REST Resource: responsePolicyRules

Resource: ResponsePolicyRule

A Response Policy Rule is a selector that applies its behavior to queries that match the selector. Selectors are DNS names, which may be wildcards or exact matches. Each DNS query subject to a Response Policy matches at most one ResponsePolicyRule, as identified by the dnsName field with the longest matching suffix.

JSON representation
{
  "ruleName": string,
  "kind": string,

  // Union field selector can be only one of the following:
  "dnsName": string
  // End of list of possible types for union field selector.

  // Union field action can be only one of the following:
  "localData": {
    object (LocalData)
  },
  "behavior": enum (Behavior)
  // End of list of possible types for union field action.
}
Fields
ruleName

string

An identifier for this rule. Must be unique with the ResponsePolicy.

kind

string

Union field selector.

selector can be only one of the following:

dnsName

string

The DNS name (wildcard or exact) to apply this rule to. Must be unique within the Response Policy Rule.

Union field action.

action can be only one of the following:

localData

object (LocalData)

Answer this query directly with DNS data. These ResourceRecordSets override any other DNS behavior for the matched name; in particular they override private zones, the public internet, and GCP internal DNS. No SOA nor NS types are allowed.

behavior

enum (Behavior)

Answer this query with a behavior rather than DNS data.

LocalData

JSON representation
{
  "localDatas": [
    {
      object (ResourceRecordSet)
    }
  ]
}
Fields
localDatas[]

object (ResourceRecordSet)

All resource record sets for this selector, one per resource record type. The name must match the dnsName.

Behavior

Enums
behaviorUnspecified
bypassResponsePolicy

Skip a less-specific Response Policy Rule and let the query logic continue. This mechanism, when used with wildcard selectors, lets you exempt specific subdomains from a broader Response Policy Rule and direct the queries to the public internet instead. For example, if the following rules exist:

*.example.com -> LocalData 1.2.3.4
foo.example.com -> Behavior 'passthrough'

A query for foo.example.com skips the wildcard rule.

This functionality also facilitates allowlisting. Response Policy Zones (RPZs) can be applied at multiple levels within the hierarchy: for example, an organization, a folder, a project, or a VPC network. If an RPZ rule is applied at a higher level, adding a passthrough rule at a lower level will override it. Queries from affected virtual machines (VMs) to that domain bypass the RPZ and proceed with normal resolution.

Methods

create

Creates a new Response Policy Rule.

delete

Deletes a previously created Response Policy Rule.

get

Fetches the representation of an existing Response Policy Rule.

list

Enumerates all Response Policy Rules associated with a project.

patch

Applies a partial update to an existing Response Policy Rule.

update

Updates an existing Response Policy Rule.