primary_type¶
- primary_type¶
The type of the primary server.
Type
String.
- Valid values are:
- External
- Grid
- None
Search
The field is not available for search.
Notes
The primary_type cannot be updated.
primary_type cannot be written.
DNS RPZs (Response Policy Zones), a technology developed by ISC (Internet System Consortium) for allowing reputable sources to dynamically communicate domain name reputation so you can implement policy controls for DNS lookups. You can configure RPZs and define RPZ rules to block DNS resolution for malicious or unauthorized domain names, or redirect clients to a walled garden by substituting responses. You can assign actions to RPZ rules. For example, abc.com can have an action of pass thru or substitute (domain) with the domain xyz.com. You can also configure a Grid member to act as a lead secondary that receives RPZ updates from external reputation sources and redistributes the updates to other Grid members.
The name part of a DNS Response Policy Zone object reference has the following components:
- FQDN of the zone
- Name of the view
Example: zone_rp/ZG5zLmJpbmRfY25h:some.name.com/myview
The object does not support the following operations:
The object cannot be managed on Cloud Platform members.
These fields are actual members of the object; thus, they can be requested by using _return_fields, if the fields are readable.
The basic version of the object contains the field(s): fqdn, view.
The following fields are required to create this object:
| Field | Notes |
|---|---|
| fqdn | |
| substitute_name | See the field description for more information |
The IP address of the server that is serving this zone.
Type
String.
Search
The field is not available for search.
Notes
The address cannot be updated.
address cannot be written.
Comment for the zone; maximum 256 characters.
Type
String.
Values with leading or trailing white space are not valid for this field.
Create
The default value is empty.
Search
The field is available for search via
Determines whether a zone is disabled or not. When this is set to False, the zone is enabled.
Type
Bool.
Create
The default value is False.
Search
The field is not available for search.
The displayed name of the DNS zone.
Type
String.
Search
The field is not available for search.
Notes
The display_domain cannot be updated.
display_domain cannot be written.
The SOA email for the zone in punycode format.
Type
String.
Values with leading or trailing white space are not valid for this field.
Search
The field is not available for search.
Notes
The dns_soa_email cannot be updated.
dns_soa_email cannot be written.
Extensible attributes associated with the object.
For valid values for extensible attributes, see the following information.
Type
Extensible attributes.
This field allows +/- to be specified as part of the field name when updating the object, see the following information.
Create
The default value is empty.
Search
For how to search extensible attributes, see the following information.
The list of external primary servers.
Type
A/An External Server struct array.
Create
The default value is:
empty
Search
The field is not available for search.
The list of external secondary servers.
Type
A/An External Server struct array.
Create
The default value is:
empty
Search
The field is not available for search.
Rules to map fireeye alerts.
Type
A/An Fireeye Rule Mapping struct.
Create
The default value is undefined.
Search
The field is not available for search.
The name of this DNS zone in FQDN format.
Type
String.
Values with leading or trailing white space are not valid for this field.
Create
The field is required on creation.
Search
The field is available for search via
Notes
The fqdn is part of the base object.
The fqdn cannot be updated.
The grid primary servers for this zone.
Type
A/An Member Server struct array.
Create
The default value is:
empty
Search
The field is not available for search.
The list with Grid members that are secondary servers for this zone.
Type
A/An Member Server struct array.
Create
The default value is:
empty
Search
The field is not available for search.
If you enable this flag, other administrators cannot make conflicting changes. This is for administration purposes only. The zone will continue to serve DNS data even when it is locked.
Type
Bool.
Create
The default value is False.
Search
The field is not available for search.
The name of a superuser or the administrator who locked this zone.
Type
String.
Values with leading or trailing white space are not valid for this field.
Search
The field is not available for search.
Notes
The locked_by cannot be updated.
locked_by cannot be written.
Determines whether RPZ logging enabled or not at zone level. When this is set to False, the logging is disabled.
Type
Bool.
Create
The default value is True.
Search
The field is not available for search.
Notes
log_rpz is associated with the field use_log_rpz (see use flag).
IPv4 Netmask or IPv6 prefix for this zone.
Type
String.
Values with leading or trailing white space are not valid for this field.
Search
The field is not available for search.
