Use the Oracle Cloud Infrastructure DNS REST API to build and configure Traffic Management policies.
Use the following guide to learn how policies are constructed using the DNS REST API.
Authentication and Authorization
Each service in Oracle Cloud Infrastructure integrates with IAM for authentication and authorization, for all interfaces (the Console, SDK or CLI, and REST API).
An administrator in an organization needs to set up groups , compartments , and policies that control which users can access which services, which resources, and the type of access. For example, the policies control who can create new users, create and manage the cloud network, create instances, create buckets, download objects, and so on. For more information, see Managing Identity Domains. For specific details about writing policies for each of the different services, see Policy Reference.
If you're a regular user (not an administrator) who needs to use the Oracle Cloud Infrastructure resources that the company owns, contact an administrator to set up a user ID for you. The administrator can confirm which compartment or compartments you can use.
Traffic Management Steering Policy Components 🔗
The following list describes the components used to build a Traffic Management Steering Policy.
STEERING POLICIES
An overall framework to define the traffic management behavior for zones. Steering policies contain rules that help to intelligently serve DNS answers.
ATTACHMENTS
Allows you to link a steering policy to zones. An attachment of a steering policy to a zone occludes all records at its domain that are of a covered record type, constructing DNS responses from its steering policy rather than from those domain's records. A domain can have at most one attachment covering any particular record type.
RULES
The guidelines steering policies use to filter answers based on the properties of a DNS request, such as the requests geolocation or the health of endpoints.
ANSWERS
Answers contain the DNS record data and metadata to be processed in a steering policy.
TEMPLATES
Templates are predefined rule sequences that create a policy type and its intended behavior. Example: The FAILOVER template serves answers by checking DNS query against a FILTER rule first, then the following rules in succession: HEALTH, PRIORITY, and LIMIT. This gives the domain dynamic failover capability. Policies that define the template field with any policy other than CUSTOM, must follow the rule sequence outlined for that policy type, otherwise, a 400 status code error is returned upon policy creation.
CASES
A rule can optionally include a sequence of cases defining alternate configurations for how it behaves during processing for any particular DNS query. When a rule has no sequence of cases, it's always evaluated with the same configuration during processing. When a rule has an empty sequence of cases, it's always ignored during processing. When a rule has a non-empty sequence of cases, its behavior during processing is configured by the first matching case in the sequence. A rule case with no caseCondition always matches. A rule case with a caseCondition matches only when that expression evaluates to true for the specific query.
Create Steering Policies Using Templates 🔗
The following section explains the rule configuration for each type of steering policy template followed by an example POST request (CreateSteeringPolicy) displaying how to configure each template.
FAILOVER
User failover policies to prioritize the order in which answers are served in a policy (for example, Primary and Secondary). Oracle Cloud Infrastructure
Health Checks monitors and on-demand probes are leveraged to evaluate the health of answers in the policy. If the Primary Answer is found to be unhealthy, DNS traffic is automatically steered to the Secondary Answer. Each of the following rules must be defined in the order specified in the rules field of the request body when using a FAILOVER template:
Order
Rule
Restrictions
Comments
1
FILTER
No cases are allowed.
Answer data must be defined in defaultAnswerData using the following JSON:
Load Balancer policies distribute traffic across many endpoints. You can assign equal weights to endpoints to distribute traffic evenly across the endpoints or you can assign custom weights for ratio load balancing. Oracle Cloud Infrastructure
Health Checks monitors and on-demand probes are leveraged to evaluate the health of the endpoint. DNS traffic is be automatically distributed to the other endpoints, if an endpoint is found to be unhealthy. Each of the following rules must be defined in the order specified in the rules field of the request body when using a LOAD_BALANCE template:
Order
Rule
Restrictions
Comments
1
FILTER
No cases are allowed.
Answer data must be defined in defaultAnswerData using the following JSON:
Geolocation-based steering policies distribute DNS traffic to different endpoints based on the location of the end user. Customers can define geographic regions composed of originating continent, countries or states/provinces (North America) and define a separate endpoint or set of endpoints for each region. Each of the following rules must be defined in the order specified in the rules field of the request body when using a ROUTE_BY_GEO template:
Order
Rule
Restrictions
Comments
1
FILTER
No cases are allowed.
Answer data must be defined in defaultAnswerData using the following JSON:
ASN-based steering policies enable you to steer DNS traffic based on Autonomous System Numbers (ASN). DNS queries originating from a specific ASN or set of ASNs can be steered to a specified endpoint. Each of the following rules must be defined in the order specified in the rules field of the request body when using a ROUTE_BY_ASN template:
Order
Rule
Restrictions
Comments
1
FILTER
No cases are allowed.
Answer data must be defined in defaultAnswerData using the following JSON:
IP Prefix-based steering policies enable customers to steer DNS traffic based on the IP Prefix of the originating query. Each of the following rules must be defined in the order specified in the rules field of the request body when using a ROUTE_BY_IP template:
Order
Rule
Restrictions
Comments
1
FILTER
No cases are allowed.
Answer data must be defined in defaultAnswerData using the following JSON:
Use custom policies to create complex policies combining the capabilities of failover, load balancing, geolocation, ASN and IP prefix steering. Custom templates to not require a regimented sequence of rules and we recommend that you contact Oracle Cloud Infrastructure support before creating a custom policy.
Rule Types 🔗
FILTER
Uses boolean data associated with answers, keeping answers only if the rule's shouldKeep value is true.
HEALTH
Uses OCI
Health Checks monitors and on-demand probes to evaluate the health of endpoints and add and remove answers from the policy as needed. A health check monitor must be referenced in a health rule to affect the policy. For more information about Health Checks, see Health Checks.
WEIGHTED
Uses a number between 0 and 255 used to evaluate how often an answer is served in relation to other answers. Answers with higher values are more likely to be returned.
PRIORITY
Uses an integer associated with each answer to sort answers from lowest to highest value. Example: An answer with a priority value of 1 would be returned before an answer with a priority value of 10 in the list of answers. Answers that don't have a priority value assigned to them are moved to the end of the list of answers.
LIMIT
Uses a count property to filter away all but the first answers in the list.