Product Documentation

dns policy

Sep 12, 2016

The following operations can be performed on "dns policy":

add | rm | set | unset | show

add dns policy

Creates a DNS policy.

Synopsys

add dns policy <name> <rule> [<actionName>] [-logAction <string>]

Arguments

name

Name for the DNS policy.

rule

Expression against which DNS traffic is evaluated. Written in the default syntax.

Note:

* On the command line interface, if the expression includes blank spaces, the entire expression must be enclosed in double quotation marks.

* If the expression itself includes double quotation marks, you must escape the quotations by using the character.

* Alternatively, you can use single quotation marks to enclose the rule, in which case you do not have to escape the double quotation marks.

Maximum length of a string literal in the expression is 255 characters. A longer string can be split into smaller strings of up to 255 characters each, and the smaller strings concatenated with the + operator. For example, you can create a 500-character string as follows: '"<string of 255 characters>" + "<string of 245 characters>"'

Example: CLIENT.UDP.DNS.DOMAIN.EQ("domainname")

actionName

Name of the DNS action to perform when the rule evaluates to TRUE. The built in actions function as follows:

* dns_default_act_Drop. Drop the DNS request.

* dns_default_act_Cachebypass. Bypass the DNS cache and forward the request to the name server.

You can create custom actions by using the add dns action command in the CLI or the DNS > Actions > Create DNS Action dialog box in the NetScaler configuration utility.

logAction

Name of the messagelog action to use for requests that match this policy.

Example

add dns policy pol1 "dns.req.question.type.ne(aaaa)" -actionName act1 add dns policy pol2 "CLIENT.IP.SRC.IN_SUBNET(1.1.1.1/24)" -actionName action1 add dns policy pol1 dns.res.question.domain.contains("citrix") -actionName act2

rm dns policy

Removes a DNS policy.

Synopsys

rm dns policy <name>

Arguments

name

Name of the DNS policy to remove.

set dns policy

Modifies the parameters of the specified DNS policy.

Synopsys

set dns policy <name> [<rule>] [-actionName <string>] [-logAction <string>]

Arguments

name

Name of the DNS policy.

rule

Expression against which DNS traffic is evaluated. Written in the default syntax.

Note:

* On the command line interface, if the expression includes blank spaces, the entire expression must be enclosed in double quotation marks.

* If the expression itself includes double quotation marks, you must escape the quotations by using the character.

* Alternatively, you can use single quotation marks to enclose the rule, in which case you do not have to escape the double quotation marks.

Maximum length of a string literal in the expression is 255 characters. A longer string can be split into smaller strings of up to 255 characters each, and the smaller strings concatenated with the + operator. For example, you can create a 500-character string as follows: '"<string of 255 characters>" + "<string of 245 characters>"'

Example: CLIENT.UDP.DNS.DOMAIN.EQ("domainname")

actionName

Name of the DNS action to perform when the rule evaluates to TRUE. The built in actions function as follows:

* dns_default_act_Drop. Drop the DNS request.

* dns_default_act_Cachebypass. Bypass the DNS cache and forward the request to the name server.

You can create custom actions by using the add dns action command in the CLI or the DNS > Actions > Create DNS Action dialog box in the NetScaler configuration utility.

logAction

Name of the messagelog action to use for requests that match this policy.

Example

set dns policy pol1 -rule "dns.req.question.type.ne(aaaa)" set dns policy pol2 -rule "CLIENT.IP.SRC.IN_SUBNET(1.1.1.1/24)" set dns policy pol1 -rule dns.res.header.rcode.eq(nxdomain)

unset dns policy

Use this command to remove dns policy settings.Refer to the set dns policy command for meanings of the arguments.

Synopsys

unset dns policy <name> -logAction

show dns policy

Displays the parameters of the specified DNS policy or, if no policy name is specified, all configured DNS policies.

Synopsys

show dns policy [<name>]

Arguments

name

Name of the DNS policy.

Outputs

rule

The expression to be used by the dns policy.

viewName

The view name that must be used for the given policy

preferredLocation

The location used for the given policy. This is deprecated attribute. Please use -prefLocList

preferredLocList

The location list in priority order used for the given policy.

hits

The number of times the policy has been hit.

undefHits

Number of Undef hits.

drop

The dns packet must be dropped.

actionName

Name of the DNS action to perform when the rule evaluates to TRUE. The built in actions function as follows:

* dns_default_act_Drop. Drop the DNS request.

* dns_default_act_Cachebypass. Bypass the DNS cache and forward the request to the name server.

You can create custom actions by using the add dns action command in the CLI or the DNS > Actions > Create DNS Action dialog box in the NetScaler configuration utility.

cacheBypass

By pass dns cache for this.

activePolicy

Indicates whether policy is bound or not.

boundTo

Location where policy is bound

priority

Specifies the priority of the policy.

gotoPriorityExpression

Expression specifying the priority of the next policy which will get evaluated if the current policy rule evaluates to TRUE.

labelType

Type of policy label invocation.

labelName

Name of the label to invoke if the current policy rule evaluates to TRUE.

description

Description of the policy

logAction

Name of the messagelog action to use for requests that match this policy.

builtin

Flag to determine whether DNS policy is default or not

stateflag

devno

count