All Products
Search

This Product

    Cloud Firewall:AddDnsFirewallPolicy

    Document Center

    Cloud Firewall:AddDnsFirewallPolicy

    Last Updated:Aug 01, 2025

    Adds a DNS firewall Access Control List (ACL).

    Operation description

    You can use this operation to create a policy to accept, deny, or monitor the traffic that passes through a DNS firewall.

    Try it now

    Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

    Test

    RAM authorization

    The table below describes the authorization required to call this API. You can define it in a Resource Access Management (RAM) policy. The table's columns are detailed below:

    • Action: The actions can be used in the Action element of RAM permission policy statements to grant permissions to perform the operation.

    • API: The API that you can call to perform the action.

    • Access level: The predefined level of access granted for each API. Valid values: create, list, get, update, and delete.

    • Resource type: The type of the resource that support authorization to perform the action. It indicates if the action supports resource-level permission. The specified resource must be compatible with the action. Otherwise, the policy will be ineffective.

      • For APIs with resource-level permissions, required resource types are marked with an asterisk (*). Specify the corresponding Alibaba Cloud Resource Name (ARN) in the Resource element of the policy.

      • For APIs without resource-level permissions, it is shown as All Resources. Use an asterisk (*) in the Resource element of the policy.

    • Condition key: The condition keys defined by the service. The key allows for granular control, applying to either actions alone or actions associated with specific resources. In addition to service-specific condition keys, Alibaba Cloud provides a set of common condition keys applicable across all RAM-supported services.

    • Dependent action: The dependent actions required to run the action. To complete the action, the RAM user or the RAM role must have the permissions to perform all dependent actions.

    Action

    Access level

    Resource type

    Condition key

    Dependent action

    yundun-cloudfirewall:AddDnsFirewallPolicy

    get

    *DnsFirewallPolicy

    acs:yundun-cloudfirewall::{#accountId}:dnsfirewallpolicy/*

    		 None None

    Request parameters

    Parameter

    Type

    Required

    Description

    Example
    SourceIp

    string

    No

    The source IP address of the visitor.

    140.205.118.97
    Lang

    string

    No

    The language of the request and response. Valid values:-zh: Chinese-en: English

    zh
    AclAction

    string

    Yes

    The action that is performed on traffic that hits the access control policy. Valid values:

    • accept: Allow

    • drop: Deny

    • log: Monitor

    log
    Description

    string

    Yes

    The description of the access control policy.

    test
    Destination

    string

    Yes

    The destination address in the access control policy.

    • If DestinationType is set to net, the value of Destination is a destination CIDR block. Example: 1.2.3.4/24

    • If DestinationType is set to group, the value of Destination is the name of a destination address book. Example: db_group

    • If DestinationType is set to domain, the value of Destination is a destination domain name. Example: *.aliyuncs.com

    • If DestinationType is set to location, the value of Destination is a destination region. For more information about the location codes, see the following sections. Example: ["BJ11", "ZB"]

    db_group
    DestinationType

    string

    Yes

    The type of the destination address in the access control policy.

    Valid values:

    • net: destination CIDR block (CIDR address)

    • group: destination address book

    • domain: destination domain name

    domain
    Direction

    string

    No

    The direction of the traffic to which the access control policy applies. Valid values:

    • in: inbound traffic

    • out: outbound traffic

    out
    Source

    string

    Yes

    The source address in the access control policy. Valid values:

    • If SourceType is set to net, the value of Source is a source CIDR block. Example: 10.2.XX.XX/24

    • If SourceType is set to group, the value of Source is the name of a source address book. Example: db_group.

    192.168.0.223/32
    SourceType

    string

    Yes

    The type of the source address in the access control policy. Valid values:

    • net: source CIDR block (CIDR)

    • group: source address book

    net
    Priority

    string

    Yes

    The priority of the access control policy.

    1
    Release

    string

    Yes

    The status of the access control policy. By default, the policy is enabled after it is created. Valid values:

    • true: enables the access control policy

    • false: disables the access control policy

    true
    IpVersion

    string

    Yes

    The IP version supported.

    Valid values:

    • 4: IPv4

    • 6: IPv6

    4

    Response parameters

    Parameter

    Type

    Description

    Example

    object

    AclUuid

    string

    The unique ID of the access control policy.

    f88dae6f-XXX-XXX-613de9ab2be8
    RequestId

    string

    The ID of the request.

    71209DFE-XXX-XXX-52B4A4E9DA3B

    Examples

    Success response

    JSON format

    {
  "AclUuid": "f88dae6f-XXX-XXX-613de9ab2be8",
  "RequestId": "71209DFE-XXX-XXX-52B4A4E9DA3B"
}

    Error codes

    HTTP status code

    Error code

    Error message

    Description
    400 ErrorParametersUid The aliUid parameter is invalid. The aliUid parameter is invalid.
    400 ErrorDBSelect An error occurred while querying database. An error occurred while querying database.
    400 ErrorParameterIpVersion The IP version is invalid. The IP version is invalid.
    400 ErrorParametersSource The source is invalid. The source is invalid.
    400 ErrorParametersDestination The Destination parameter is invalid. The Destination parameter is invalid.
    400 ErrorParametersAction The action is invalid. The action is invalid.
    400 ErrorParametersNewOrder The newOrder is invalid. The newOrder is invalid.
    400 ErrorParameters Parameters error. Parameter error.
    400 ErrorAddressCountExceed The maximum number of addresses is exceeded. The maximum number of address is exceeded.
    400 ErrorDBInsert An error occurred while performing an insert operation in the database. An error occurred while performing an insert operation in the database.
    400 ErrorRecordLog An error occurred while updating the operation log. An error occurred while updating the operation log.
    400 ErrorMarshalJSON An error occurred while encoding JSON. An error occurred while encoding JSON.
    400 ErrorAclExtendedCountExceed ACL or extended ACL rules are not matched. The quota for access control policies or extra access control policies is exhausted.
    400 ErrorAclRuleDuplicate acl rule duplicate. The same strategy exists.
    400 ErrorUUIDNew The UUID is invalid. The UUID is invalid.

    See Error Codes for a complete list.

    Release notes

    See Release Notes for a complete list.