This product is not supported for your selected
Datadog site. (
).
Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel,
n'hésitez pas à nous contacter.
gcp_dns_response_policy_rule
ancestors
Type: UNORDERED_LIST_STRING
behavior
Type: STRING
Provider name: behavior
Description: Answer this query with a behavior rather than DNS data.
Possible values:
behaviorUnspecifiedbypassResponsePolicy - Skip a less-specific ResponsePolicyRule and continue normal query logic. This can be used with a less-specific wildcard selector to exempt a subset of the wildcard ResponsePolicyRule from the ResponsePolicy behavior and query the public Internet instead. For instance, if these rules exist: *.example.com -> LocalData 1.2.3.4 foo.example.com -> Behavior ‘bypassResponsePolicy’ Then a query for ‘foo.example.com’ skips the wildcard. This additionally functions to facilitate the allowlist feature. RPZs can be applied to multiple levels in the (eventually org, folder, project, network) hierarchy. If a rule is applied at a higher level of the hierarchy, adding a passthru rule at a lower level will supersede that, and a query from an affected vm to that domain will be exempt from the RPZ and proceed to normal resolution behavior.
dns_name
Type: STRING
Provider name: dnsName
Description: The DNS name (wildcard or exact) to apply this rule to. Must be unique within the Response Policy Rule.
kind
Type: STRING
Provider name: kind
labels
Type: UNORDERED_LIST_STRING
local_data
Type: STRUCT
Provider name: localData
Description: Answer this query directly with DNS data. These ResourceRecordSets override any other DNS behavior for the matched name; in particular they override private zones, the public internet, and GCP internal DNS. No SOA nor NS types are allowed.
local_datas
Type: UNORDERED_LIST_STRUCT
Provider name: localDatas
Description: All resource record sets for this selector, one per resource record type. The name must match the dns_name.
kind
Type: STRING
Provider name: kind
name
Type: STRING
Provider name: name
Description: For example, www.example.com.
routing_policy
Type: STRUCT
Provider name: routingPolicy
Description: Configures dynamic query responses based on geo location of querying user or a weighted round robin based routing policy. A ResourceRecordSet should only have either rrdata (static) or routing_policy (dynamic). An error is returned otherwise.
geo
Type: STRUCT
Provider name: geo
enable_fencing
Type: BOOLEAN
Provider name: enableFencing
Description: Without fencing, if health check fails for all configured items in the current geo bucket, we’ll failover to the next nearest geo bucket. With fencing, if health check is enabled, as long as some targets in the current geo bucket are healthy, we’ll return only the healthy targets. However, if they’re all unhealthy, we won’t failover to the next nearest bucket, we’ll simply return all the items in the current bucket even though they’re unhealthy.
items
Type: UNORDERED_LIST_STRUCT
Provider name: items
Description: The primary geo routing configuration. If there are multiple items with the same location, an error is returned instead.
health_checked_targets
Type: STRUCT
Provider name: healthCheckedTargets
Description: For A and AAAA types only. Endpoints to return in the query result only if they are healthy. These can be specified along with rrdata within this item.
internal_load_balancers
Type: UNORDERED_LIST_STRUCT
Provider name: internalLoadBalancers
ip_address
Type: STRING
Provider name: ipAddress
Description: The frontend IP address of the Load Balancer to health check.
ip_protocol
Type: STRING
Provider name: ipProtocol
kind
Type: STRING
Provider name: kind
load_balancer_type
Type: STRING
Provider name: loadBalancerType
Description: The type of Load Balancer specified by this target. Must match the configuration of the Load Balancer located at the LoadBalancerTarget’s IP address/port and region.
