DNS_Cache (object)¶
Configures a DNS cache
Properties (* = required):
name | type(s) | default | allowed values | description |
---|---|---|---|---|
/*/ | ||||
class* | string | “DNS_Cache” | ||
label | string | “^[^x00-x1fx22#&*<>?x5b-x5d`x7f]*$” | Optional friendly name for this object. Allows 0-64 chars, excluding a few likely to cause trouble with string searching, JS, TCL, or HTML | |
remark | string | “^[^x00-x1fx22x5cx7f]*$” | Arbitrary (brief) text pertaining to this object. Allows 0-64 chars, excluding only control characters, double-quote, and backslash. This is permissive enough that you should worry about XSS attacks | |
type* | string | “transparent”, “resolver”, “validating-resolver” | Type of DNS cache |
DNS_Cache_Resolver (object)¶
DNS Cache with recursive resolver
Properties (* = required):
name | type(s) | default | allowed values | description |
---|---|---|---|---|
/*/ | ||||
allowedQueryTime | integer | 200 | 0 - 4294967295 | The time allowed for a query to stay in the queue before replaced by a new query when the number of concurrent distinct queries exceeds the limit. The default value is 200 milliseconds. |
answerDefaultZones | boolean | false | true, false | Specifies whether the system answers DNS queries for the default zones localhost, reverse 127.0.0.1 and ::1, and AS112 |
forwardZones | object | Manage the set of Forward Zones used by this DNS Cache | ||
localZones | object | Configures resource records that a DNS cache uses to resolve matching DNS queries with authoritative DNS responses | ||
maxConcurrentQueries | integer | 1024 | 0 - 4294967295 | Maximum number of concurrent queries used by the resolver. The default value is 1024 |
maxConcurrentTcp | integer | 20 | 0 - 4294967295 | Maximum number of concurrent TCP flows used by the resolver. The default value is 20 |
maxConcurrentUdp | integer | 8192 | 0 - 4294967295 | Maximum number of concurrent UDP flows used by the resolver. The default value is 8192 |
msgCacheSize | integer | 1048576 | 0 - 4294967295 | Number of bytes allocated for the message cache. The default value is 1m |
nameserverCacheCount | integer | 16536 | 0 - 4294967295 | Number of DNS nameservers to cache. The default value is 16k |
randomizeQueryNameCase | boolean | true | true, false | Enables resolver to randomize the case of query names. The default value is yes |
recordCacheSize | integer | 10485760 | 0 - 4294967295 | Number of bytes allocated for the resource record set cache. The default value is 10m |
recordRotationMethod | string | “none” | “none”, “query-id” | Select which resource record set rotation method should be used on cache responses |
rootHints | array | List of IP addresses to use for root name servers. Defaults are known Internet root servers. | ||
routeDomain | object | {“bigip”:”/Common/0”} | Reference to a route domain | |
unwantedQueryReplyThreshold | integer | 0 | 0 - 4294967295 | The threshold count of unsolicited query replies which triggers an alert (potential DOS attack underway). The default value is 0 (or off) |
useIpv4 | boolean | true | true, false | Enables resolver to issue IPv4 queries. The default value is yes |
useIpv6 | boolean | true | true, false | Enables resolver to issue IPv6 queries. The default value is yes |
useTcp | boolean | true | true, false | Enables resolver to issue tcp queries. The default value is yes |
useUdp | boolean | true | true, false | Enables resolver to issue udp queries. The default value is yes |
DNS_Cache_Resolver.forwardZones (object)¶
Manage the set of Forward Zones used by this DNS Cache
Properties (* = required):
name | type(s) | default | allowed values | description |
---|---|---|---|---|
/*/ | object | Manage the set of Forward Zones used by DNS Cache |
DNS_Cache_Resolver.forwardZones./*/ (object)¶
Manage the set of Forward Zones used by DNS Cache
Properties (* = required):
name | type(s) | default | allowed values | description |
---|---|---|---|---|
/*/ | ||||
nameservers | array | An array of nameservers and ports |
DNS_Cache_Resolver.localZones (object)¶
Configures resource records that a DNS cache uses to resolve matching DNS queries with authoritative DNS responses
Properties (* = required):
name | type(s) | default | allowed values | description |
---|---|---|---|---|
