Console
    Contact Us Start free

    REST Resource: responsePolicyRules

    Resource: ResponsePolicyRule

    A Response Policy Rule is a selector that applies its behavior to queries that match the selector. Selectors are DNS names, which may be wildcards or exact matches. Each DNS query subject to a Response Policy matches at most one ResponsePolicyRule, as identified by the dnsName field with the longest matching suffix.

    JSON representation 
     { 
 "ruleName" 
 : 
 string 
 , 
 "kind" 
 : 
 string 
 , 
 // Union field selector 
can be only one of the following: 
 "dnsName" 
 : 
 string 
 // End of list of possible types for union field selector 
. 
 // Union field action 
can be only one of the following: 
 "localData" 
 : 
 { 
 object (  LocalData 
 
) 
 } 
 , 
 "behavior" 
 : 
 enum (  Behavior 
 
) 
 // End of list of possible types for union field action 
. 
 }
    Fields
    rule Name

    string

    An identifier for this rule. Must be unique with the ResponsePolicy.

    kind

    string

    Union field selector .

    selector can be only one of the following:

    dns Name

    string

    The DNS name (wildcard or exact) to apply this rule to. Must be unique within the Response Policy Rule.

    Union field action .

    action can be only one of the following:

    local Data

    object ( LocalData )

    Answer this query directly with DNS data. These ResourceRecordSets override any other DNS behavior for the matched name; in particular they override private zones, the public internet, and GCP internal DNS. No SOA nor NS types are allowed.

    behavior

    enum ( Behavior )

    Answer this query with a behavior rather than DNS data.

    LocalData

    JSON representation 
     { 
 "localDatas" 
 : 
 [ 
 { 
 object (  ResourceRecordSet 
 
) 
 } 
 ] 
 }
    Fields
    local Datas[]

    object ( ResourceRecordSet )

    All resource record sets for this selector, one per resource record type. The name must match the dnsName.

    Behavior

    Enums
    behaviorUnspecified
    bypassResponsePolicy

    Skip a less-specific Response Policy Rule and let the query logic continue. This mechanism, when used with wildcard selectors, lets you exempt specific subdomains from a broader Response Policy Rule and direct the queries to the public internet instead. For example, if the following rules exist:

     *.example.com -> LocalData 1.2.3.4
foo.example.com -> Behavior 'passthrough'

    A query for foo.example.com skips the wildcard rule.

    This functionality also facilitates allowlisting. Response Policy Zones (RPZs) can be applied at multiple levels within the hierarchy: for example, an organization, a folder, a project, or a VPC network. If an RPZ rule is applied at a higher level, adding a passthrough rule at a lower level will override it. Queries from affected virtual machines (VMs) to that domain bypass the RPZ and proceed with normal resolution.

    Methods

    create

    		Creates a new Response Policy Rule.

    delete

    		Deletes a previously created Response Policy Rule.

    get

    		Fetches the representation of an existing Response Policy Rule.

    list

    		Enumerates all Response Policy Rules associated with a project.

    patch

    		Applies a partial update to an existing Response Policy Rule.

    update

    		Updates an existing Response Policy Rule.
    Design a Mobile Site
    View Site in Mobile | Classic
    Share by: