route53resolver_create_firewall_rule: Creates a single DNS Firewall rule in the specified rule...
In paws.networking: 'Amazon Web Services' Networking & Content Delivery Services
View source: R/route53resolver_operations.R
route53resolver_create_firewall_rule R Documentation
Creates a single DNS Firewall rule in the specified rule group, using
the specified domain list
Description
Creates a single DNS Firewall rule in the specified rule group, using the specified domain list.
See https://www.paws-r-sdk.com/docs/route53resolver_create_firewall_rule/ for full documentation.
Usage
route53resolver_create_firewall_rule(
CreatorRequestId,
FirewallRuleGroupId,
FirewallDomainListId,
Priority,
Action,
BlockResponse = NULL,
BlockOverrideDomain = NULL,
BlockOverrideDnsType = NULL,
BlockOverrideTtl = NULL,
Name,
FirewallDomainRedirectionAction = NULL,
Qtype = NULL
)
Arguments
CreatorRequestId
[required] A unique string that identifies the request and that allows you to retry
failed requests without the risk of running the operation twice.
CreatorRequestId can be any unique string, for example, a date/time
stamp.
FirewallRuleGroupId
[required] The unique identifier of the firewall rule group where you want to
create the rule.
FirewallDomainListId
[required] The ID of the domain list that you want to use in the rule.
Priority
[required] The setting that determines the processing order of the rule in the rule
group. DNS Firewall processes the rules in a rule group by order of
priority, starting from the lowest setting.
You must specify a unique priority for each rule in a rule group. To
make it easier to insert rules later, leave space between the numbers,
for example, use 100, 200, and so on. You can change the priority
setting for the rules in a rule group at any time.
Action
[required] The action that DNS Firewall should take on a DNS query when it matches
one of the domains in the rule's domain list:
-
ALLOW - Permit the request to go through.
-
ALERT - Permit the request and send metrics and logs to Cloud
Watch.
-
BLOCK - Disallow the request. This option requires additional
details in the rule's BlockResponse.
BlockResponse
The way that you want DNS Firewall to block the request, used with the
rule action setting BLOCK.
-
NODATA - Respond indicating that the query was successful, but no
response is available for it.
-
NXDOMAIN - Respond indicating that the domain name that's in the
query doesn't exist.
-
OVERRIDE - Provide a custom override in the response. This option
requires custom handling details in the rule's BlockOverride*
settings.
This setting is required if the rule action setting is BLOCK.
BlockOverrideDomain
The custom DNS record to send back in response to the query. Used for
the rule action BLOCK with a BlockResponse setting of OVERRIDE.
This setting is required if the BlockResponse setting is OVERRIDE.
BlockOverrideDnsType
The DNS record's type. This determines the format of the record value
that you provided in BlockOverrideDomain. Used for the rule action
BLOCK with a BlockResponse setting of OVERRIDE.
This setting is required if the BlockResponse setting is OVERRIDE.
BlockOverrideTtl
The recommended amount of time, in seconds, for the DNS resolver or web
browser to cache the provided override record. Used for the rule action
BLOCK with a BlockResponse setting of OVERRIDE.
This setting is required if the BlockResponse setting is OVERRIDE.
Name
[required] A name that lets you identify the rule in the rule group.
FirewallDomainRedirectionAction
How you want the the rule to evaluate DNS redirection in the DNS
redirection chain, such as CNAME, DNAME, ot ALIAS.
Inspect_Redirection_Domain (Default) inspects all domains in the
redirection chain. The individual domains in the redirection chain must
be added to the allow domain list.
Trust_Redirection_Domain inspects only the first domain in the
redirection chain. You don't need to add the subsequent domains in the
redirection list to the domain alloww list.
Qtype
The DNS query type you want the rule to evaluate. Allowed values are;
A: Returns an IPv4 address.
AAAA: Returns an Ipv6 address.
CAA: Restricts CAs that can create SSL/TLS certifications for the
domain.
CNAME: Returns another domain name.
DS: Record that identifies the DNSSEC signing key of a delegated
zone.
MX: Specifies mail servers.
NAPTR: Regular-expression-based rewriting of domain names.
NS: Authoritative name servers.
PTR: Maps an IP address to a domain name.
SOA: Start of authority record for the zone.
SPF: Lists the servers authorized to send emails from a domain.
SRV: Application specific values that identify servers.
TXT: Verifies email senders and application-specific values.
A query type you define by using the DNS type ID, for example 28 for
AAAA. The values must be defined as TYPENUMBER, where the NUMBER can
be 1-65334, for example, TYPE28. For more information, see List of DNS record types.
paws.networking documentation built on May 29, 2024, 10:12 a.m.
R Package Documentation
Browse R Packages
We want your feedback!
Note that we can't provide technical support on individual packages. You should contact the package authors for that.
View source: R/route53resolver_operations.R
| route53resolver_create_firewall_rule | R Documentation |
Creates a single DNS Firewall rule in the specified rule group, using the specified domain list
Description
Creates a single DNS Firewall rule in the specified rule group, using the specified domain list.
See https://www.paws-r-sdk.com/docs/route53resolver_create_firewall_rule/ for full documentation.
Usage
route53resolver_create_firewall_rule(
CreatorRequestId,
FirewallRuleGroupId,
FirewallDomainListId,
Priority,
Action,
BlockResponse = NULL,
BlockOverrideDomain = NULL,
BlockOverrideDnsType = NULL,
BlockOverrideTtl = NULL,
Name,
FirewallDomainRedirectionAction = NULL,
Qtype = NULL
)
Arguments
CreatorRequestId |
[required] A unique string that identifies the request and that allows you to retry
failed requests without the risk of running the operation twice.
|
FirewallRuleGroupId |
[required] The unique identifier of the firewall rule group where you want to create the rule. |
FirewallDomainListId |
[required] The ID of the domain list that you want to use in the rule. |
Priority |
[required] The setting that determines the processing order of the rule in the rule group. DNS Firewall processes the rules in a rule group by order of priority, starting from the lowest setting. You must specify a unique priority for each rule in a rule group. To make it easier to insert rules later, leave space between the numbers, for example, use 100, 200, and so on. You can change the priority setting for the rules in a rule group at any time. |
Action |
[required] The action that DNS Firewall should take on a DNS query when it matches one of the domains in the rule's domain list:
|
BlockResponse |
The way that you want DNS Firewall to block the request, used with the
rule action setting
This setting is required if the rule action setting is |
BlockOverrideDomain |
The custom DNS record to send back in response to the query. Used for
the rule action This setting is required if the |
BlockOverrideDnsType |
The DNS record's type. This determines the format of the record value
that you provided in This setting is required if the |
BlockOverrideTtl |
The recommended amount of time, in seconds, for the DNS resolver or web
browser to cache the provided override record. Used for the rule action
This setting is required if the |
Name |
[required] A name that lets you identify the rule in the rule group. |
FirewallDomainRedirectionAction |
How you want the the rule to evaluate DNS redirection in the DNS redirection chain, such as CNAME, DNAME, ot ALIAS.
|
Qtype |
The DNS query type you want the rule to evaluate. Allowed values are;
|
R Package Documentation
Browse R Packages
We want your feedback!
Note that we can't provide technical support on individual packages. You should contact the package authors for that.
Embedding an R snippet on your website
Add the following code to your website.
For more information on customizing the embed code, read Embedding Snippets.