/v1/api/namespaces/{namespaceId} (PUT) - BlueCat Edge - Service Point v4.x.x

BlueCat Edge User Guide
ft:locale
en-US
Product name
BlueCat Edge
Version
Service Point v4.x.x

Updates the namespace specified by namespace ID. Note that all parameters are updated with this action, whether you specify values or not. If you leave a parameter out, its value will be overwritten with no data.

Attention: If you modify the forwarders of an existing namespace, the cached answer to a query might differ from what the newly configured forwarder would return. BlueCat recommends clearing the cache of the site once a forwarder has been modified to ensure that the DNS resolver service uses the answer from the updated forwarder. For more information on clearing the cache of the DNS resolver service, refer to /v1/api/dnsResolverServices/clearCache (POST).

User-defined namespaces

PUT https://api-<BlueCat.edge.url>/v1/api/namespaces/{namespaceId}
Authorization: Bearer token
Content-Type: application/json

{
   "name": "namespace",
   "type": "USER"
   "description": "this is a namespace",
   "forwarders": ["8.8.8.8", "2.2.2.2"],
   "matchLists": ["domainListId1", "domainListId2"],
   "exceptionLists": ["domainListId1", "domainListId2"],
   "umbrellaIntegrationId": "<id of umbrella integration>",
   "ttl": 60,
   "staleCacheEntriesTTL": 3600",
   "isDefault": true,
   "doHEnabled": false,
   "retryRCodes": [3, 2],
   "negativeCacheTTL": 60,
   "ecsConfiguration": {
            "v4Prefix": 24,
            "v6Prefix": 56,
            "override": true
    }
}

Parameters

Name Description Type Required
name The name of the namespace String Required
type The type of namespace. The type can be one of the following:
  • USER - Creates a user-defined namespace.
  • DISCOVERED - Creates a discovered namespace.
  • RECURSIVE - Creates a recursive namespace.
 String Required
description A description of the namespace String Required
forwarders Forwarder IPv4 or IPv6 addresses. Optionally, you can define a custom port number or forwarders that listen on ports other than the standard DNS port. For example, 1.2.3.4:123 for IPv4 addresses or [2001:db8:1111:2222:3333:4444:5555:6666:7777]:123 or IPv6 addresses. If you do not define a port, the BlueCat Edge Service Point forwards all queries on destination port 53.

If the namespace uses a Cisco Umbrella integration, enter the two standard Cisco Umbrella cloud IP addresses.

Note:
  • You must only use IPv4 or IPv6 destinations supported by the service point network connection. For example, if you configure the service point using only an IPv4 address, the forwarders must only be IPv4 addresses.
  • If you configure multiple forwarders within a namespace, queries are load balanced based on the following criteria:
    • The server with the least number of queries 'in the air' is selected.
    • In the event of a tie, the server with the lowest measured latency is selected. The lowest measured latency is calculated over an average on the last 128 queries answered by that server.
  • BlueCat Edge performs a health check on all configured forwarders in a namespace. If a server is unreachable, it is skipped and the next forwarder is used.
 String Optional
matchLists Domain list IDs for match lists String Required
exceptionLists Domain list ID for exception lists String Required
ttl The TTL of the query response in seconds. Enter a value between 0 and 2147483647 inclusively.
Note: If you don't specify the TTL value, the value defaults to -1.
 Integer Optional
staleCacheEntriesTTL The TTL of the expired DNS queries. If unspecified, the default value is 3600.
Note: Currently, the only supported TTL values are 0, 3600, and 86400 seconds.
 Integer Optional
isDefault Indicates whether the namespace is the default namespace for a site. Boolean Optional
dohEnabled Enables or disables DNS over HTTPS (DoH) for Cisco Umbrella queries. The default value is false. Boolean Optional
retryRCodes A list of numeric values that represent DNS query response codes as outlined in RFC2929. If any of the configured DNS query responses are returned to this namespace, the next namespace within a site will attempt to resolve the DNS queries.
Note: To configure the NODATA response, set the value to 4020.
Note: This only applies to sites configured with more than one namespace.
 String Optional
negativeCacheTTL The TTL of the expired DNS responses served from the cache. Enter a value between 0 and 2147483647 inclusively. Integer Optional
ecsConfiguration Configures the EDNS Client Subnet (ECS) option on a namespace. ecsConfiguration has the following properties:
  • v4Prefix - The IPv4 prefix as an integer between 0-32.
  • v6Prefix - The IPv6 prefix as an integer between 0-128.
  • override - The boolean value that determines whether the namespace overrides the ECS option on incoming queries with the specified prefixes.

