_health_check_retries | Unsigned int | N | N | N | N/A |
| dns_health_check_timeout | Unsigned int | N | N | N | N/A |
| dns_query_capture_file_time_limit | Unsigned int | N | N | N | N/A |
| dnssec_blacklist_enabled | Bool | N | N | N | N/A |
| dnssec_dns64_enabled | Bool | N | N | N | N/A |
| dnssec_enabled | Bool | N | N | N | N/A |
| dnssec_expired_signatures_enabled | Bool | N | N | N | N/A |
| dnssec_key_params | struct | N | N | N | N/A |
| dnssec_negative_trust_anchors | [String] | N | N | N | N/A |
| dnssec_nxdomain_enabled | Bool | N | N | N | N/A |
| dnssec_rpz_enabled | Bool | N | N | N | N/A |
| dnssec_trusted_keys | [struct] | N | N | N | N/A |
| dnssec_validation_enabled | Bool | N | N | N | N/A |
| dnstap_setting | struct | N | N | N | N/A |
| domains_to_capture_dns_queries | [String] | N | N | N | N/A |
| dtc_dns_queries_specific_behavior | String | N | N | N | N/A |
| dtc_dnssec_mode | String | N | N | N | N/A |
| dtc_edns_prefer_client_subnet | Bool | N | N | N | N/A |
| dtc_scheduled_backup | struct | N | N | N | N/A |
| dtc_topology_ea_list | [String] | N | N | N | N/A |
| edns_udp_size | Unsigned int | N | N | N | N/A |
| String | N | N | N | N/A | |
| enable_blackhole | Bool | N | N | N | N/A |
| enable_blacklist | Bool | N | N | N | N/A |
| enable_capture_dns_queries | Bool | N | N | N | N/A |
| enable_capture_dns_responses | Bool | N | N | N | N/A |
| enable_client_subnet_forwarding | Bool | N | N | N | N/A |
| enable_client_subnet_recursive | Bool | N | N | N | N/A |
| enable_delete_associated_ptr | Bool | N | N | N | N/A |
| enable_dns64 | Bool | N | N | N | N/A |
| enable_dns_health_check | Bool | N | N | N | N/A |
| enable_dnstap_queries | Bool | N | N | N | N/A |
| enable_dnstap_responses | Bool | N | N | N | N/A |
| enable_excluded_domain_names | Bool | N | N | N | N/A |
| enable_fixed_rrset_order_fqdns | Bool | N | N | N | N/A |
| enable_ftc | Bool | N | N | N | N/A |
| enable_gss_tsig | Bool | N | N | N | N/A |
| enable_host_rrset_order | Bool | N | N | N | N/A |
| enable_hsm_signing | Bool | N | N | N | N/A |
| enable_notify_source_port | Bool | N | N | N | N/A |
| enable_query_rewrite | Bool | N | N | N | N/A |
| enable_query_source_port | Bool | N | N | N | N/A |
| excluded_domain_names | [String] | N | N | N | N/A |
| expire_after | Unsigned int | N | N | N | N/A |
| file_transfer_setting | struct | N | N | N | N/A |
| filter_aaaa | String | N | N | N | N/A |
| filter_aaaa_list | [struct] | N | N | N | N/A |
| fixed_rrset_order_fqdns | [struct] | N | N | N | N/A |
| forward_only | Bool | N | N | N | N/A |
| forward_updates | Bool | N | N | N | N/A |
| forwarders | [String] | N | N | N | N/A |
| ftc_expired_record_timeout | Unsigned int | N | N | N | N/A |
| ftc_expired_record_ttl | Unsigned int | N | N | N | N/A |
| gen_eadb_from_hosts | Bool | N | N | N | N/A |
| gen_eadb_from_network_containers | Bool | N | N | N | N/A |
| gen_eadb_from_networks | Bool | N | N | N | N/A |
| gen_eadb_from_ranges | Bool | N | N | N | N/A |
| gss_tsig_keys | [obj] | N | N | N | N/A |
| last_queried_acl | [struct] | N | N | N | N/A |
| logging_categories | struct | N | N | N | N/A |
| max_cache_ttl | Unsigned int | N | N | N | N/A |
| max_cached_lifetime | Unsigned int | N | N | N | N/A |
| max_ncache_ttl | Unsigned int | N | N | N | N/A |
| max_udp_size | Unsigned int | N | N | N | N/A |
| member_secondary_notify | Bool | N | N | N | N/A |
| negative_ttl | Unsigned int | N | N | N | N/A |
| notify_delay | Unsigned int | N | N | N | N/A |
| notify_source_port | Unsigned int | N | N | N | N/A |
| nsgroup_default | String | N | N | N | N/A |
| nsgroups | [String] | N | N | N | N/A |
| nxdomain_log_query | Bool | N | N | N | N/A |
| nxdomain_redirect | Bool | N | N | N | N/A |
| nxdomain_redirect_addresses | [String] | N | N | N | N/A |
| nxdomain_redirect_addresses_v6 | [String] | N | N | N | N/A |
| nxdomain_redirect_ttl | Unsigned int | N | N | N | N/A |
| nxdomain_rulesets | [String] | N | N | N | N/A |
| preserve_host_rrset_order_on_secondaries | Bool | N | N | N | N/A |
| protocol_record_name_policies | [obj] | N | N | N | N/A |
| query_rewrite_domain_names | [String] | N | N | N | N/A |
| query_rewrite_prefix | String | N | N | N | N/A |
| query_source_port | Unsigned int | N | N | N | N/A |
| recursive_query_list | [struct] | N | N | N | N/A |
| refresh_timer | Unsigned int | N | N | N | N/A |
| resolver_query_timeout | Unsigned int | N | N | N | N/A |
| response_rate_limiting | struct | N | N | N | N/A |
| restart_setting | struct | N | N | N | N/A |
| retry_timer | Unsigned int | N | N | N | N/A |
| root_name_server_type | String | N | N | N | N/A |
| rpz_disable_nsdname_nsip | Bool | N | N | N | N/A |
| rpz_drop_ip_rule_enabled | Bool | N | N | N | N/A |
| rpz_drop_ip_rule_min_prefix_length_ipv4 | Unsigned int | N | N | N | N/A |
| rpz_drop_ip_rule_min_prefix_length_ipv6 | Unsigned int | N | N | N | N/A |
| rpz_qname_wait_recurse | Bool | N | N | N | N/A |
| scavenging_settings | struct | N | N | N | N/A |
| serial_query_rate | Unsigned int | N | N | N | N/A |
| server_id_directive | String | N | N | N | N/A |
| sortlist | [struct] | N | N | N | N/A |
| store_locally | Bool | N | N | N | N/A |
| syslog_facility | String | N | N | N | N/A |
| transfer_excluded_servers | [String] | N | N | N | N/A |
| transfer_format | String | N | N | N | N/A |
| transfers_in | Unsigned int | N | N | N | N/A |
| transfers_out | Unsigned int | N | N | N | N/A |
| transfers_per_ns | Unsigned int | N | N | N | N/A |
| zone_deletion_double_confirm | Bool | N | N | N | N/A |
grid:dhcpproperties : Grid DHCP properties object.