Download full document:

dnsparameter

Configuration for DNS parameter resource.

Properties

(click to see Operations)

NameData TypePermissionsDescription
retries<Double>Read-writeMaximum number of retry attempts when no response is received for a query sent to a name server. Applies to end resolver and forwarder configurations.
Default value: 5
Minimum value = 1
Maximum value = 5
minttl<Double>Read-writeMinimum permissible time to live (TTL) for all records cached in the DNS cache by DNS proxy, end resolver, and forwarder configurations. If the TTL of a record that is to be cached is lower than the value configured for minTTL, the TTL of the record is set to the value of minTTL before caching. When you modify this setting, the new value is applied only to those records that are cached after the modification. The TTL values of existing records are not changed.
Minimum value = 0
Maximum value = 604800
maxttl<Double>Read-writeMaximum time to live (TTL) for all records cached in the DNS cache by DNS proxy, end resolver, and forwarder configurations. If the TTL of a record that is to be cached is higher than the value configured for maxTTL, the TTL of the record is set to the value of maxTTL before caching. When you modify this setting, the new value is applied only to those records that are cached after the modification. The TTL values of existing records are not changed.
Default value: 604800
Minimum value = 1
Maximum value = 604800
cacherecords<String>Read-writeCache resource records in the DNS cache. Applies to resource records obtained through proxy configurations only. End resolver and forwarder configurations always cache records in the DNS cache, and you cannot disable this behavior. When you disable record caching, the appliance stops caching server responses. However, cached records are not flushed. The appliance does not serve requests from the cache until record caching is enabled again.
Default value: YES
Possible values = YES, NO
namelookuppriority<String>Read-writeType of lookup (DNS or WINS) to attempt first. If the first-priority lookup fails, the second-priority lookup is attempted. Used only by the SSL VPN feature.
Default value: WINS
Possible values = WINS, DNS
recursion<String>Read-writeFunction as an end resolver and recursively resolve queries for domains that are not hosted on the NetScaler appliance. Also resolve queries recursively when the external name servers configured on the appliance (for a forwarder configuration) are unavailable. When external name servers are unavailable, the appliance queries a root server and resolves the request recursively, as it does for an end resolver configuration.
Default value: DISABLED
Possible values = ENABLED, DISABLED
resolutionorder<String>Read-writeType of DNS queries (A, AAAA, or both) to generate during the routine functioning of certain NetScaler features, such as SSL VPN, cache redirection, and the integrated cache. The queries are sent to the external name servers that are configured for the forwarder function. If you specify both query types, you can also specify the order. Available settings function as follows:
* OnlyAQuery. Send queries for IPv4 address records (A records) only.
* OnlyAAAAQuery. Send queries for IPv6 address records (AAAA records) instead of queries for IPv4 address records (A records).
* AThenAAAAQuery. Send a query for an A record, and then send a query for an AAAA record if the query for the A record results in a NODATA response from the name server.
* AAAAThenAQuery. Send a query for an AAAA record, and then send a query for an A record if the query for the AAAA record results in a NODATA response from the name server.
Default value: OnlyAQuery
Possible values = OnlyAQuery, OnlyAAAAQuery, AThenAAAAQuery, AAAAThenAQuery
dnssec<String>Read-writeEnable or disable the Domain Name System Security Extensions (DNSSEC) feature on the appliance. Note: Even when the DNSSEC feature is enabled, forwarder configurations (used by internal NetScaler features such as SSL VPN and Cache Redirection for name resolution) do not support the DNSSEC OK (DO) bit in the EDNS0 OPT header.
Default value: ENABLED
Possible values = ENABLED, DISABLED
maxpipeline<Double>Read-writeMaximum number of concurrent DNS requests to allow on a single client connection, which is identified by the <clientip:port>-<vserver ip:port> tuple. A value of 0 (zero) applies no limit to the number of concurrent DNS requests allowed on a single client connection.
dnsrootreferral<String>Read-writeSend a root referral if a client queries a domain name that is unrelated to the domains configured/cached on the NetScaler appliance. If the setting is disabled, the appliance sends a blank response instead of a root referral. Applicable to domains for which the appliance is authoritative. Disable the parameter when the appliance is under attack from a client that is sending a flood of queries for unrelated domains.
Default value: DISABLED
Possible values = ENABLED, DISABLED
dns64timeout<Double>Read-writeWhile doing DNS64 resolution, this parameter specifies the time to wait before sending an A query if no response is received from backend DNS server for AAAA query.
Minimum value = 0
Maximum value = 10000
ecsmaxsubnets<Double>Read-writeMaximum number of subnets that can be cached corresponding to a single domain. Subnet caching will occur for responses with EDNS Client Subnet (ECS) option. Caching of such responses can be disabled using DNS profile settings. A value of zero indicates that the number of subnets cached is limited only by existing memory constraints. The default value is zero.
Default value: 0
Minimum value = 0
Maximum value = 1280
maxnegcachettl<Double>Read-writeMaximum time to live (TTL) for all negative records ( NXDONAIN and NODATA ) cached in the DNS cache by DNS proxy, end resolver, and forwarder configurations. If the TTL of a record that is to be cached is higher than the value configured for maxnegcacheTTL, the TTL of the record is set to the value of maxnegcacheTTL before caching. When you modify this setting, the new value is applied only to those records that are cached after the modification. The TTL values of existing records are not changed.
Default value: 604800
Minimum value = 1
Maximum value = 604800
cachehitbypass<String>Read-writeThis parameter is applicable only in proxy mode and if this parameter is enabled we will forward all the client requests to the backend DNS server and the response served will be cached on netscaler.
Default value: DISABLED
Possible values = ENABLED, DISABLED
maxcachesize<Double>Read-writeMaximum memory, in megabytes, that can be used for dns caching per Packet Engine.
maxnegativecachesize<Double>Read-writeMaximum memory, in megabytes, that can be used for caching of negative DNS responses per packet engine.
cachenoexpire<String>Read-writeIf this flag is set to YES, the existing entries in cache do not age out. On reaching the max limit the cache records are frozen.
Default value: DISABLED
Possible values = ENABLED, DISABLED
splitpktqueryprocessing<String>Read-writeProcessing requests split across multiple packets.
Default value: ALLOW
Possible values = ALLOW, DROP
cacheecszeroprefix<String>Read-writeCache ECS responses with a Scope Prefix length of zero. Such a cached response will be used for all queries with this domain name and any subnet. When disabled, ECS responses with Scope Prefix length of zero will be cached, but not tied to any subnet. This option has no effect if caching of ECS responses is disabled in the corresponding DNS profile.
Default value: ENABLED
Possible values = ENABLED, DISABLED

