ltm dns cache transparent
ltm dns cache transparent(1) BIG-IP TMSH Manual ltm dns cache transparent(1)
NAME
transparent - Configures a DNS cache without a resolver on the
BIG-IP(r) system.
MODULE
ltm dns cache
SYNTAX
Configure the transparent DNS cache component within the ltm dns cache
module using the syntax in the following sections.
CREATE/MODIFY
create transparent [name]
modify transparent [name]
options:
answer-default-zones [yes | no]
app-service [[string] | none]
local-zones [ [none] |
[ { { name [dname] type [type] records [none | add { [RR string] ...} ] } ... } ] ]
msg-cache-size [integer]
response-policy-zones [add | delete | modify] {
[zone-name] {
action [nxdomain | walled-garden]
walled-garden [local-zone]
}
}
response-policy-zones none
rrset-cache-size [integer]
rrset-rotate [none | query-id]
DISPLAY
list transparent
list transparent [ [ [name] | [glob] | [regex] ] ... ]
options:
all-properties
non-default-properties
one-line
show transparent
show transparent [name]
DELETE
delete transparent [name]
DESCRIPTION
You can use the transparent component to configure and view information
about a transparent DNS cache. A transparent cache does not perform
recursive resolution, but instead relies on another DNS resource for
this functionality.
Important: When sizing caches, consider the total amount of memory
available and how you wish to allocate memory for DNS caching. Note
that cache sizing values are per-TMM process; therefore, a platform
with eight TMMs consumes the amount of memory set for the RRset cache
times eight.
EXAMPLES
list transparent myCache
Displays the properties of the transparent DNS cache myCache.
modify transparent myCache local-zones { { name lz.example.net records
add { "lz.example.net 60 IN A 127.0.0.1" "www.lz.example.net 300 IN A
127.0.0.2" } } }
Modifies DNS cache myCache by adding a local-zone lz.example.net with 2
resource records.
OPTIONS
answer-default-zones
Specifies whether the resolver cache answers queries for default
zones: localhost, reverse 127.0.0.1 and ::1, and AS112 zones. The
default value is no.
app-service
Specifies the name of the application service to which the object
belongs. The default value is none. Note: If the strict-updates
option is enabled on the application service that owns the object,
you cannot modify or delete the object. Only the application
service can modify or delete the object.
glob Displays the items that match the glob expression. See help glob
for a description of glob expression syntax.
local-zones
Zones and associated resource records for which the cache will
provide Authoritative responses. Default is empty. This is
intended for small, simple authoritative data configurations.
The local-zone name must be fully qualified and should be the apex
of the zone. The local-zone type may be one of the following:
deny, refuse, static, transparent, type-transparent, or redirect.
Zero or more resource records must be fully specified: name, ttl,
class, type, and record data, separated by spaces, and within
double quotes. For example, "www.example.net. 300 IN A 1.2.3.4".
For all local-zones types, if the DNS query matches, it is
answered Authoritatively. How a non-matching query is handled
depends on the local-zone type.
deny drops the query.
refuse sends a REFUSED response.
static sends either a NoData or NXDOMAIN response (includes SOA if
present in local-zone).
transparent performs regular cache operation (i.e. transparent
pass-through or iterative resolution) except for those query names
which would result in NoData. This is the default local-zone type.
type-transparent Same as transparent but does not return NoData.
redirect returns responses with zone suffix record(s) for queries
beneath that suffix. For example, a local-zone for example.com and
a single A record for that name; queries for www.example.com or
abc.www.example.com would return the single A record (both have
the same suffix).
msg-cache-size
Specifies the maximum size in bytes of the DNS message cache. The
default value is 1048576.
The BIG-IP system caches the messages in a DNS response in the
message cache. After the maximum size of the cache is reached,
when new or refreshed content is added to the cache, the expired
and older content is removed from the cache. A higher maximum size
allows more DNS responses to be cached and increases the cache hit
percentage. A lower maximum size forces earlier eviction of cached
content, but can lower the cache hit percentage.
name Specifies a unique name for the component. This option is required
for the commands create, delete, and modify.
regex
Displays the items that match the regular expression. The regular
expression must be preceded by an at sign (@[regular expression])
to indicate that the identifier is a regular expression. See help
regex for a description of regular expression syntax.
response-policy-zones
Adds, deletes or modifies the response policy zone to be used by
this DNS Cache. Only a DNS Express zone configured as a response
policy zone can be added.
The query name of a recursive DNS request without DNSSEC enabled
is queried against the data in the response policy zone. If a
match is found, the configured response policy action is taken.
action
The action to take upon a match. nxdomain results in an
NXDOMAIN response given to the client. walled-garden results
in a response with a CNAME to the walled-garden zone and an A
or AAAA response matching the DNS query type. The default
action is nxdomain.
walled-garden
A local zone configured in this cache that contains an A
and/or AAAA record. This is typically used to redirect a user
that requests resolution of a name contained in the RPZ
database to a local server. This local server can display a
message to the user and/or record the connection. Only
A/AAAA/ANY requests are redirected, a request for any other
type is answered with a NoData response. If a request is
received for type A or AAAA but there are no records of that
type configured, a NoData response is returned instead.
rrset-cache-size
Specifies the maximum size in bytes of the resource records set
cache. The default value is 10485760.
The BIG-IP system caches the supporting records in a DNS response
in the resource record cache. After the maximum size of the cache
is reached, when new or refreshed content is added to the cache,
the expired and older content is removed from the cache. A higher
maximum size allows more DNS responses to be cached and increases
the cache hit percentage. A lower maximum size forces earlier
eviction of cached content, but can lower the cache hit
percentage.
rrset-rotate
Specifies the resource record rotation method used within cached
responses. The default value is none.
none Resource record order is not modified.
query-id Resource record order is a function of the client's query
id.
SEE ALSO
create, delete, edit, glob, list, ltm dns cache resolver, ltm dns cache
validating-resolver, show, modify, regex, tmsh
COPYRIGHT
No part of this program may be reproduced or transmitted in any form or
by any means, electronic or mechanical, including photocopying,
recording, or information storage and retrieval systems, for any
purpose other than the purchaser's personal use, without the express
written permission of F5 Networks, Inc.
F5 Networks and BIG-IP (c) Copyright 2009-2016. All rights reserved.
BIG-IP 2016-03-14 ltm dns cache transparent(1)