Securedns Hostcheck

Endpoints Summary

Method Path Swagger GET /securedns_hostcheck/ Swagger ↗

The SecureDNS Host Check API provides real-time hostname filtering ~~capabilities for~~and parental control ~~and content filtering systems.~~capabilities. This endpoint allows you to verify whether access to specific hostnames should be allowed, refused, or ignored based on your configured security ~~rules~~policies and ~~policies.~~content filtering rules.

Base URL: https://control.zequenze.com/api/v1

Authentication: All endpoints require a Bearer token:

Authorization: Bearer <your-api-token>

Overview

The SecureDNS Host Check API is designed for ~~organizations and service providers who need to implement~~implementing DNS-~~level~~based content filtering and parental ~~controls.~~control systems. This service ~~acts as a real-time decision engine that~~ evaluates ~~hostname requests~~hostnames against your configured security policies and returns appropriate ~~actions.~~actions based on category classifications, access control lists (ACLs), and subnet-specific rules.

Key Features:

Real-time hostname evaluation against security policies
~~Categorized~~Category-based content filtering ~~with~~(malware, ~~customizable~~adult ~~ACL~~content, social media, etc.)

Subnet-specific access control rules IP redirection capabilities for blocked content Response caching for improved performance Detailed logging and audit ~~trail for compliance~~ ~~Subnet-based rule matching for network-level controls~~trails

Common Integration Scenarios:

DNS ~~resolvers~~resolver ~~implementing~~integration ~~parental~~for ~~controls~~enterprise networks

Parental control software and routers Network security appliances ~~requiring content filtering~~ ~~ISP~~Content ~~services~~filtering ~~offering family-safe internet packages~~ ~~Corporate networks enforcing acceptable use policies~~proxies Educational ~~institutions~~institution ~~blocking~~network ~~inappropriate content~~protection

The API ~~uses~~returns astructured ~~simple~~responses ~~request-response~~indicating ~~pattern~~whether ~~where~~requests ~~you~~should ~~submit~~be aallowed ~~hostname~~through, ~~for~~redirected ~~evaluation~~to ~~and~~warning ~~receive~~pages, anor ~~action~~blocked ~~directive~~entirely, along with ~~supporting~~performance ~~metadata such as matched rules, categories,~~metrics and ~~redirect~~caching information.

Endpoints

GET /securedns_hostcheck/

Description: ~~Evaluates~~Performs real-time evaluation of a hostname against your configured SecureDNS ~~policies~~policies. The endpoint checks the requested hostname against category filters, access control lists, and subnet-specific rules to determine ifthe ~~access~~appropriate ~~should~~action. beAll ~~allowed,~~requests ~~refused,~~are orlogged ~~ignored.~~for ~~This endpoint performs real-time policy matching~~auditing and ~~returns~~reporting ~~detailed information about the decision including matched categories, ACL rules, and any redirect instructions.~~purposes.

Use Cases:

DNS resolver ~~checking~~integration ifto afilter ~~domain~~malicious ~~should~~or beinappropriate ~~blocked before resolution~~content
~~Network~~Real-time ~~gateway~~content ~~validating~~filtering for corporate networks

Parental control systems checking web access requests ~~against parental control policies~~ Security ~~appliance~~appliances ~~implementing~~validating ~~corporate~~outbound ~~content filtering~~connections Educational network ~~enforcing~~protection ~~acceptable~~against ~~use~~inappropriate ~~policies~~ ~~ISP providing family-safe internet filtering services~~content

Full URL Example:

https://control.zequenze.com/api/v1/securedns_hostcheck/?hostname=example.com&client_ip=192.168.1.100&subnet=192.168.1.0/24

Parameters:

Parameter	Type	In	Required	Description
hostname	string	query	Yes	The hostname or domain to check against SecureDNS policies
client_ip	string	query	NoYes	~~Client~~The IP address ~~for~~of ~~subnet-based~~the ~~rule~~client ~~matching~~making the request
~~policy_id~~subnet	string	query	No	~~Specific~~The ~~policy~~subnet ~~UUID~~identifier to ~~evaluate~~apply ~~against~~specific ACL rules

category_override string query No Override automatic category detection with specific category

cURL Example:

curl -X GET "https://control.zequenze.com/api/v1/securedns_hostcheck/?hostname=social-media.com&client_ip=192.168.10.0.1.100"50&subnet=10.0.1.0/24" \
  -H "Authorization: Bearer YOUR_API_TOKEN" \
  -H "Content-Type: application/json"

Example Response (Allowed):

[
  {
    "action": "A",
    "redirect_ip": "0.0.0.0",
    "match_subnet": "192.168.10.0.1.0/24",
    "uuid": "f47ac10b-58cc-4372-a567-0e02b2c3d479",
    "category": "news"business",
    "acl": "allow_news_sites"corporate_allow",
    "cached": true,
    "response_time": 0.04512.5
  }
]

Example Response (Blocked):

[
  {
    "action": "R",
    "redirect_ip": "10.203.0.0.1"113.10",
    "match_subnet": "192.168.1.0/24",
    "uuid": "a1b2c3d4-58cc-4372-a567-0e02b2c3d480"550e8400-e29b-41d4-a716-446655440000",
    "category": "adult_content",
    "acl": "block_adult_family_policy"family_safe",
    "cached": false,
    "response_time": 0.0328.3
  }
]

Response Fields:

