Oracle Cloud Infrastructure Documentation

Details for the DNS Service

This topic covers details for writing policies to control access to the DNS service.

Aggregate Resource-Type

dns

Individual Resource-Types

dns-zones

dns-records

dns-traffic

dns-steering-policies

dns-steering-policy-attachments

Comments

A policy that uses <verb> dns is equivalent to writing one with a separate <verb> <individual resource-type> statement for each of the individual resource-types.

See the table in Details for Verb + Resource-Type Combinations for a detailed breakout of the API operations covered by each verb, for each individual resource-type included in dns.

Supported Variables

The DNS Service supports all the general variables (see General Variables for All Requests), plus the ones listed here.

The dns-zones resource type can use the following variables:

Variable Variable Type Comments
target.dns-zone.id Entity (OCID) Use this variable to control access to specific DNS zones by OCID.
target.dns-zone.name String Use this variable to control access to specific DNS zones by name.

The dns-records resource type can use the following variables:

Variable Variable Type Comments
target.dns-zone.id Entity (OCID) Use this variable to control access to specific DNS zones by OCID.
target.dns-zone.name String Use this variable to control access to specific DNS zones by name.
target.dns-zone.scope String Valid values are "public" and "private".
target.dns-record.type List (String) Use this variable to control access to specific DNS records by type. Valid values in the last can be any supported DNS resource type. For example, "A", "AAAA", "TXT", and so on. See .
target.dns-domain.name List (String)

Use this variable to control access to specific domain names. Applicable to the following API operations:

  • GetDomainRecords
  • PatchDomainRecords
  • UpdateDomainRecords
  • DeleteRRSet
  • GetRRSet
  • PatchRRSet
  • UpdateRRSet

The dns-steering-policies resource type can use the following variables:

Variable Variable Type Comments
target.dns-steering-policy.id Entity (OCID) Use this variable to control access to specific steering policies by OCID.
target.dns-steering-policy.display-name String Use this variable to control access to specific steering policies by name.

Details for Verb + Resource-Type Combinations

The following tables show the permissions and API operations covered by each verb. The level of access is cumulative as you go from inspect > read > use > manage. A plus sign (+) in a table cell indicates incremental access compared to the cell directly above it, whereas "no extra" indicates no incremental access.

For example, the use and manage verbs for the dns-traffic resource-type cover no extra permissions or API operations compared to the read verb.

dns-zones
dns-records
dns-traffic
dns-steering-policies
dns-steering-policy-attachments

Permissions Required for Each API Operation

The following table lists the API operations in a logical order, grouped by resource type.

For information about permissions, see Permissions.

API Operation Permissions Required to Use the Operation
ListZones DNS_ZONE_INSPECT
CreateZone DNS_ZONE_CREATE
DeleteZone DNS_ZONE_DELETE
GetZone DNS_ZONE_READ
UpdateZone DNS_ZONE_UPDATE
GetZoneRecords DNS_ZONE_READ and DNS_RECORD_READ
PatchZoneRecords DNS_ZONE_UPDATE and DNS_RECORD_UPDATE
UpdateZoneRecords DNS_ZONE_UPDATE and DNS_RECORD_UPDATE
GetDomainRecords DNS_RECORD_READ
PatchDomainRecords DNS_RECORD_UPDATE
UpdateDomainRecords DNS_RECORD_UPDATE
DeleteRRSet DNS_RECORD_UPDATE
GetRRSet DNS_RECORD_READ
PatchRRSet DNS_RECORD_UPDATE
UpdateRRSet DNS_RECORD_UPDATE
GetDNSTrafficCounts DNS_TRAFFIC_READ
ListSteeringPolicies DNS_STEERING_POLICY_INSPECT
CreateSteeringPolicy DNS_STEERING_POLICY_CREATE
GetSteeringPolicy DNS_STEERING_POLICY_READ
UpdateSteeringPolicy DNS_STEERING_POLICY_UPDATE
DeleteSteeringPolicy DNS_STEERING_POLICY_DELETE

ListSteeringPolicyAttachments

DNS_STEERING_ATTACHMENT_INSPECT

CreateSteeringPolicyAttachment

DNS_ZONE_UPDATE and DNS_STEERING_POLICY_READ
GetSteeringPolicyAttachment DNS_STEERING_ATTACHMENT_READ
UpdateSteeringPolicyAttachment DNS_ZONE_UPDATE and DNS_STEERING_POLICY_READ
DeleteSteeringPolicyAttachment DNS_ZONE_UPDATE and DNS_STEERING_POLICY_READ