Notes
The mask_prefix cannot be updated.
mask_prefix cannot be written.
The list of per-member SOA MNAME information.
Type
A/An Per-master SOA MNAME Information struct array.
Create
The default value is:
empty
Search
The field is not available for search.
The list of per-member SOA serial information.
Type
A/An Per-master SOA Serial Information struct array.
Search
The field is not available for search.
Notes
The member_soa_serials cannot be updated.
member_soa_serials cannot be written.
The name of the network view in which this zone resides.
Type
String.
Values with leading or trailing white space are not valid for this field.
Search
The field is not available for search.
Notes
The network_view cannot be updated.
network_view cannot be written.
The name server group that serves DNS for this zone.
Type
String.
Create
The default value is empty.
Search
The field is not available for search.
The parent zone of this zone.
Note that when searching for reverse zones, the “in-addr.arpa” notation should be used.
Type
String.
Values with leading or trailing white space are not valid for this field.
Search
The field is available for search via
Notes
The parent cannot be updated.
parent cannot be written.
The RFC2317 prefix value of this DNS zone.
Use this field only when the netmask is greater than 24 bits; that is, for a mask between 25 and 31 bits. Enter a prefix, such as the name of the allocated address block. The prefix can be alphanumeric characters, such as 128/26 , 128-189 , or sub-B.
Type
String.
Values with leading or trailing white space are not valid for this field.
Create
The default value is empty.
Search
The field is not available for search.
The type of the primary server.
Type
String.
Search
The field is not available for search.
Notes
The primary_type cannot be updated.
primary_type cannot be written.
The hostname policy for records under this zone.
Type
String.
Create
The default value is empty.
Search
The field is not available for search.
Notes
record_name_policy is associated with the field use_record_name_policy (see use flag).
Enables the appliance to ignore RPZ-IP triggers with prefix lengths less than the specified minimum prefix length.
Type
Bool.
Create
The default value is False.
Search
The field is not available for search.
Notes
rpz_drop_ip_rule_enabled is associated with the field use_rpz_drop_ip_rule (see use flag).
The minimum prefix length for IPv4 RPZ-IP triggers. The appliance ignores RPZ-IP triggers with prefix lengths less than the specified minimum IPv4 prefix length.
Type
Unsigned integer.
Create
The default value is 29.
Search
The field is not available for search.
Notes
rpz_drop_ip_rule_min_prefix_length_ipv4 is associated with the field use_rpz_drop_ip_rule (see use flag).
The minimum prefix length for IPv6 RPZ-IP triggers. The appliance ignores RPZ-IP triggers with prefix lengths less than the specified minimum IPv6 prefix length.
Type
Unsigned integer.
Create
The default value is 112.
Search
The field is not available for search.
Notes
rpz_drop_ip_rule_min_prefix_length_ipv6 is associated with the field use_rpz_drop_ip_rule (see use flag).
The timestamp of the last update for zone data.
Type
Timestamp.
Search
The field is not available for search.
Notes
The rpz_last_updated_time cannot be updated.
rpz_last_updated_time cannot be written.
The response policy zone override policy.
Type
String.
Create
The default value is GIVEN.
Search
The field is not available for search.
The priority of this response policy zone.
Type
Unsigned integer.
Search
The field is not available for search.
Notes
The rpz_priority cannot be updated.
rpz_priority cannot be written.
This number is for UI to identify the end of qualified zone list.
Type
Unsigned integer.
Search
The field is not available for search.
Notes
The rpz_priority_end cannot be updated.
rpz_priority_end cannot be written.
The severity of this response policy zone.
Type
String.
Create
The default value is MAJOR.
Search
The field is not available for search.
The type of rpz zone.
Type
String.
Create
The default value is LOCAL.
Search
The field is not available for search.
Notes
The rpz_type cannot be updated.
The serial number in the SOA record incrementally changes every time the record is modified. The Infoblox appliance allows you to change the serial number (in the SOA record) for the primary server so it is higher than the secondary server, thereby ensuring zone transfers come from the primary server (as they should). To change the serial number you need to set a new value at “soa_serial_number” and pass “set_soa_serial_number” as True.
Type
Bool.
Create
The default value is empty.