If override is set to true, the namespace applies the specified IPv4 or IPv6 prefix as the ECS value, overriding any existing ECS value of incoming DNS queries. On the response, the inbound ECS value will be restored.

If override is set to false, the existing ECS value is forwarded in queries and responses if the value is present on the incoming query. For queries that do not contain an ECS value, one will be added using the specified v4Prefix or v6Prefix. On the response, the inbound ECS value will be restored.

If the ecsConfiguration is not specified or has a null value, the ECS value is removed from incoming DNS queries before they are forwarded, but is restored on the response.

 Integer, Boolean Optional

Discovered namespaces

PUT https://api-<BlueCat.edge.url>/v1/api/namespaces/{namespaceId}
Authorization: Bearer token
Content-Type: application/json

{
   "name": "namespace",
   "type": "DISCOVERED"
   "description": "this is a namespace",
   "forwarders": ["8.8.8.8", "2.2.2.2"],
   "matchLists": ["domainListId1", "domainListId2"],
   "exceptionLists": ["domainListId1", "domainListId2"],
   "ttl": 60,
   "staleCacheEntriesTTL": 3600",
   "isDefault": true,
   "doHEnabled": false,
   "retryRCodes": [3, 2],
   "negativeCacheTTL": 60,
   "ecsConfiguration": {
            "v4Prefix": 24,
            "v6Prefix": 56,
            "override": true
   },
   "discoveryIds": ["12345678-ab12-3c4d-e5fa-593bb8bd604c", "46b2afdd-f735-421a-b489-6f7b1f35dd7d"]
}

Parameters

Name Description Type Required
name The name of the namespace String Required
type The type of namespace. The type can be one of the following:
  • USER - Creates a user-defined namespace.
  • DISCOVERED - Creates a discovered namespace.
  • RECURSIVE - Creates a recursive namespace.
 String Required
description A description of the namespace String Required
forwarders A list of fallback forwarder IPv4 or IPv6 addresses. Optionally, you can define a custom port number or forwarders that listen on ports other than the standard DNS port. For example, 1.2.3.4:123 for IPv4 addresses or [2001:db8:1111:2222:3333:4444:5555:6666:7777]:123 or IPv6 addresses. If you do not define a port, the BlueCat Edge Service Point forwards all queries on destination port 53.
Note:
  • You must only use IPv4 or IPv6 destinations supported by the service point network connection. For example, if you configure the service point using only an IPv4 address, the forwarders must only be IPv4 addresses.
  • If you configure multiple forwarders within a namespace, queries are load balanced based on the following criteria:
    • The server with the least number of queries 'in the air' is selected.
    • In the event of a tie, the server with the lowest measured latency is selected. The lowest measured latency is calculated over an average on the last 128 queries answered by that server.
  • BlueCat Edge performs a health check on all configured forwarders in a namespace. If a server is unreachable, it is skipped and the next forwarder is used.
 String Optional
matchLists Domain list IDs for match lists String Optional
exceptionLists Domain list ID for exception lists String Optional
umbrellaIntegrationId The ID of the Cisco Umbrella integration created in Edge. String Optional
ttl The TTL of the query response in seconds. Enter a value between 0 and 2147483647 inclusively.
Note: If you don't specify the TTL value, the value defaults to -1.
 Integer Optional
staleCacheEntriesTTL The TTL of the expired DNS queries. If unspecified, the default value is 3600.
Note: Currently, the only supported TTL values are 0, 3600, and 86400 seconds.
 Integer Optional
isDefault Indicates whether the namespace is the default namespace for a site. Boolean Optional
dohEnabled Enables or disables DNS over HTTPS (DoH) for Cisco Umbrella queries. The default value is false. Boolean Optional
retryRCodes A list of numeric values that represent DNS query response codes as outlined in RFC2929. If any of the configured DNS query responses are returned to this namespace, the next namespace within a site will attempt to resolve the DNS queries.
Note: To configure the NODATA response, set the value to 4020.
Note: This only applies to sites configured with more than one namespace.
 String Optional
negativeCacheTTL The TTL of the expired DNS responses served from the cache. Enter a value between 0 and 2147483647 inclusively. Integer Optional
ecsConfiguration Configures the EDNS Client Subnet (ECS) option on a namespace. ecsConfiguration has the following properties:
  • v4Prefix - The IPv4 prefix as an integer between 0-32.
  • v6Prefix - The IPv6 prefix as an integer between 0-128.
  • override - The boolean value that determines whether the namespace overrides the ECS option on incoming queries with the specified prefixes.