/*/ | object | Configures resource records that a DNS cache uses to resolve matching DNS queries with authoritative DNS responses |
DNS_Cache_Resolver.localZones./*/ (object)¶
Configures resource records that a DNS cache uses to resolve matching DNS queries with authoritative DNS responses
Properties (* = required):
name | type(s) | default | allowed values | description |
---|---|---|---|---|
/*/ | ||||
records | array | A or AAAA record entry | ||
type | string | “transparent” | “deny”, “redirect”, “refuse”, “static”, “transparent”, “type-transparent” | Describes how the cache handles a non-matching query for the local zone |
DNS_Cache_Resolver.routeDomain (object)¶
Reference to a route domain
Default: {“bigip”:”/Common/0”}
Properties (* = required):
name | type(s) | default | allowed values | description |
---|---|---|---|---|
bigip | string | “f5bigip” formatted string | Pathname of existing BIG-IP route domain |
DNS_Cache_Transparent (object)¶
Properties for a DNS transparent cache
Properties (* = required):
name | type(s) | default | allowed values | description |
---|---|---|---|---|
/*/ | ||||
answerDefaultZones | boolean | false | true, false | Specifies whether the system answers DNS queries for the default zones localhost, reverse 127.0.0.1 and ::1, and AS112 |
localZones | object | Configures resource records that a DNS cache uses to resolve matching DNS queries with authoritative DNS responses | ||
messageCacheSize | integer | 1048576 | 0 - 4294967295 | Specifies the maximum size of the message cache in bytes |
recordCacheSize | integer | 10485760 | 1 - 4294967295 | Specifies the maximum size of the resource record (RR) cache in bytes |
recordRotationMethod | string | “none” | “none”, “query-id” | Specifies the resource record rotation method used within cached responses |
DNS_Cache_Transparent.localZones (object)¶
Configures resource records that a DNS cache uses to resolve matching DNS queries with authoritative DNS responses
Properties (* = required):
name | type(s) | default | allowed values | description |
---|---|---|---|---|
/*/ | object | Configures resource records that a DNS cache uses to resolve matching DNS queries with authoritative DNS responses |
DNS_Cache_Transparent.localZones./*/ (object)¶
Configures resource records that a DNS cache uses to resolve matching DNS queries with authoritative DNS responses
Properties (* = required):
name | type(s) | default | allowed values | description |
---|---|---|---|---|
/*/ | ||||
records | array | A or AAAA record entry | ||
type | string | “transparent” | “deny”, “redirect”, “refuse”, “static”, “transparent”, “type-transparent” | Describes how the cache handles a non-matching query for the local zone |
DNS_Cache_Validating_Resolver (object)¶
DNS Cache with recursive resolver and DNSSEC validation
Properties (* = required):
name | type(s) | default | allowed values | description |
---|---|---|---|---|
/*/ | ||||
allowedQueryTime | integer | 200 | 0 - 4294967295 | The time allowed for a query to stay in the queue before replaced by a new query when the number of concurrent distinct queries exceeds the limit. The default value is 200 milliseconds. |
answerDefaultZones | boolean | false | true, false | Specifies whether the system answers DNS queries for the default zones localhost, reverse 127.0.0.1 and ::1, and AS112 |
forwardZones | object | Manage the set of Forward Zones used by this DNS Cache | ||
ignoreCd | boolean | false | true, false | Ignore client queries setting of checking-disabled. Perform validation anyway and only return secure answers. The default value is no |
keyCacheSize | integer | 1048576 | 0 - 4294967295 | Number of bytes allocated for the DNSKEY cache. The default value is 1m |
localZones | object | Configures resource records that a DNS cache uses to resolve matching DNS queries with authoritative DNS responses | ||
maxConcurrentQueries | integer | 1024 | 0 - 4294967295 | Maximum number of concurrent queries used by the resolver. The default value is 1024 |
maxConcurrentTcp | integer | 20 | 0 - 4294967295 | Maximum number of concurrent TCP flows used by the resolver. The default value is 20 |
maxConcurrentUdp | integer | 8192 | 0 - 4294967295 | Maximum number of concurrent UDP flows used by the resolver. The default value is 8192 |
