dns-policy¶
The following operations can be performed on "dns-policy":
set dns policy¶
Modifies the parameters of the specified DNS policy.
Synopsis¶
set dns policy
Arguments¶
name Name of the DNS policy.
rule Expression against which DNS traffic is evaluated. Note: * On the command line interface, if the expression includes blank spaces, the entire expression must be enclosed in double quotation marks. * If the expression itself includes double quotation marks, you must escape the quotations by using the character. * Alternatively, you can use single quotation marks to enclose the rule, in which case you do not have to escape the double quotation marks. Example: CLIENT.UDP.DNS.DOMAIN.EQ("domainname")
actionName Name of the DNS action to perform when the rule evaluates to TRUE. The built in actions function as follows: * dns_default_act_Drop. Drop the DNS request. * dns_default_act_Cachebypass. Bypass the DNS cache and forward the request to the name server. You can create custom actions by using the add dns action command in the CLI or the DNS > Actions > Create DNS Action dialog box in the Citrix ADC configuration utility.
logAction Name of the messagelog action to use for requests that match this policy.
Example¶
set dns policy pol1 -rule "dns.req.question.type.ne(aaaa)" set dns policy pol2 -rule "CLIENT.IP.SRC.IN_SUBNET(1.1.1.1/24)" set dns policy pol1 -rule dns.res.header.rcode.eq(nxdomain)
unset dns policy¶
Use this command to remove dns policy settings.Refer to the set dns policy command for meanings of the arguments.
Synopsis¶
unset dns policy
add dns policy¶
Creates a DNS policy.
Synopsis¶
add dns policy
Arguments¶
name Name for the DNS policy.
rule Expression against which DNS traffic is evaluated. Note: * On the command line interface, if the expression includes blank spaces, the entire expression must be enclosed in double quotation marks. * If the expression itself includes double quotation marks, you must escape the quotations by using the character. * Alternatively, you can use single quotation marks to enclose the rule, in which case you do not have to escape the double quotation marks. Example: CLIENT.UDP.DNS.DOMAIN.EQ("domainname")
actionName Name of the DNS action to perform when the rule evaluates to TRUE. The built in actions function as follows: * dns_default_act_Drop. Drop the DNS request. * dns_default_act_Cachebypass. Bypass the DNS cache and forward the request to the name server. You can create custom actions by using the add dns action command in the CLI or the DNS > Actions > Create DNS Action dialog box in the Citrix ADC configuration utility.
logAction Name of the messagelog action to use for requests that match this policy.
Example¶
add dns policy pol1 "dns.req.question.type.ne(aaaa)" -actionName act1 add dns policy pol2 "CLIENT.IP.SRC.IN_SUBNET(1.1.1.1/24)" -actionName action1 add dns policy pol1 dns.res.question.domain.contains("citrix") -actionName act2
show dns policy¶
Displays the parameters of the specified DNS policy or, if no policy name is specified, all configured DNS policies.
Synopsis¶
show dns policy [
Arguments¶
name Name of the DNS policy.
Output¶
rule The expression to be used by the dns policy.
viewName The view name that must be used for the given policy
preferredLocation The location used for the given policy. This is deprecated attribute. Please use -prefLocList
preferredLocList The location list in priority order used for the given policy.
hits The number of times the policy has been hit.
undefHits Number of Undef hits.
drop The dns packet must be dropped.
actionName Name of the DNS action to perform when the rule evaluates to TRUE. The built in actions function as follows: * dns_default_act_Drop. Drop the DNS request. * dns_default_act_Cachebypass. Bypass the DNS cache and forward the request to the name server. You can create custom actions by using the add dns action command in the CLI or the DNS > Actions > Create DNS Action dialog box in the Citrix ADC configuration utility.
cacheBypass By pass dns cache for this.
activePolicy Indicates whether policy is bound or not.
boundTo Location where policy is bound
priority Specifies the priority of the policy.
gotoPriorityExpression Expression specifying the priority of the next policy which will get evaluated if the current policy rule evaluates to TRUE.
labelType Type of policy label invocation.
labelName Name of the label to invoke if the current policy rule evaluates to TRUE.
description Description of the policy
logAction Name of the messagelog action to use for requests that match this policy.
builtin Flag to determine whether DNS policy is default or not
feature The feature to be checked while applying this config
stateflag type devno count
rm dns policy¶
Removes a DNS policy.
Synopsis¶
rm dns policy
Arguments¶
name Name of the DNS policy to remove.