If override is set to true, the namespace applies the specified IPv4 or IPv6 prefix as the ECS value, overriding any existing ECS value of incoming DNS queries. On the response, the inbound ECS value will be restored.

If override is set to false, the existing ECS value is forwarded in queries and responses if the value is present on the incoming query. For queries that do not contain an ECS value, one will be added using the specified v4Prefix or v6Prefix. On the response, the inbound ECS value will be restored.

If the ecsConfiguration is not specified or has a null value, the ECS value is removed from incoming DNS queries before they are forwarded, but is restored on the response.

 Integer, Boolean Optional
authority Authoritative nameservers for discovered namespaces. authority has the following additional properties:
  • zoneName - The associated DNS zone name
  • nameservers - A set of unique DNS nameservers containing the following:
    • name - The hostname of the server.
    • addresses - A list of unique IP addresses where the server can be reached.
 String Optional
searchDomains Search domains for the discovered namespace. searchDomains has the following additional properties:
  • subnet - The subnet used to match queries to the search domain suffix by source IP address.
  • suffix - The domain name suffix to apply to queries whose source IP address matches the subnet.
 String Optional
discoveryIds A list of discovery configuration IDs to link to the discovered namespace. String Required

Recursive namespaces

PUT https://api-<BlueCat.edge.url>/v1/api/namespaces/{namespaceId}
Authorization: Bearer token
Content-Type: application/json

{
   "name": "namespace",
   "type": "RECURSIVE"
   "description": "this is a namespace",
   "matchLists": ["domainListId1", "domainListId2"],
   "exceptionLists": ["domainListId1", "domainListId2"],
   "ttl": 60,
   "staleCacheEntriesTTL": 3600",
   "doHEnabled": false,
   "retryRCodes": [3, 2],
   "negativeCacheTTL": 60,
   "ecsConfiguration": {
            "v4Prefix": 24,
            "v6Prefix": 56,
            "override": true
    },
    "enableDnsSec": false,
    "customRootHints": {
        "ttl": 3600,
        "rootServers": [
            {
                "name": "bluecatnetworks.com",
                "addresses": [
                    "192.168.0.50",
                    "2001:0db8:85a3:0000:0000:8a2e:0370:7334"
                ]
            }
        ]
    }
}