msgCacheSize | integer | 1048576 | 0 - 4294967295 | Number of bytes allocated for the message cache. The default value is 1m |
nameserverCacheCount | integer | 16536 | 0 - 4294967295 | Number of DNS nameservers to cache. The default value is 16k |
prefetchKey | boolean | true | true, false | Fetch DNSKEY early in validation process. The default value is yes |
randomizeQueryNameCase | boolean | true | true, false | Enables resolver to randomize the case of query names. The default value is yes |
recordCacheSize | integer | 10485760 | 0 - 4294967295 | Number of bytes allocated for the resource record set cache. The default value is 10m |
recordRotationMethod | string | “none” | “none”, “query-id” | Select which resource record set rotation method should be used on cache responses |
rootHints | array | List of IP addresses to use for root name servers. Defaults are known Internet root servers. | ||
routeDomain | object | {“bigip”:”/Common/0”} | Reference to a route domain | |
trustAnchors | array | List of DNSKEY or DS resource records used to establish DNSSEC validator trust. Specified in string form (e.g. dig or drill format). The default is none | ||
unwantedQueryReplyThreshold | integer | 0 | 0 - 4294967295 | The threshold count of unsolicited query replies which triggers an alert (potential DOS attack underway). The default value is 0 (or off) |
useIpv4 | boolean | true | true, false | Enables resolver to issue IPv4 queries. The default value is yes |
useIpv6 | boolean | true | true, false | Enables resolver to issue IPv6 queries. The default value is yes |
useTcp | boolean | true | true, false | Enables resolver to issue tcp queries. The default value is yes |
useUdp | boolean | true | true, false | Enables resolver to issue udp queries. The default value is yes |
DNS_Cache_Validating_Resolver.forwardZones (object)¶
Manage the set of Forward Zones used by this DNS Cache
Properties (* = required):
name | type(s) | default | allowed values | description |
---|---|---|---|---|
/*/ | object | Manage the set of Forward Zones used by DNS Cache |
DNS_Cache_Validating_Resolver.forwardZones./*/ (object)¶
Manage the set of Forward Zones used by DNS Cache
Properties (* = required):
name | type(s) | default | allowed values | description |
---|---|---|---|---|
/*/ | ||||
nameservers | array | An array of nameservers and ports |
DNS_Cache_Validating_Resolver.localZones (object)¶
Configures resource records that a DNS cache uses to resolve matching DNS queries with authoritative DNS responses
Properties (* = required):
name | type(s) | default | allowed values | description |
---|---|---|---|---|
/*/ | object | Configures resource records that a DNS cache uses to resolve matching DNS queries with authoritative DNS responses |
DNS_Cache_Validating_Resolver.localZones./*/ (object)¶
Configures resource records that a DNS cache uses to resolve matching DNS queries with authoritative DNS responses
Properties (* = required):
name | type(s) | default | allowed values | description |
---|---|---|---|---|
/*/ | ||||
records | array | A or AAAA record entry | ||
type | string | “transparent” | “deny”, “redirect”, “refuse”, “static”, “transparent”, “type-transparent” | Describes how the cache handles a non-matching query for the local zone |
DNS_Cache_Validating_Resolver.routeDomain (object)¶
Reference to a route domain
Default: {“bigip”:”/Common/0”}
Properties (* = required):
name | type(s) | default | allowed values | description |
---|---|---|---|---|
bigip | string | “f5bigip” formatted string | Pathname of existing BIG-IP route domain |
DNS_Zone_Forward (object)¶
Manage the set of Forward Zones used by DNS Cache
Properties (* = required):
name | type(s) | default | allowed values | description |
---|---|---|---|---|
/*/ | ||||
nameservers | array | An array of nameservers and ports |
DNS_Zone_Local (object)¶
Configures resource records that a DNS cache uses to resolve matching DNS queries with authoritative DNS responses
Properties (* = required):
name | type(s) | default | allowed values | description |
---|---|---|---|---|
/*/ | ||||
records | array | A or AAAA record entry | ||
type | string | “transparent” | “deny”, “redirect”, “refuse”, “static”, “transparent”, “type-transparent” | Describes how the cache handles a non-matching query for the local zone |