Search
The field is not available for search.
Notes
set_soa_serial_number is not readable.
The Time to Live (TTL) value of the SOA record of this zone. This value is the number of seconds that data is cached.
Type
Unsigned integer.
Create
The default value is empty.
Search
The field is not available for search.
Notes
soa_default_ttl is associated with the field use_grid_zone_timer (see use flag).
The SOA email value for this zone. This value can be in unicode format.
Type
String.
Values with leading or trailing white space are not valid for this field.
Create
The default value is empty.
Search
The field is not available for search.
Notes
soa_email is associated with the field use_soa_email (see use flag).
This setting defines the amount of time, in seconds, after which the secondary server stops giving out answers about the zone because the zone data is too old to be useful. The default is one week.
Type
Unsigned integer.
Create
The default value is empty.
Search
The field is not available for search.
Notes
soa_expire is associated with the field use_grid_zone_timer (see use flag).
The negative Time to Live (TTL) value of the SOA of the zone indicates how long a secondary server can cache data for “Does Not Respond” responses.
Type
Unsigned integer.
Create
The default value is empty.
Search
The field is not available for search.
Notes
soa_negative_ttl is associated with the field use_grid_zone_timer (see use flag).
This indicates the interval at which a secondary server sends a message to the primary server for a zone to check that its data is current, and retrieve fresh data if it is not.
Type
Unsigned integer.
Create
The default value is empty.
Search
The field is not available for search.
Notes
soa_refresh is associated with the field use_grid_zone_timer (see use flag).
This indicates how long a secondary server must wait before attempting to recontact the primary server after a connection failure between the two servers occurs.
Type
Unsigned integer.
Create
The default value is empty.
Search
The field is not available for search.
Notes
soa_retry is associated with the field use_grid_zone_timer (see use flag).
The serial number in the SOA record incrementally changes every time the record is modified. The Infoblox appliance allows you to change the serial number (in the SOA record) for the primary server so it is higher than the secondary server, thereby ensuring zone transfers come from the primary server (as they should). To change the serial number you need to set a new value at “soa_serial_number” and pass “set_soa_serial_number” as True.
Type
Unsigned integer.
Create
The default value is empty.
Search
The field is not available for search.
The canonical name of redirect target in substitute policy of response policy zone.
Type
String.
Values with leading or trailing white space are not valid for this field.
Create
The field is required only when rpz_policy is set to SUBSTITUTE.
Search
The field is not available for search.
This flag controls whether the zone is using an external primary.
Type
Bool.
Create
The default value is False.
Search
The field is not available for search.
Use flag for: soa_default_ttl , soa_expire, soa_negative_ttl, soa_refresh, soa_retry
Type
Bool.
Create
The default value is False.
Search
The field is not available for search.
Use flag for: log_rpz
Type
Bool.
Create
The default value is False.
Search
The field is not available for search.
Use flag for: record_name_policy
Type
Bool.
Create
The default value is False.
Search
The field is not available for search.
Use flag for: rpz_drop_ip_rule_enabled , rpz_drop_ip_rule_min_prefix_length_ipv4, rpz_drop_ip_rule_min_prefix_length_ipv6
Type
Bool.
Create
The default value is False.
Search
The field is not available for search.
Use flag for: soa_email
Type
Bool.
Create
The default value is None.
Search
The field is not available for search.
The name of the DNS view in which the zone resides. Example “external”.
Type
String.
Values with leading or trailing white space are not valid for this field.
Create
The default value is The default DNS view.
Search
The field is available for search via
Notes
The view is part of the base object.
Copy RPZ records (rules) between DNS views.
This function does not support multiple object matches when called as part of an atomic insertion operation.
