ltm profile dns
ltm profile dns(1) BIG-IP TMSH Manual ltm profile dns(1)
NAME
dns - Configures a Domain Name System (DNS) profile.
MODULE
ltm profile
SYNTAX
Configure the dns component within the ltm profile module using the syntax in the following sections.
CREATE/MODIFY
create dns [name]
modify dns [name]
options:
app-service [[string] | none]
avr-dnsstat_sample_rate [integer]
cache [string]
defaults-from [ [name] | none]
description [string]
dns64 [disabled | secondary | immediate | v4-only]
dns64-additional-section-rewrite [disabled | v6-only | v4-only | any]
dns64-prefix [IPv6 prefix]
dns-security [string]
edns0-client-subnet-insert [disabled | enabled]
enable-cache [no | yes]
enable-dnssec [no | yes]
enable-dns-express [no | yes]
enable-dns-firewall [no | yes]
enable-gtm [no | yes]
enable-hardware-query-validation [no | yes]
enable-hardware-response-cache [no | yes]
enable-logging [no | yes]
enable-rapid-response [no | yes]
log-profile [ [name] | none]
process-rd [no | yes]
process-xfr [no | yes]
rapid-response-last-action [allow | drop | noerror | nxdomain | refuse | truncate]
unhandled-query-action [allow | drop | hint | noerror | reject]
use-local-bind [no | yes]
edit dns [ [ [name] | [glob] | [regex] ] ... ]
options:
all-properties
non-default-properties
mv dns [ [[source-name] [destination-name]] | [[name] to-folder [folder-name]] | [[name...name] to-folder [folder-name]] ]
options:
to-folder
reset-stats dns
reset-stats dns [ [ [name] | [glob] | [regex] ] ... ]
DISPLAY
list dns
list dns [ [ [name] | [glob] | [regex] ] ... ]
show running-config dns
show running-config dns [ [ [name] | [glob] | [regex] ] ... ]
options:
all-properties
non-default-properties
one-line
partition
DELETE
delete dns [name]
DESCRIPTION
You can use this component to create, modify, display, or delete a DNS profile to define how the BIG-IP system
handles DNS traffic. You can also display and reset DNS profile statistics.
EXAMPLES
create dns my_dns_profile defaults-from dns
Creates a DNS profile named my_dns_profile that inherits its settings from the system default DNS profile.
list dns
Displays the properties of all DNS profiles.
mv dns /Common/my_dns_profile to-folder /Common/my_folder
Moves a custom dns profile named my_dns_profile to a folder named my_folder, where my_folder has already been
created and exists within /Common.
OPTIONS
app-service
Specifies the name of the application service to which the profile belongs. The default value is none.
Note: If the strict-updates option is enabled on the application service that owns the object, you cannot
modify or delete the profile. Only the application service can modify or delete the profile.
avr-dnsstat-sample-rate
Sets AVR DNS statistics rate. The default value is 0, which means AVR DNS statistics is disabled. If the
sampling rate is set to 1, each query will be sent to the analytics database. If the sampling rate is set
to an integer N, every Nth query will be sent and the analytics database will count it N times. When
sampling rate is greater than one, the statistics will be inaccurate if the traffic volume is low.
However, when the traffic volume is high, the system performance will benefit from sampling and the
inaccuracy will be negligible. Also be aware that analytics database has its own internal sampling
mechanism. The sampling rate does not apply to DNS firewall statistics. AVR DNS statistics contain query
name, query type, virtual server IP and client IP.
cache
Specifies the user-created cache that the system uses to cache DNS responses. When you select a cache for
the system to use, you must also enable the DNS cache setting.
defaults-from
Specifies the profile that you want to use as the parent profile. Your new profile inherits all settings
and values from the parent profile specified. The default value is dns.
description
User defined description.
dns64
Sets DNS64 mapping mode. The default value is disabled.
dns64-additional-section-rewrite
Sets DNS64 additional section rewriting. For AAAA and A records in additional section, this field
specifies how they are being rewritten. The default value is disabled.
dns64-prefix
Specifies DNS64 mapping IPv6 prefix.
dns-security
Indicates the DNS security profile the system uses.
edns0-client-subnet-insert
Indicates, when enabled, that the system should set the edns0 client subnet option to the source address
for queries that do not already contain a client subnet option. Also specifies that the system should
remove the client subnet option from responses to clients that did not send a client subnet option in
their most recent query.
enable-cache
Indicates whether the system caches DNS responses. The default value is no.
enable-dnssec
Indicates whether to perform DNS Security Extension (DNSSEC) operations on the DNS packet, for example,
respond to DNSKEY queries; add RRSIGs to response.
enable-dns-express
Indicates whether the dns-express service is enabled. The service handles zone transfers from the primary
DNS server.
enable-dns-firewall
Indicates whether DNS firewall capability is enabled. The default value is no.
enable-gtm
Indicates whether the Global Traffic Manager handles DNS resolution for DNS queries and responses that
contain Wide IP names. The default value is yes.
enable-hardware-query-validation
On supported platforms, indicates whether the hardware will accelerate query validation. The default
value is no.
enable-hardware-response-cache
On supported platforms, indicates whether the hardware will cache responses. The default value is no.
enable-logging
Indicates whether to enable high speed logging for DNS queries and responses or not. Default value is no.
When it is set to yes, a DNS profile must be configured with a log-profile.
enable-rapid-response
On supported platforms, indicates whether to allow queries to be answered by Rapid Response. The default
value is no. When enabled, if the query name matches a GTM Wide IP name and GTM is enabled on this
profile, the DNS query will bypass Rapid Response.
glob Displays the items that match the glob expression. See help glob for a description of glob expression
syntax.
log-profile
Specifies the DNS logging profile used to configure what events get logged and their message format.
name Specifies a unique name for the component. This option is required for the commands create, delete, and
modify.
partition
Displays the administrative partition within which the profile resides.
process-rd
Indicates whether to process client-side DNS packets with Recursion Desired set in the header. The
default value is yes. If set to no, processing of the packet will be subject to the unhandled-query-
action option.
process-xfr
Indicates whether the system answers zone transfer requests for a DNS zone created on the system. The
default value is no. The enable-dns-express and process-xfr settings affect how the system responds to
zone transfer requests.
rapid-response-last-action
Specifies what action to take when Rapid Response is enabled and the incoming query has not matched a
DNS-Express Zone. Default is drop. Option allow sends non-matching queries up the regular packet
processing path. All other options result in a response returned immediately to the client: truncate
(truncate), nxdomain (non-existent name), noerror (no data), refuse (REFUSED return code).
regex
Displays the items that match the regular expression. The regular expression must be preceded by an at
sign (@[regular expression]) to indicate that the identifier is a regular expression. See help regex for
a description of regular expression syntax.
to-folder
dns profiles can be moved to any folder under /Common, but configuration dependencies may restrict moving
the profile out of /Common.
unhandled-query-action
Specifies the action to take when a query does not match a Wide IP or a DNS Express Zone. The default
value is allow.
use-local-bind
Indicates whether non-GTM and non-dns-express requests should be forwarded to the local BIND.
SEE ALSO
create, delete, edit, glob, list, ltm virtual, modify, mv, regex, reset-stats, show, tmsh
COPYRIGHT
No part of this program may be reproduced or transmitted in any form or by any means, electronic or
mechanical, including photocopying, recording, or information storage and retrieval systems, for any purpose
other than the purchaser's personal use, without the express written permission of F5 Networks, Inc.
F5 Networks and BIG-IP (c) Copyright 2008-2016. All rights reserved.
BIG-IP 2017-05-26 ltm profile dns(1)