ltm dns cache transparent¶

ltm dns cache transparent(1) BIG-IP TMSH Manual ltm dns cache transparent(1)

NAME
transparent - Configures a DNS cache without a resolver on the BIG-IP(r) system.

MODULE
ltm dns cache

SYNTAX
Configure the transparent DNS cache component within the ltm dns cache module using the syntax in the following sections.

CREATE/MODIFY
create transparent [name]
modify transparent [name]
options:
answer-default-zones [yes | no]
app-service [[string] | none]
description [[string] | none]
local-zones [ [none] |
[ { { name [dname] type [type] records [none | add { [RR string] ...} ] } ... } ] ]
msg-cache-size [integer]
response-policy-zones [add | delete | modify] {
[zone-name] {
action [nxdomain | walled-garden]
walled-garden [local-zone]
}
}
response-policy-zones none
rrset-cache-size [integer]
rrset-rotate [none | query-id]

DISPLAY
list transparent
list transparent [ [ [name] | [glob] | [regex] ] ... ]
options:
all-properties
non-default-properties
one-line
show transparent
show transparent [name]

DELETE
delete transparent [name]

DESCRIPTION
You can use the transparent component to configure and view information about a transparent DNS cache. A transparent cache
does not perform recursive resolution, but instead relies on another DNS resource for this functionality.

Important: When sizing caches, consider the total amount of memory available and how you wish to allocate memory for DNS
caching. Note that cache sizing values are per-TMM process; therefore, a platform with eight TMMs consumes the amount of
memory set for the RRset cache times eight.

EXAMPLES
list transparent myCache

Displays the properties of the transparent DNS cache myCache.

modify transparent myCache local-zones { { name lz.example.net records add { "lz.example.net 60 IN A 127.0.0.1"
"www.lz.example.net 300 IN A 127.0.0.2" } } }

Modifies DNS cache myCache by adding a local-zone lz.example.net with 2 resource records.

OPTIONS
answer-default-zones
Specifies whether the resolver cache answers queries for default zones: localhost, reverse 127.0.0.1 and ::1, and
AS112 zones. The default value is no.

app-service
Specifies the name of the application service to which the object belongs. The default value is none. Note: If the
strict-updates option is enabled on the application service that owns the object, you cannot modify or delete the
object. Only the application service can modify or delete the object.

description
User defined description.

glob Displays the items that match the glob expression. See help glob for a description of glob expression syntax.

local-zones
Zones and associated resource records for which the cache will provide Authoritative responses. Default is empty. This
is intended for small, simple authoritative data configurations.

The local-zone name must be fully qualified and should be the apex of the zone. The local-zone type may be one of the
following: deny, refuse, static, transparent, type-transparent, or redirect. Zero or more resource records must be
fully specified: name, ttl, class, type, and record data, separated by spaces, and within double quotes. For example,
"www.example.net. 300 IN A 1.2.3.4".

For all local-zones types, if the DNS query matches, it is answered Authoritatively. How a non-matching query is
handled depends on the local-zone type.

deny drops the query.

refuse sends a REFUSED response.

static sends either a NoData or NXDOMAIN response (includes SOA if present in local-zone).

transparent performs regular cache operation (i.e. transparent pass-through or iterative resolution) except for those
query names which would result in NoData. This is the default local-zone type.

type-transparent Same as transparent but does not return NoData.

redirect returns responses with zone suffix record(s) for queries beneath that suffix. For example, a local-zone for
example.com and a single A record for that name; queries for www.example.com or abc.www.example.com would return the
single A record (both have the same suffix).

msg-cache-size
Specifies the maximum size in bytes of the DNS message cache. The default value is 1048576.

The BIG-IP system caches the messages in a DNS response in the message cache. After the maximum size of the cache is
reached, when new or refreshed content is added to the cache, the expired and older content is removed from the cache.
A higher maximum size allows more DNS responses to be cached and increases the cache hit percentage. A lower maximum
size forces earlier eviction of cached content, but can lower the cache hit percentage.

name Specifies a unique name for the component. This option is required for the commands create, delete, and modify.

regex
Displays the items that match the regular expression. The regular expression must be preceded by an at sign (@[regular
expression]) to indicate that the identifier is a regular expression. See help regex for a description of regular
expression syntax.

response-policy-zones
Adds, deletes or modifies the response policy zone to be used by this DNS Cache. Only a DNS Express zone configured as
a response policy zone can be added.

The query name of a recursive DNS request without DNSSEC enabled is queried against the data in the response policy
zone. If a match is found, the configured response policy action is taken.

action
The action to take upon a match. nxdomain results in an NXDOMAIN response given to the client. walled-garden
results in a response with a CNAME to the walled-garden zone and an A or AAAA response matching the DNS query
type. The default action is nxdomain.

walled-garden
A local zone configured in this cache that contains an A and/or AAAA record. This is typically used to redirect a
user that requests resolution of a name contained in the RPZ database to a local server. This local server can
display a message to the user and/or record the connection. Only A/AAAA/ANY requests are redirected, a request
for any other type is answered with a NoData response. If a request is received for type A or AAAA but there are
no records of that type configured, a NoData response is returned instead.

rrset-cache-size
Specifies the maximum size in bytes of the resource records set cache. The default value is 10485760.

The BIG-IP system caches the supporting records in a DNS response in the resource record cache. After the maximum size
of the cache is reached, when new or refreshed content is added to the cache, the expired and older content is removed
from the cache. A higher maximum size allows more DNS responses to be cached and increases the cache hit percentage. A
lower maximum size forces earlier eviction of cached content, but can lower the cache hit percentage.

rrset-rotate
Specifies the resource record rotation method used within cached responses. The default value is none.

none Resource record order is not modified.

query-id Resource record order is a function of the client's query id.

SEE ALSO
create, delete, edit, glob, list, ltm dns cache resolver, ltm dns cache validating-resolver, show, modify, regex, tmsh

COPYRIGHT
No part of this program may be reproduced or transmitted in any form or by any means, electronic or mechanical, including
photocopying, recording, or information storage and retrieval systems, for any purpose other than the purchaser's personal
use, without the express written permission of F5 Networks, Inc.

BIG-IP 2017-09-07 ltm dns cache transparent(1)