gtm listener-doh-proxyΒΆ

gtm listener-doh-proxy(1)				BIG-IP TMSH Manual				 gtm listener-doh-proxy(1)

       listener-doh-proxy - Configures a DNS over HTTPS proxy listener.


       Configure the listener-doh-proxy component within the gtm module using the syntax in the following sections.

	create listener-doh-proxy [name]
	modify listener-doh-proxy [name]
	    address [ip address]
	    advertise [yes | no]
	    app-service [[string] | none]
	    auto-lasthop [default | enabled | disabled ]
	    description [string]
	    [disabled | enabled]
	    fallback-persistence [none | [profile name] ]
	    ip-protocol tcp
	    last-hop-pool [ [pool_name] | none]
	    mask { [ipv4] | [ipv6] }
	    persist [replace-all-with] {
		[profile_name ... ] {
		    default [no | yes]
	    persist none
	    pool [ [pool_name] | none]
	    port [service port]
	    profiles [add | delete | replace-all-with] {
		[profile name ...] {
		   context [all | clientside | serverside]
	    rules { [none | [rule_name ... ] }
	    source-address-translation {
		pool [ [pool_name] | none]
		type [ automap | snat | none ]
	    source-port [change | preserve]
	    translate-address [enabled | disabled]
	    translate-port [enabled | disabled]
	    vlans none
	      [ add | delete | replace-all-with ] {
		[vlan name] ...

	edit listener-doh-proxy [ [ [name] | [glob] | [regex] ] ... ]

	reset-stats listener-doh-proxy
	reset-stats listener-doh-proxy [ [ [name] | [glob] | [regex] ] ... ]

	list listener-doh-proxy
	list listener-doh-proxy [name]
	show running-config listener-doh-proxy
	show running-config listener-doh-proxy [ [ [name] | [glob] | [regex] ] ... ]
	show listener-doh-proxy
	show listener-doh-proxy [name]
	    (default | exa | gig | kil | meg | peta | raw | tera | yotta | zetta)

	delete listener-doh-proxy [name]

       You can use the listener-doh-proxy component to create, display, modify, or delete a dns-over-http proxy listener.

       A doh-proxy listener is an object that listens for DNS over HTTPS queries and works in pass through mode or acts as a proxy
       to another DoH server.

       Important: When you create, modify, or delete a listener, the system saves the running configuration in the stored
       configuration files.

       create listener-doh-proxy my_listener address persist replace-all-with { source_addr }

       Creates a listener named my_listener with an IP address of, which uses the source address persistence method.

       modify listener-doh-proxy my_listener profiles replace-all-with { dns }

       Replaces the profiles associated with the listener my_listener.

       Note: To replace the profile associated with a listener, you must enclose the name of the new profile in curly brackets.

       list listener-doh-proxy non-default-properties

       Displays all non-default properties for all listeners.

       delete listener-doh-proxy my_listener

       Deletes the listener named my_listener.

	    Specifies the IP address on which the system listens. The system receives traffic sent to this IP address and
	    processes it as needed. This option is required.

	    Specifies whether to advertise the listener address to surrounding routers. The options are yes or no. The default
	    value is no.

	    Specifies the name of the application service to which the listener belongs. The default value is none. Note: If the
	    strict-updates option is enabled on the application service that owns the object, you cannot modify or delete the
	    listener. Only the application service can modify or delete the listener.

	    Specifies that the protocol profile is either a clientside or serverside profile. If not specified, the default value
	    is all for both sides.

	    User defined description.

       (enabled | disabled)
	    Specifies the state of the listener. The default value is enabled.

	    Note: When you disable a listener, the listener no longer accepts new connection requests. However, it allows current
	    connections to finish processing before going to a down state.

	    Specifies a fallback persistence profile for the listener to use when the default persistence profile is not
	    available. The default value is none.

       glob Displays the items that match the glob expression. See help glob for a description of glob expression syntax.