Possible values:
network_url
Type: STRING
Provider name: networkUrl
Description: The fully qualified url of the network on which the ILB is present. This should be formatted like https://www.googleapis.com/compute/v1/projects/{project}/global/networks/{network}
port
Type: STRING
Provider name: port
Description: The configured port of the Load Balancer.
project
Type: STRING
Provider name: project
Description: The project ID in which the ILB exists.
region
Type: STRING
Provider name: region
Description: The region in which the ILB exists.
kind
Type: STRING
Provider name: kind
location
Type: STRING
Provider name: location
Description: The geo-location granularity is a GCP region. This location string should correspond to a GCP region. e.g. “us-east1”, “southamerica-east1”, “asia-east1”, etc.
rrdatas
Type: UNORDERED_LIST_STRING
Provider name: rrdatas
signature_rrdatas
Type: UNORDERED_LIST_STRING
Provider name: signatureRrdatas
Description: DNSSEC generated signatures for all the rrdata within this item. Note that if health checked targets are provided for DNSSEC enabled zones, there’s a restriction of 1 ip per item. .
kind
Type: STRING
Provider name: kind
kind
Type: STRING
Provider name: kind
primary_backup
Type: STRUCT
Provider name: primaryBackup
backup_geo_targets
Type: STRUCT
Provider name: backupGeoTargets
Description: Backup targets provide a regional failover policy for the otherwise global primary targets. If serving state is set to BACKUP, this policy essentially becomes a geo routing policy.
enable_fencing
Type: BOOLEAN
Provider name: enableFencing
Description: Without fencing, if health check fails for all configured items in the current geo bucket, we’ll failover to the next nearest geo bucket. With fencing, if health check is enabled, as long as some targets in the current geo bucket are healthy, we’ll return only the healthy targets. However, if they’re all unhealthy, we won’t failover to the next nearest bucket, we’ll simply return all the items in the current bucket even though they’re unhealthy.
items
Type: UNORDERED_LIST_STRUCT
Provider name: items
Description: The primary geo routing configuration. If there are multiple items with the same location, an error is returned instead.
health_checked_targets
Type: STRUCT
Provider name: healthCheckedTargets
Description: For A and AAAA types only. Endpoints to return in the query result only if they are healthy. These can be specified along with rrdata within this item.
internal_load_balancers
Type: UNORDERED_LIST_STRUCT
Provider name: internalLoadBalancers
ip_address
Type: STRING
Provider name: ipAddress
Description: The frontend IP address of the Load Balancer to health check.
ip_protocol
Type: STRING
Provider name: ipProtocol
kind
Type: STRING
Provider name: kind
load_balancer_type
Type: STRING
Provider name: loadBalancerType
Description: The type of Load Balancer specified by this target. Must match the configuration of the Load Balancer located at the LoadBalancerTarget’s IP address/port and region.
Possible values:
network_url
Type: STRING
Provider name: networkUrl
Description: The fully qualified url of the network on which the ILB is present. This should be formatted like https://www.googleapis.com/compute/v1/projects/{project}/global/networks/{network}
port
Type: STRING
Provider name: port
Description: The configured port of the Load Balancer.
project
Type: STRING
Provider name: project
Description: The project ID in which the ILB exists.
region
Type: STRING
Provider name: region
Description: The region in which the ILB exists.
kind
Type: STRING
Provider name: kind
location
Type: STRING
Provider name: location
Description: The geo-location granularity is a GCP region. This location string should correspond to a GCP region. e.g. “us-east1”, “southamerica-east1”, “asia-east1”, etc.
rrdatas
Type: UNORDERED_LIST_STRING
Provider name: rrdatas
signature_rrdatas
Type: UNORDERED_LIST_STRING
Provider name: signatureRrdatas
Description: DNSSEC generated signatures for all the rrdata within this item. Note that if health checked targets are provided for DNSSEC enabled zones, there’s a restriction of 1 ip per item. .
kind
Type: STRING
Provider name: kind
kind
Type: STRING
Provider name: kind
primary_targets
Type: STRUCT
Provider name: primaryTargets
internal_load_balancers
Type: UNORDERED_LIST_STRUCT
Provider name: internalLoadBalancers
ip_address
Type: STRING
Provider name: ipAddress
Description: The frontend IP address of the Load Balancer to health check.
ip_protocol
Type: STRING
Provider name: ipProtocol
kind
Type: STRING
Provider name: kind
load_balancer_type
Type: STRING
Provider name: loadBalancerType
Description: The type of Load Balancer specified by this target. Must match the configuration of the Load Balancer located at the LoadBalancerTarget’s IP address/port and region.