Parameters

Name Description Type Required
name The name of the namespace String Required
type The type of namespace. The type can be one of the following:
  • USER - Creates a user-defined namespace.
  • DISCOVERED - Creates a discovered namespace.
  • RECURSIVE - Creates a recursive namespace.
 String Required
description A description of the namespace String Required
matchLists Domain list IDs for match lists String Required
exceptionLists Domain list ID for exception lists String Required
ttl The TTL of the query response in seconds. Enter a value between 0 and 2147483647 inclusively.
Note: If you don't specify the TTL value, the value defaults to -1.
 Integer Optional
staleCacheEntriesTTL The TTL of the expired DNS queries. If unspecified, the default value is 3600.
Note: Currently, the only supported TTL values are 0, 3600, and 86400 seconds.
 Integer Optional
isDefault Indicates whether the namespace is the default namespace for a site. Boolean Optional
dohEnabled Enables or disables DNS over HTTPS (DoH) for Cisco Umbrella queries. The default value is false. Boolean Optional
retryRCodes A list of numeric values that represent DNS query response codes as outlined in RFC2929. If any of the configured DNS query responses are returned to this namespace, the next namespace within a site will attempt to resolve the DNS queries.
Note: To configure the NODATA response, set the value to 4020.
Note: This only applies to sites configured with more than one namespace.
 String Optional
negativeCacheTTL The TTL of the expired DNS responses served from the cache. Enter a value between 0 and 2147483647 inclusively. Integer Optional
ecsConfiguration Configures the EDNS Client Subnet (ECS) option on a namespace. ecsConfiguration has the following properties:
  • v4Prefix - The IPv4 prefix as an integer between 0-32.
  • v6Prefix - The IPv6 prefix as an integer between 0-128.
  • override - The boolean value that determines whether the namespace overrides the ECS option on incoming queries with the specified prefixes.

If override is set to true, the namespace applies the specified IPv4 or IPv6 prefix as the ECS value, overriding any existing ECS value of incoming DNS queries. On the response, the inbound ECS value will be restored.

If override is set to false, the existing ECS value is forwarded in queries and responses if the value is present on the incoming query. For queries that do not contain an ECS value, one will be added using the specified v4Prefix or v6Prefix. On the response, the inbound ECS value will be restored.

If the ecsConfiguration is not specified or has a null value, the ECS value is removed from incoming DNS queries before they are forwarded, but is restored on the response.

 Integer, Boolean Optional
enableDnsSec Indicates whether to enable DNSSEC validation and validate the authenticity of the DNS responses form the resolvers. Boolean Optional
customRootHints Configures custom root hint servers to use instead of public root servers. If you do not include this field, public internet root hint servers are used.
The customRootHints field includes the following properties:
  • ttl - The TTL value of the cache, in seconds. The default value is 86400 seconds (24 hours).
  • rootServers - The list of custom root servers. This field includes the following additional properties:
    • name - The FQDN of the root server.
    • addresses - A list of IPv4 or IPv6 addresses of the root name servers.
      Note: You must include at least one valid IPv4 address.
 String Optional

Successful response

204 NO CONTENT

Response on unsuccessful authorization

401 Unauthorized
Content-Type: application/JSON
{"code": "UNAUTHORIZED", "brief": "You are not authorized to perform this action"}
Possible error codes
  • 400 Bad Request, TOO_MANY_DOMAIN_LISTS - The namespace can't contain more than 20 domain lists.
  • 400 Bad Request, TOO_MANY_DOMAINS - A domain list in the match list contains more than the maximum 100,000 domains allowed.
  • 400 Bad Request, TOO_MANY_DOMAINS - A domain list in the exception list contains more than the maximum 100,000 domains allowed.
  • 400 Bad Request, DOMAIN_LIST_NOT_FOUND - A domain list in the match list can't be found.
  • 400 Bad Request, INVALID_STALE_CACHE_ENTRIES_TTL - Stale cache entries TTL must be one of 0, 3,600, or 86,400 seconds.
  • 400 Bad Request, DOMAIN_LIST_NOT_FOUND - A domain list in the exception list can't be found.
  • 400 Bad Request, INVALID_RECURSIVE_NAMESPACE - The recursive namespace configuration is invalid due to one of the following:
    • DNSSEC must be disabled when custom root hints are provided in namespace
    • Expected custom root servers list in namespace
    • A custom root hint server is missing its name in namespace
    • At least one IPv4 address is required per custom root server in namespace
    • IP addresses cannot be an empty string in namespace
    • The string <value> is not a valid IPv4 or IPv6 address for namespace
    • A custom root hint server is missing an IPv4 address in namespace
  • 409 Conflict, NAMESPACE_ALREADY_EXISTS - The namespace name is already in use
  • 404 Not Found, NOT_FOUND - No matching namespace found
  • 500 Internal Server Error, UNEXPECTED_SERVER_ERROR - Unexpected error while processing the request