Field	Type	Description
action	string	Action to take: "A" (Allow), "R" (~~Refuse)~~Refuse/Block), or "I" (Ignore)
redirect_ip	string	IP address to redirect blocked requests to (0.0.0.0 iffor ~~no redirect)~~allow)
match_subnet	string	~~Subnet~~The subnet rule that matched ~~the~~this ~~client IP for rule application~~request
uuid	string	Unique identifier offor ~~the~~this ~~matched~~policy rule match
category	string	Content category ~~that was matched~~classification (~~e.g.,~~malware, ~~"social_media",~~adult_content, ~~"adult_content"~~social_media, etc.)
acl	string	~~Name of the~~ Access Control List ~~rule~~name that was applied
cached	boolean	Whether this response was served from cache
response_time	number	~~Processing~~Response time in ~~seconds~~milliseconds

Response Codes:

Status	Description
200	Rule matched and request allowed - ~~Returns~~hostname ~~policy~~passes ~~decision~~all filters
401	Request not authorized - ~~Invalid~~invalid or missing API token
403	Request ~~forbidden/not allowed~~forbidden - ~~Access~~hostname ~~denied~~blocked by security policy
404	No rule matched OR- hostname not found in any policy rules

404 Rules matched and request not allowed - hostname explicitly blocked

Common Use Cases

Use Case 1: DNS Resolver Integration

Integrate the SecureDNS ~~checking~~API into ayour DNS resolver to ~~provide~~automatically ~~parental~~filter ~~controls.~~malicious ~~Before~~domains and inappropriate content. Query each hostname before resolving ~~any~~DNS ~~hostname,~~requests ~~query~~and either allow resolution or redirect to a block page based on the API ~~to determine if the request should proceed, be blocked, or redirected to a safe page.~~response.

Use Case 2: CorporateParental NetworkControl FilteringRouter

Implement ~~enterprise~~family-safe ~~content~~internet filtering by checking all outbound web requests ~~against~~through ~~corporate~~the ~~acceptable~~API. ~~use~~Configure ~~policies.~~different ~~Block~~policies for children's devices versus adult devices using subnet-based rules and redirect blocked content to age-appropriate explanations.

Use Case 3: Corporate Network Security

Protect enterprise networks by filtering access to social media, ~~streaming,~~streaming services, or ~~other~~malware ~~non-work-related categories~~domains during business hours.

Use Case 3: Educational Institution Safety

~~Schools and universities can use this~~the API to ~~ensure~~enforce ~~students~~acceptable ~~access~~use ~~only educational~~policies and ~~age-appropriate~~maintain ~~content,~~productivity ~~blocking~~while ~~adult~~ensuring ~~content,~~security ~~gaming sites, and other distracting categories.~~compliance.

Use Case 4: ISPEducational FamilyInstitution PlansFiltering

~~Internet~~Deploy ~~service providers can offer family-safe internet packages by routing DNS requests through this~~content filtering ~~service,~~for ~~automatically~~school ~~blocking~~networks to block inappropriate content ~~for~~while ~~subscribers.~~allowing educational resources. Implement time-based restrictions and category-specific filtering based on different areas of the campus network.

Use Case 5: HomeSecurity NetworkAppliance ProtectionIntegration

~~Home~~Embed ~~router~~the ~~firmware~~SecureDNS ~~can~~check ~~integrate~~into ~~this~~network ~~API~~security devices to provide ~~parents~~an additional layer of threat protection. Combine with ~~easy-to-configure~~other ~~content~~security ~~filtering~~feeds ~~without~~to ~~requiring~~create ~~technical~~comprehensive ~~expertise~~protection inagainst ~~DNS~~emerging ~~configuration.~~threats and malicious domains.

Best Practices

~~Performance Optimization:~~

~~Cache~~ ~~responses~~Implement ~~locally~~Response ~~when~~Caching: Use the cached field isto ~~true~~implement your own local caching layer for frequently requested hostnames to reduce API calls and improve response times
Handle All Response Codes: Implement ~~connection~~proper ~~pooling~~error handling for different HTTP status codes, especially distinguishing between 403 (blocked) and ~~keep-alive~~404 (no rule matched) responses

Subnet-Specific Policies: Leverage subnet parameters to implement different filtering policies for ~~high-volume~~various ~~integrations~~network segments (guest networks, employee networks, etc.) Monitor Response Times: Use the response_time field to ~~track~~monitor API performance and implement timeout handling for slow responses ~~Consider~~ ~~implementing~~Log ~~client-side~~Policy ~~caching~~Matches: ~~with~~Store ~~appropriate~~the ~~TTL~~returned uuid values for

~~Error~~audit ~~Handling:~~

trails

and ~~Always~~policy ~~handle~~effectiveness ~~404 responses appropriately - they can indicate either no rule match or blocked content~~analysis Graceful Degradation: Implement fallback behavior when the API is unavailable ~~(fail-open~~- vseither ~~fail-closed~~allow ~~policy)~~all traffic or apply local blocking rules ~~Log~~ Rate Limiting: Implement client-side rate limiting to avoid overwhelming the API ~~responses~~during ~~for~~high-traffic ~~troubleshooting~~periods Batch Processing: For high-volume scenarios, consider implementing request queuing and ~~compliance~~batch ~~auditing~~processing ~~Retry~~to ~~failed~~optimize ~~requests~~API ~~with exponential backoff~~usage

~~Security Considerations:~~

~~Protect API tokens and rotate them regularly~~ ~~Use HTTPS for all API communications~~ ~~Log all filtering decisions for security auditing~~ ~~Validate client IP addresses when using subnet-based rules~~

~~Integration Tips:~~

~~Test with various hostname formats (www vs non-www, subdomains, internationalized domains)~~ ~~Monitor API rate limits and implement appropriate throttling~~ ~~Use the~~ policy_id ~~parameter when you need to test against specific policies~~ ~~Implement proper timeout handling for real-time DNS integration scenarios~~