DNS_Profile (object)¶
Configures a Domain Name System (DNS) profile
Properties (* = required):
| name | type(s) | default | allowed values | description |
|---|---|---|---|---|
| cache | object | Reference to a DNS cache | ||
| cacheEnabled | boolean | false | true, false | Specifies whether the system caches DNS responses |
| class* | string | “DNS_Profile” | ||
| dns64AdditionalSectionRewrite | string | “disabled” | “disabled”, “v6-only”, “v4-only”, “any” | Select an option to allow improved network efficiency for both Unicast and Multicast DNS-SD responses |
| dns64Mode | string | “disabled” | “disabled”, “secondary”, “immediate”, “v4-only” | Specifies handling of AAAA and A DNS queries and responses |
| dns64Prefix | string | “0:0:0:0:0:0:0:0” | Specifies the prefix to use for the IPv6-formatted IP addresses that the system converts to IPv4-formatted IP addresses | |
| dnsExpressEnabled | boolean | true | true, false | Specifies whether the DNS Express engine is enabled. The DNS Express engine receives zone transfers from the authoritative DNS server for the zone. If the Zone Transfer setting is also enabled on this profile, the DNS Express engine also responds to zone transfer requests made by the nameservers configured as zone transfer clients for the DNS Express zone. |
| dnssecEnabled | boolean | true | true, false | Specifies whether the system signs responses with DNSSEC keys and replies to DNSSEC specific queries (e.g., DNSKEY query type) |
| globalServerLoadBalancingEnabled | boolean | true | true, false | Specifies whether the system uses Global Traffic Manager to manage the response |
| hardwareQueryValidationEnabled | boolean | false | true, false | On supported platforms, indicates whether the hardware will accelerate query validation |
| hardwareResponseCacheEnabled | boolean | false | true, false | On supported platforms, indicates whether the hardware will cache responses |
| label | string | “^[^x00-x1fx22#&*<>?x5b-x5d`x7f]*$” | Optional friendly name for this object. Allows 0-64 chars, excluding a few likely to cause trouble with string searching, JS, TCL, or HTML | |
| localBindServerEnabled | boolean | true | true, false | Specifies whether the system forwards non-wide IP queries to the local BIND server on the BIG-IP system. For best performance, disable this setting when using a DNS cache. |
| loggingEnabled | boolean | true | true, false | Specifies whether to process client-side DNS packets with Recursion Desired set in the header. If set to Disabled, processing of the packet is subject to the unhandled-query-action option. |
| loggingProfile | object | Reference to a DNS logging profile | ||
| parentProfile | object | {“bigip”:”/Common/dns”} | Specifies the name of the object to inherit the settings from,Reference to a DNS profile | |
| rapidResponseEnabled | boolean | false | true, false | When enabled, if the query name matches a GTM wide IP name and GTM is enabled on this profile, the DNS query will bypass Rapid Response. Note: This setting is supported only on physical BIG-IP hardware because it needs a High-Speed Bridge (HSB) to work. When using BIG-IP Virtual Edition, however, the system does not prevent you from selecting an action, even though the setting is ignored. |
| rapidResponseLastAction | string | “drop” | “allow”, “drop”, “noerror”, “nxdomain”, “refuse”, “truncate” | Specifies what action the system takes when Rapid Response Mode is enabled and the incoming DNS query does not match a DNS Express Zone |
| recursionDesiredEnabled | boolean | true | true, false | Specifies whether to process client-side DNS packets with Recursion Desired set in the header. If set to Disabled, processing of the packet is subject to the unhandled-query-action option. |
| remark | string | “^[^x00-x1fx22x5cx7f]*$” | Arbitrary (brief) text pertaining to this object. Allows 0-64 chars, excluding only control characters, double-quote, and backslash. This is permissive enough that you should worry about XSS attacks | |
| securityEnabled | boolean | true | true, false | Specifies whether DNS firewall capability is enabled. |
| securityProfile | object | Reference to a DNS security profile | ||
| statisticsSampleRate | integer | 0 | 0 - 4294967295 | Sets AVR DNS statistics sampling rate. A value of 0 (zero) means that no query will be sent to the analytics database. A value of 1 means that every query will be sent. A value of n means that every nth query will be sent, and that the analytics database will count that query n times. When sampling rate is greater than one, the statistics will be inaccurate if the traffic volume is low. However, when the traffic volume is high, the system performance will benefit from sampling and the inaccuracy will be negligible. DNS statistics contain query name, query type, virtual server IP and client IP. |
| unhandledQueryAction | string | “allow” | “allow”, “drop”, “hint”, “noerror”, “reject” | Specifies whether the system uses the local BIND server on the BIG-IP system |
| zoneTransferEnabled | boolean | false | true, false | Specifies whether the system answers zone transfer requests for a DNS zone created on the system. The DNS Express and Zone Transfer settings on a DNS profile affect how the system responds to zone transfer requests. |
DNS_Profile.cache (object)¶
Reference to a DNS cache
Properties (* = required):
| name | type(s) | default | allowed values | description |
|---|---|---|---|---|
| bigip | string | “f5bigip” formatted string | Pathname of existing BIG-IP DNS cache | |
| use | string | AS3 pointer to DNS cache declaration |
DNS_Profile.loggingProfile (object)¶
Reference to a DNS logging profile
Properties (* = required):
| name | type(s) | default | allowed values | description |
|---|---|---|---|---|
| bigip | string | “f5bigip” formatted string | Pathname of existing BIG-IP DNS logging profile | |
| use | string | AS3 pointer to DNS logging profile declaration |
DNS_Profile.parentProfile (object)¶
Specifies the name of the object to inherit the settings from Reference to a DNS profile
Default: {“bigip”:”/Common/dns”}
Properties (* = required):
| name | type(s) | default | allowed values | description |
|---|---|---|---|---|
| bigip | string | “f5bigip” formatted string | Pathname of existing BIG-IP DNS profile | |
| use | string | AS3 pointer to DNS profile declaration |
DNS_Profile.securityProfile (object)¶
Reference to a DNS security profile
Properties (* = required):
| name | type(s) | default | allowed values | description |
|---|---|---|---|---|
| bigip | string | “f5bigip” formatted string | Pathname of existing BIG-IP DNS security profile |