Input fields
clear_destination_first ( Bool. ) Remove all records in the destination zone before copying the records. The default value is “False”.
dest_view ( String. ). This parameter is mandatory. The destination DNS view.
dest_zone ( String. ). This parameter is mandatory. The destination DNS zone.
replace_existing_records ( Bool. ) Replace any existing records with the copied records if duplicate records are not allowed. The default value is “False”.
select_records ( String. Valid values are: “PassthruIpaddr”, “PassthruDomain”, “BlockNxdomainIpaddr”, “BlockNxdomainDomain”, “BlockNoDataIpaddr”, “BlockNoDataDomain”, “SubstituteARecord”, “SubstituteAAAARecord”, “SubstituteCName”, “SubstituteMXRecord”, “SubstituteNAPTRRecord”, “SubstitutePTRRecord”, “SubstituteSRVRecord”, “SubstituteTXTRecord”, “SubstituteIPv4AddressRecord”, “SubstituteIPv6AddressRecord”, “SubstituteIPAddressCname”, “PassthruClientIpaddr”, “BlockNxdomainClientIpaddr”, “BlockNoDataClientIpaddr”, “SubstituteClientIPAddressCname” ) Contains types of records that should be copied. Omit this parameter to copy all records. The default value is “None”.
Output fields
None
This function is used to lock or unlock a zone to prevent other administrators from making conflicting changes.
This function does not support multiple object matches when called as part of an atomic insertion operation.
Input fields
operation ( String. Valid values are: “LOCK”, “UNLOCK” ). This parameter is mandatory. The operation to perform.
Output fields
None
| Field | Type | Req | R/O | Base | Search |
|---|---|---|---|---|---|
| address | String | N | Y | N | N/A |
| comment | String | N | N | N | : = ~ |
| disable | Bool | N | N | N | N/A |
| display_domain | String | N | Y | N | N/A |
| dns_soa_email | String | N | Y | N | N/A |
| extattrs | Extattr | N | N | N | ext |
| external_primaries | [struct] | N | N | N | N/A |
| external_secondaries | [struct] | N | N | N | N/A |
| fireeye_rule_mapping | struct | N | N | N | N/A |
| fqdn | String | Y | N | Y | = ~ |
| grid_primary | [struct] | N | N | N | N/A |
| grid_secondaries | [struct] | N | N | N | N/A |
| locked | Bool | N | N | N | N/A |
| locked_by | String | N | Y | N | N/A |
| log_rpz | Bool | N | N | N | N/A |
| mask_prefix | String | N | Y | N | N/A |
| member_soa_mnames | [struct] | N | N | N | N/A |
| member_soa_serials | [struct] | N | Y | N | N/A |
| network_view | String | N | Y | N | N/A |
| ns_group | String | N | N | N | N/A |
| parent | String | N | Y | N | = |
| prefix | String | N | N | N | N/A |
| primary_type | String | N | Y | N | N/A |
| record_name_policy | String | N | N | N | N/A |
| rpz_drop_ip_rule_enabled | Bool | N | N | N | N/A |
| rpz_drop_ip_rule_min_prefix_length_ipv4 | Unsigned int | N | N | N | N/A |
| rpz_drop_ip_rule_min_prefix_length_ipv6 | Unsigned int | N | N | N | N/A |
| rpz_last_updated_time | Timestamp | N | Y | N | N/A |
| rpz_policy | String | N | N | N | N/A |
| rpz_priority | Unsigned int | N | Y | N | N/A |
| rpz_priority_end | Unsigned int | N | Y | N | N/A |
| rpz_severity | String | N | N | N | N/A |
| rpz_type | String | N | N | N | N/A |
| set_soa_serial_number | Bool | N | N | N | N/A |
| soa_default_ttl | Unsigned int | N | N | N | N/A |
| soa_email | String | N | N | N | N/A |
| soa_expire | Unsigned int | N | N | N | N/A |
| soa_negative_ttl | Unsigned int | N | N | N | N/A |
| soa_refresh | Unsigned int | N | N | N | N/A |
| soa_retry | Unsigned int | N | N | N | N/A |
| soa_serial_number | Unsigned int | N | N | N | N/A |
| substitute_name | String | Y* | N | N | N/A |
| use_external_primary | Bool | N | N | N | N/A |
| use_grid_zone_timer | Bool | N | N | N | N/A |
| use_log_rpz | Bool | N | N | N | N/A |
| use_record_name_policy | Bool | N | N | N | N/A |
| use_rpz_drop_ip_rule | Bool | N | N | N | N/A |
| use_soa_email | Bool | N | N | N | N/A |
| view | String | N | N | Y | = |
* Required in some cases, see detailed field description above.
zone_forward : DNS Forward Zone object.