Possible values:
network_url
Type: STRING
Provider name: networkUrl
Description: The fully qualified url of the network on which the ILB is present. This should be formatted like https://www.googleapis.com/compute/v1/projects/{project}/global/networks/{network}
port
Type: STRING
Provider name: port
Description: The configured port of the Load Balancer.
project
Type: STRING
Provider name: project
Description: The project ID in which the ILB exists.
region
Type: STRING
Provider name: region
Description: The region in which the ILB exists.
trickle_traffic
Type: DOUBLE
Provider name: trickleTraffic
Description: When serving state is PRIMARY, this field provides the option of sending a small percentage of the traffic to the backup targets.
wrr
Type: STRUCT
Provider name: wrr
items
Type: UNORDERED_LIST_STRUCT
Provider name: items
health_checked_targets
Type: STRUCT
Provider name: healthCheckedTargets
Description: endpoints that need to be health checked before making the routing decision. The unhealthy endpoints will be omitted from the result. If all endpoints within a buckete are unhealthy, we’ll choose a different bucket (sampled w.r.t. its weight) for responding. Note that if DNSSEC is enabled for this zone, only one of rrdata or health_checked_targets can be set.
internal_load_balancers
Type: UNORDERED_LIST_STRUCT
Provider name: internalLoadBalancers
ip_address
Type: STRING
Provider name: ipAddress
Description: The frontend IP address of the Load Balancer to health check.
ip_protocol
Type: STRING
Provider name: ipProtocol
kind
Type: STRING
Provider name: kind
load_balancer_type
Type: STRING
Provider name: loadBalancerType
Description: The type of Load Balancer specified by this target. Must match the configuration of the Load Balancer located at the LoadBalancerTarget’s IP address/port and region.
Possible values:
network_url
Type: STRING
Provider name: networkUrl
Description: The fully qualified url of the network on which the ILB is present. This should be formatted like https://www.googleapis.com/compute/v1/projects/{project}/global/networks/{network}
port
Type: STRING
Provider name: port
Description: The configured port of the Load Balancer.
project
Type: STRING
Provider name: project
Description: The project ID in which the ILB exists.
region
Type: STRING
Provider name: region
Description: The region in which the ILB exists.
kind
Type: STRING
Provider name: kind
rrdatas
Type: UNORDERED_LIST_STRING
Provider name: rrdatas
signature_rrdatas
Type: UNORDERED_LIST_STRING
Provider name: signatureRrdatas
Description: DNSSEC generated signatures for all the rrdata within this item. Note that if health checked targets are provided for DNSSEC enabled zones, there’s a restriction of 1 ip per item. .
weight
Type: DOUBLE
Provider name: weight
Description: The weight corresponding to this subset of rrdata. When multiple WeightedRoundRobinPolicyItems are configured, the probability of returning an rrset is proportional to its weight relative to the sum of weights configured for all items. This weight should be non-negative.
kind
Type: STRING
Provider name: kind
rrdatas
Type: UNORDERED_LIST_STRING
Provider name: rrdatas
Description: As defined in RFC 1035 (section 5) and RFC 1034 (section 3.6.1) – see examples.
signature_rrdatas
Type: UNORDERED_LIST_STRING
Provider name: signatureRrdatas
Description: As defined in RFC 4034 (section 3.2).
ttl
Type: INT32
Provider name: ttl
Description: Number of seconds that this ResourceRecordSet can be cached by resolvers.
type
Type: STRING
Provider name: type
Description: The identifier of a supported record type. See the list of Supported DNS record types.
organization_id
Type: STRING
parent
Type: STRING
project_id
Type: STRING
project_number
Type: STRING
resource_name
Type: STRING
rule_name
Type: STRING
Provider name: ruleName
Description: An identifier for this rule. Must be unique with the ResponsePolicy.
Type: UNORDERED_LIST_STRING