	    Specifies the protocol on which this listener receives network traffic. It is always tcp and cannot be modified.

	    Specifies the name of the last hop pool that you want the listener to use to direct reply traffic to the last hop
	    router. The default value is none.

       mask Specifies the netmask for a network listener only. This setting is required for a network listener.

	    The netmask clarifies whether the host bit is an actual zero or a wildcard representation. The default value is for IPv4 or ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff for IPv6.

       name Specifies a unique name for the component. This option is required for the commands create and modify.

	    Displays the administrative partition within which the listener resides.

	    Specifies a list of profiles separated by spaces that the listener uses to manage connection persistence. The default
	    value is none.

	    To enable persistence, typically you specify a single profile. However, you can specify multiple profiles in
	    conjunction with iRules(r) that define a persistence strategy based on incoming traffic. In the case of multiple
	    profiles, the default option specifies which profile you want the listener to use if an iRule does not specify a
	    persistence method. When you specify multiple profiles, the default value of the default property is no. You can set
	    the value of the default property to yes for only one of the profiles.

       pool Specifies a default pool to which you want the listener to automatically direct traffic. The default value is none.

       port Specifies the service port on which the listener listens for connections. When you create a listener, the default
	    value is 443 if no port number is specified.

	    Specifies profiles to use for this listener. When a listener is created, if any required profile is not specified, the
	    default profile will be automatically added. Required profiles include doh-proxy, dns, httprouter, http2, http, and
	    tcp profiles. Ssl profiles maybe required based on http2 profile settings. Only ssl profiles are allowed to be added
	    or deleted from a listener once it is created.

	    The replace-all-with command replaces the profiles with the specified types and contexts.

	    Specifies a list of iRules, separated by spaces, that customize the listener to direct and manage traffic. The default
	    value is none.

	    Displays the items that match the regular expression. The regular expression must be preceded by an at sign (@[regular
	    expression]) to indicate that the identifier is a regular expression. See help regex for a description of regular
	    expression syntax.

	    Specifies the type of source address translation enabled for the listener as well as the pool that the source address
	    translation will use.

	    pool Specifies the name of a SNAT pool used by the specified listener.

	    type Specifies the type of source address translation associated with the specified listener.

		 The options are:

		      Specifies the use of self IP addresses for listener source address translation.

		 none Specifies no source address translation to be used by the listener.

		 snat Specifies the use of a SNAT pool of translation addresses for listener source address translation.

	    Specifies whether the system preserves the source port of the connection. The default value is preserve.

	    The options are:

		 Obfuscates internal network addresses.

		 Preserves the source port of the connection.

	    Enables or disables address translation for the listener. Disable address translation for a listener if you want to
	    use the listener to load balance connections to any address. This option is useful when the system is load balancing
	    devices that have the same IP address. The default value is disabled.

	    Enables or disables port translation. Disable port translation for a listener, if you want to use the listener to load
	    balance connections to any service. The default value is disabled.

	    Specifies a list of VLANs on which traffic is either disabled or enabled, based on whether the vlans-disabled or
	    vlans-enabled option is specified.

	    Specifies that traffic is not accepted by this listener on the VLANs specified in the vlans option. This option is
	    mutually exclusive with the vlans-enabled option.

	    Specifies that traffic is accepted by this listener on only the VLANs specified in the vlans option. This option is
	    mutually exclusive with the vlans-disabled option.

       create, delete, edit, glob, list, modify, net vlan, net vlan-group, regex, reset-stats, show, tmsh

       No part of this program may be reproduced or transmitted in any form or by any means, electronic or mechanical, including
       photocopying, recording, or information storage and retrieval systems, for any purpose other than the purchaser's personal
       use, without the express written permission of F5 Networks, Inc.

       F5 Networks and BIG-IP (c) Copyright 2008-2020. All rights reserved.

BIG-IP							    2020-12-01					 gtm listener-doh-proxy(1)