dns-policy¶
The following operations can be performed on "dns-policy":
add dns policy¶
Creates a DNS policy.
Synopsis¶
add dns policy <name> <rule> [<actionName>] [-logAction <string>]
Arguments¶
name
Name for the DNS policy.
rule
Expression against which DNS traffic is evaluated. Note: * On the command line interface, if the expression includes blank spaces, the entire expression must be enclosed in double quotation marks. * If the expression itself includes double quotation marks, you must escape the quotations by using the character. * Alternatively, you can use single quotation marks to enclose the rule, in which case you do not have to escape the double quotation marks. Example: CLIENT.UDP.DNS.DOMAIN.EQ("domainname")
actionName
Name of the DNS action to perform when the rule evaluates to TRUE. The built in actions function as follows: * dns_default_act_Drop. Drop the DNS request. * dns_default_act_Cachebypass. Bypass the DNS cache and forward the request to the name server. You can create custom actions by using the add dns action command in the CLI or the DNS > Actions > Create DNS Action dialog box in the Citrix ADC configuration utility.
logAction
Name of the messagelog action to use for requests that match this policy.
Example¶
add dns policy pol1 "dns.req.question.type.ne(aaaa)" -actionName act1 add dns policy pol2 "CLIENT.IP.SRC.IN_SUBNET(1.1.1.1/24)" -actionName action1 add dns policy pol1 dns.res.question.domain.contains("citrix") -actionName act2
rm dns policy¶
Removes a DNS policy.
Synopsis¶
rm dns policy <name>
Arguments¶
name
Name of the DNS policy to remove.
set dns policy¶
Modifies the parameters of the specified DNS policy.
Synopsis¶
set dns policy <name> [<rule>] [-actionName <string>] [-logAction <string>]
Arguments¶
name
Name of the DNS policy.
rule
Expression against which DNS traffic is evaluated. Note: * On the command line interface, if the expression includes blank spaces, the entire expression must be enclosed in double quotation marks. * If the expression itself includes double quotation marks, you must escape the quotations by using the character. * Alternatively, you can use single quotation marks to enclose the rule, in which case you do not have to escape the double quotation marks. Example: CLIENT.UDP.DNS.DOMAIN.EQ("domainname")
actionName
Name of the DNS action to perform when the rule evaluates to TRUE. The built in actions function as follows: * dns_default_act_Drop. Drop the DNS request. * dns_default_act_Cachebypass. Bypass the DNS cache and forward the request to the name server. You can create custom actions by using the add dns action command in the CLI or the DNS > Actions > Create DNS Action dialog box in the Citrix ADC configuration utility.
logAction
Name of the messagelog action to use for requests that match this policy.
Example¶
set dns policy pol1 -rule "dns.req.question.type.ne(aaaa)" set dns policy pol2 -rule "CLIENT.IP.SRC.IN_SUBNET(1.1.1.1/24)" set dns policy pol1 -rule dns.res.header.rcode.eq(nxdomain)
unset dns policy¶
Use this command to remove dns policy settings.Refer to the set dns policy command for meanings of the arguments.
Synopsis¶
unset dns policy <name> -logAction
show dns policy¶
Displays the parameters of the specified DNS policy or, if no policy name is specified, all configured DNS policies.
Synopsis¶
show dns policy [<name>]
Arguments¶
name
Name of the DNS policy.
Output¶
rule
The expression to be used by the dns policy.
viewName
The view name that must be used for the given policy
preferredLocation
The location used for the given policy. This is deprecated attribute. Please use -prefLocList
preferredLocList
The location list in priority order used for the given policy.
hits
The number of times the policy has been hit.
undefHits
Number of Undef hits.
drop
The dns packet must be dropped.
actionName
Name of the DNS action to perform when the rule evaluates to TRUE. The built in actions function as follows: * dns_default_act_Drop. Drop the DNS request. * dns_default_act_Cachebypass. Bypass the DNS cache and forward the request to the name server. You can create custom actions by using the add dns action command in the CLI or the DNS > Actions > Create DNS Action dialog box in the Citrix ADC configuration utility.
cacheBypass
By pass dns cache for this.
activePolicy
Indicates whether policy is bound or not.
boundTo
Location where policy is bound
priority
Specifies the priority of the policy.
gotoPriorityExpression
Expression specifying the priority of the next policy which will get evaluated if the current policy rule evaluates to TRUE.
labelType
Type of policy label invocation.
labelName
Name of the label to invoke if the current policy rule evaluates to TRUE.
description
Description of the policy
logAction
Name of the messagelog action to use for requests that match this policy.
builtin
Flag to determine whether DNS policy is default or not
feature
The feature to be checked while applying this config
stateflag
type
devno
count