ltm profile dns
ltm profile dns(1) BIG-IP TMSH Manual ltm profile dns(1)
NAME
dns - Configures a Domain Name System (DNS) profile.
MODULE
ltm profile
SYNTAX
Configure the dns component within the ltm profile module using the
syntax in the following sections.
CREATE/MODIFY
create dns [name]
modify dns [name]
options:
app-service [[string] | none]
avr-dnsstat_sample_rate [integer]
cache [string]
defaults-from [ [name] | none]
description [string]
dns64 [disabled | secondary | immediate | v4-only]
dns64-additional-section-rewrite [disabled | v6-only | v4-only | any]
dns64-prefix [IPv6 prefix]
dns-security [string]
enable-cache [no | yes]
enable-dnssec [no | yes]
enable-dns-express [no | yes]
enable-dns-firewall [no | yes]
enable-gtm [no | yes]
enable-hardware-query-validation [no | yes]
enable-hardware-response-cache [no | yes]
enable-logging [no | yes]
enable-rapid-response [no | yes]
log-profile [ [name] | none]
process-rd [no | yes]
process-xfr [no | yes]
rapid-response-last-action [allow | drop | noerror | nxdomain | refuse | truncate]
unhandled-query-action [allow | drop | hint | noerror | reject]
use-local-bind [no | yes]
edit dns [ [ [name] | [glob] | [regex] ] ... ]
options:
all-properties
non-default-properties
mv dns [ [[source-name] [destination-name]] | [[name] to-folder [folder-name]] | [[name...name] to-folder [folder-name]] ]
options:
to-folder
reset-stats dns
reset-stats dns [ [ [name] | [glob] | [regex] ] ... ]
DISPLAY
list dns
list dns [ [ [name] | [glob] | [regex] ] ... ]
show running-config dns
show running-config dns [ [ [name] | [glob] | [regex] ] ... ]
options:
all-properties
non-default-properties
one-line
partition
DELETE
delete dns [name]
DESCRIPTION
You can use this component to create, modify, display, or delete a DNS
profile to define how the BIG-IP system handles DNS traffic. You can
also display and reset DNS profile statistics.
EXAMPLES
create dns my_dns_profile defaults-from dns
Creates a DNS profile named my_dns_profile that inherits its settings
from the system default DNS profile.
list dns
Displays the properties of all DNS profiles.
mv dns /Common/my_dns_profile to-folder /Common/my_folder
Moves a custom dns profile named my_dns_profile to a folder named
my_folder, where my_folder has already been created and exists within
/Common.
OPTIONS
app-service
Specifies the name of the application service to which the profile
belongs. The default value is none. Note: If the strict-updates
option is enabled on the application service that owns the object,
you cannot modify or delete the profile. Only the application
service can modify or delete the profile.
avr-dnsstat-sample-rate
Sets AVR DNS statistics rate. The default value is 0, which means
AVR DNS statistics is disabled. If the sampling rate is set to 1,
each query will be sent to the analytics database. If the sampling
rate is set to an integer N, every Nth query will be sent and the
analytics database will count it N times. When sampling rate is
greater than one, the statistics will be inaccurate if the traffic
volume is low. However, when the traffic volume is high, the
system performance will benefit from sampling and the inaccuracy
will be negligible. Also be aware that analytics database has its
own internal sampling mechanism. The sampling rate does not apply
to DNS firewall statistics. AVR DNS statistics contain query name,
query type, virtual server IP and client IP.
cache
Specifies the user-created cache that the system uses to cache DNS
responses. When you select a cache for the system to use, you must
also enable the DNS cache setting.
defaults-from
Specifies the profile that you want to use as the parent profile.
Your new profile inherits all settings and values from the parent
profile specified. The default value is dns.
description
User defined description.
dns64
Sets DNS64 mapping mode. The default value is disabled.
dns64-additional-section-rewrite
Sets DNS64 additional section rewriting. For AAAA and A records in
additional section, this field specifies how they are being
rewritten. The default value is disabled.
dns64-prefix
Specifies DNS64 mapping IPv6 prefix.
dns-security
Indicates the DNS security profile the system uses.
enable-cache
Indicates whether the system caches DNS responses. The default
value is no.
enable-dnssec
Indicates whether to perform DNS Security Extension (DNSSEC)
operations on the DNS packet, for example, respond to DNSKEY
queries; add RRSIGs to response.
enable-dns-express
Indicates whether the dns-express service is enabled. The service
handles zone transfers from the primary DNS server.
enable-dns-firewall
Indicates whether DNS firewall capability is enabled. The default
value is no.
enable-gtm
Indicates whether the Global Traffic Manager handles DNS
resolution for DNS queries and responses that contain Wide IP
names. The default value is yes.
enable-hardware-query-validation
On supported platforms, indicates whether the hardware will
accelerate query validation. The default value is no.
enable-hardware-response-cache
On supported platforms, indicates whether the hardware will cache
responses. The default value is no.
enable-logging
Indicates whether to enable high speed logging for DNS queries and
responses or not. Default value is no. When it is set to yes, a
DNS profile must be configured with a log-profile.
enable-rapid-response
On supported platforms, indicates whether to allow queries to be
answered by Rapid Response. The default value is no. When enabled,
if the query name matches a GTM Wide IP name and GTM is enabled on
this profile, the DNS query will bypass Rapid Response.
glob Displays the items that match the glob expression. See help glob
for a description of glob expression syntax.
log-profile
Specifies the DNS logging profile used to configure what events
get logged and their message format.
name Specifies a unique name for the component. This option is required
for the commands create, delete, and modify.
partition
Displays the administrative partition within which the profile
resides.
process-rd
Indicates whether to process client-side DNS packets with
Recursion Desired set in the header. The default value is yes. If
set to no, processing of the packet will be subject to the
unhandled-query-action option.
process-xfr
Indicates whether the system answers zone transfer requests for a
DNS zone created on the system. The default value is no. The
enable-dns-express and process-xfr settings affect how the system
responds to zone transfer requests.
rapid-response-last-action
Specifies what action to take when Rapid Response is enabled and
the incoming query has not matched a DNS-Express Zone. Default is
drop. Option allow sends non-matching queries up the regular
packet processing path. All other options result in a response
returned immediately to the client: truncate (truncate), nxdomain
(non-existent name), noerror (no data), refuse (REFUSED return
code).
regex
Displays the items that match the regular expression. The regular
expression must be preceded by an at sign (@[regular expression])
to indicate that the identifier is a regular expression. See help
regex for a description of regular expression syntax.
to-folder
dns profiles can be moved to any folder under /Common, but
configuration dependencies may restrict moving the profile out of
/Common.
unhandled-query-action
Specifies the action to take when a query does not match a Wide IP
or a DNS Express Zone. The default value is allow.
use-local-bind
Indicates whether non-GTM and non-dns-express requests should be
forwarded to the local BIND.
SEE ALSO
create, delete, edit, glob, list, ltm virtual, modify, mv, regex,
reset-stats, show, tmsh
COPYRIGHT
No part of this program may be reproduced or transmitted in any form or
by any means, electronic or mechanical, including photocopying,
recording, or information storage and retrieval systems, for any
purpose other than the purchaser's personal use, without the express
written permission of F5 Networks, Inc.
F5 Networks and BIG-IP (c) Copyright 2008-2016. All rights reserved.
BIG-IP 2016-03-14 ltm profile dns(1)