Operations

(click to see Properties)

UPDATE| UNSET| GET (ALL)

Some options that you can use for each operations:

  • Getting warnings in response:NITRO allows you to get warnings in an operation by specifying the "warning" query parameter as "yes". For example, to get warnings while connecting to the NetScaler appliance, the URL is as follows:

    http://<netscaler-ip-address>/nitro/v1/config/login?warning=yes

    If any, the warnings are displayed in the response payload with the HTTP code "209 X-NITRO-WARNING".

  • Authenticated access for individual NITRO operations:NITRO allows you to logon to the NetScaler appliance to perform individual operations. You can use this option instead of creating a NITRO session (using the login object) and then using that session to perform all operations,

    To do this, you must specify the username and password in the request header of the NITRO request as follows:

    X-NITRO-USER:<username>

    X-NITRO-PASS:<password>

    Note:In such cases, make sure that the request header DOES not include the following:

    Cookie:NITRO_AUTH_TOKEN=<tokenvalue>

Note:

Mandatory parameters are marked in redand placeholder content is marked in <green>.

update

URL:http://<netscaler-ip-address>/nitro/v1/config/dnsparameter

HTTP Method:PUT

Request Headers:

Cookie:NITRO_AUTH_TOKEN=<tokenvalue> Content-Type:application/json

Request Payload:

{"dnsparameter":{
"retries":<Double_value>,
"minttl":<Double_value>,
"maxttl":<Double_value>,
"cacherecords":<String_value>,
"namelookuppriority":<String_value>,
"recursion":<String_value>,
"resolutionorder":<String_value>,
"dnssec":<String_value>,
"maxpipeline":<Double_value>,
"dnsrootreferral":<String_value>,
"dns64timeout":<Double_value>,
"ecsmaxsubnets":<Double_value>,
"maxnegcachettl":<Double_value>,
"cachehitbypass":<String_value>,
"maxcachesize":<Double_value>,
"maxnegativecachesize":<Double_value>,
"cachenoexpire":<String_value>,
"splitpktqueryprocessing":<String_value>,
"cacheecszeroprefix":<String_value>
}}

Response:

HTTP Status Code on Success: 200 OK HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for NetScaler-specific errors). The response payload provides details of the error

unset

URL:http://<netscaler-ip-address>/nitro/v1/config/dnsparameter?action=unset

HTTP Method:POST

Request Headers:

Cookie:NITRO_AUTH_TOKEN=<tokenvalue> Content-Type:application/json

Request Payload:

{"dnsparameter":{
"retries":true,
"minttl":true,
"maxttl":true,
"cacherecords":true,
"namelookuppriority":true,
"recursion":true,
"resolutionorder":true,
"dnssec":true,
"maxpipeline":true,
"dnsrootreferral":true,
"dns64timeout":true,
"ecsmaxsubnets":true,
"maxnegcachettl":true,
"cachehitbypass":true,
"maxcachesize":true,
"maxnegativecachesize":true,
"cachenoexpire":true,
"splitpktqueryprocessing":true,
"cacheecszeroprefix":true
}}

Response:

HTTP Status Code on Success: 200 OK HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for NetScaler-specific errors). The response payload provides details of the error

get (all)

URL:http://<netscaler-ip-address>/nitro/v1/config/dnsparameter

HTTP Method:GET

Request Headers:

Cookie:NITRO_AUTH_TOKEN=<tokenvalue> Accept:application/json

Response:

HTTP Status Code on Success: 200 OK HTTP Status Code on Failure: 4xx <string> (for general HTTP errors) or 5xx <string> (for NetScaler-specific errors). The response payload provides details of the errorResponse Headers:

Content-Type:application/json

Response Payload:

{ "dnsparameter": [ {
"retries":<Double_value>,
"minttl":<Double_value>,
"maxttl":<Double_value>,
"namelookuppriority":<String_value>,
"cacherecords":<String_value>,
"recursion":<String_value>,
"resolutionorder":<String_value>,
"dnssec":<String_value>,
"maxpipeline":<Double_value>,
"dnsrootreferral":<String_value>,
"dns64timeout":<Double_value>,
"ecsmaxsubnets":<Double_value>,
"maxnegcachettl":<Double_value>,
"cachehitbypass":<String_value>,
"maxcachesize":<Double_value>,
"maxnegativecachesize":<Double_value>,
"cachenoexpire":<String_value>,
"splitpktqueryprocessing":<String_value>,
"cacheecszeroprefix":<String_value>
}]}