gtm listener-doh-server
gtm listener-doh-server(1) BIG-IP TMSH Manual gtm listener-doh-server(1)
NAME
listener-doh-server - Configures a DNS over HTTPS server listener.
MODULE
gtm
SYNTAX
Configure the listener-doh-server component within the gtm module using the syntax in the following sections.
CREATE/MODIFY
create listener-doh-server [name]
modify listener-doh-server [name]
options:
address [ip address]
advertise [yes | no]
app-service [[string] | none]
auto-lasthop [default | enabled | disabled ]
description [string]
[disabled | enabled]
fallback-persistence [none | [profile name] ]
ip-protocol tcp
last-hop-pool [ [pool_name] | none]
mask { [ipv4] | [ipv6] }
persist [replace-all-with] {
[profile_name ... ] {
default [no | yes]
}
}
persist none
pool [ [pool_name] | none]
port [service port]
profiles [add | delete | replace-all-with] {
[profile name ...] {
context [all | clientside | serverside]
}
}
rules { [none | [rule_name ... ] }
source-address-translation {
options:
pool [ [pool_name] | none]
type [ automap | snat | none ]
}
source-port [change | preserve]
translate-address [enabled | disabled]
translate-port [enabled | disabled]
vlans none
vlans
[ add | delete | replace-all-with ] {
[vlan name]...
}
vlans-disabled
vlans-enabled
edit listener-doh-server [ [ [name] | [glob] | [regex] ] ... ]
options:
all-properties
non-default-properties
one-line
reset-stats listener-doh-server
reset-stats listener-doh-server [ [ [name] | [glob] | [regex] ] ... ]
DISPLAY
list listener-doh-server
list listener-doh-server [name]
show running-config listener-doh-server
show running-config listener-doh-server [ [ [name] | [glob] | [regex] ] ... ]
options:
all-properties
non-default-properties
partition
show listener-doh-server
show listener-doh-server [name]
options:
(default | exa | gig | kil | meg | peta | raw | tera | yotta | zetta)
field-fmt
DELETE
delete listener-doh-server [name]
DESCRIPTION
You can use the listener-doh-server component to create, display, modify, or delete a listener.
A listener is an object that listens for DNS over HTTPS queries.
Important: When you create, modify, or delete a listener, the system saves the running configuration in the stored
configuration files.
EXAMPLES
create listener-doh-server my_listener address 10.10.1.1 persist replace-all-with { source_addr }
Creates a listener named my_listener with an IP address of 10.10.1.1, which uses the source address persistence method.
modify listener-doh-server my_listener profiles replace-all-with { dns }
Replaces the profiles associated with the listener my_listener.
Note: To replace the profile associated with a listener, you must enclose the name of the new profile in curly brackets.
list listener-doh-server non-default-properties
Displays all non-default properties for all listeners.
delete listener-doh-server my_listener
Deletes the listener named my_listener.
OPTIONS
address
Specifies the IP address on which the system listens. The system receives traffic sent to this IP address and
processes it as needed. This option is required.
advertise
Specifies whether to advertise the listener address to surrounding routers. The options are yes or no. The default
value is no.
app-service
Specifies the name of the application service to which the listener belongs. The default value is none. Note: If the
strict-updates option is enabled on the application service that owns the object, you cannot modify or delete the
listener. Only the application service can modify or delete the listener.
context
Specifies that the protocol profile is either a clientside or serverside profile. If not specified, the default value
is all for both sides.
description
User defined description.
(enabled | disabled)
Specifies the state of the listener. The default value is enabled.
Note: When you disable a listener, the listener no longer accepts new connection requests. However, it allows current
connections to finish processing before going to a down state.
fallback-persistence
Specifies a fallback persistence profile for the listener to use when the default persistence profile is not
available. The default value is none.
glob Displays the items that match the glob expression. See help glob for a description of glob expression syntax.
ip-protocol
Specifies the protocol on which this listener receives network traffic. It is always tcp and cannot be modified.
last-hop-pool
Specifies the name of the last hop pool that you want the listener to use to direct reply traffic to the last hop
router. The default value is none.
mask Specifies the netmask for a network listener only. This setting is required for a network listener.
The netmask clarifies whether the host bit is an actual zero or a wildcard representation. The default value is
255.255.255.255 for IPv4 or ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff for IPv6.
name Specifies a unique name for the component. This option is required for the commands create and modify.
partition
Displays the administrative partition within which the listener resides.
persist
Specifies a list of profiles separated by spaces that the listener uses to manage connection persistence. The default
value is none.
To enable persistence, typically you specify a single profile. However, you can specify multiple profiles in
conjunction with iRules(r) that define a persistence strategy based on incoming traffic. In the case of multiple
profiles, the default option specifies which profile you want the listener to use if an iRule does not specify a
persistence method. When you specify multiple profiles, the default value of the default property is no. You can set
the value of the default property to yes for only one of the profiles.
pool Specifies a default pool to which you want the listener to automatically direct traffic. The default value is none.
port Specifies the service port on which the listener listens for connections. When you create a listener, the default
value is 443 if no port number is specified.
profiles
Specifies profiles to use for this listener. When a listener is created, if any required profile is not specified, the
default profile will be automatically added. Required profiles include doh-server, dns, http2, http, and tcp profiles.
Ssl profiles maybe required based on http2 profile settings. Only ssl profiles are allowed to be added or deleted from
a listener once it is created.
The replace-all-with command replaces the profiles with the specified types and contexts.
rules
Specifies a list of iRules, separated by spaces, that customize the listener to direct and manage traffic. The default
value is none.
regex
Displays the items that match the regular expression. The regular expression must be preceded by an at sign (@[regular
expression]) to indicate that the identifier is a regular expression. See help regex for a description of regular
expression syntax.
source-address-translation
Specifies the type of source address translation enabled for the listener as well as the pool that the source address
translation will use.
pool Specifies the name of a SNAT pool used by the specified listener.
type Specifies the type of source address translation associated with the specified listener.
The options are:
automap
Specifies the use of self IP addresses for listener source address translation.
none Specifies no source address translation to be used by the listener.
snat Specifies the use of a SNAT pool of translation addresses for listener source address translation.
source-port
Specifies whether the system preserves the source port of the connection. The default value is preserve.
The options are:
change
Obfuscates internal network addresses.
preserve
Preserves the source port of the connection.
translate-address
Enables or disables address translation for the listener. Disable address translation for a listener if you want to
use the listener to load balance connections to any address. This option is useful when the system is load balancing
devices that have the same IP address. The default value is disabled.
translate-port
Enables or disables port translation. Disable port translation for a listener, if you want to use the listener to load
balance connections to any service. The default value is disabled.
vlans
Specifies a list of VLANs on which traffic is either disabled or enabled, based on whether the vlans-disabled or
vlans-enabled option is specified.
vlans-disabled
Specifies that traffic is not accepted by this listener on the VLANs specified in the vlans option. This option is
mutually exclusive with the vlans-enabled option.
vlans-enabled
Specifies that traffic is accepted by this listener on only the VLANs specified in the vlans option. This option is
mutually exclusive with the vlans-disabled option.
SEE ALSO
create, delete, edit, glob, list, modify, net vlan, net vlan-group, regex, reset-stats, show, tmsh
COPYRIGHT
No part of this program may be reproduced or transmitted in any form or by any means, electronic or mechanical, including
photocopying, recording, or information storage and retrieval systems, for any purpose other than the purchaser's personal
use, without the express written permission of F5 Networks, Inc.
F5 Networks and BIG-IP (c) Copyright 2008-2020. All rights reserved.
BIG-IP 2020-12-01 gtm listener-doh-server(1)