DNS_Profile (object)

Configures a Domain Name System (DNS) profile

Properties (* = required):

name type(s) default allowed values description
cache object     Reference to a DNS cache
cacheEnabled boolean false true, false Specifies whether the system caches DNS responses
class* string   “DNS_Profile”  
dns64AdditionalSectionRewrite string “disabled” “disabled”, “v6-only”, “v4-only”, “any” Select an option to allow improved network efficiency for both Unicast and Multicast DNS-SD responses
dns64Mode string “disabled” “disabled”, “secondary”, “immediate”, “v4-only” Specifies handling of AAAA and A DNS queries and responses
dns64Prefix string “0:0:0:0:0:0:0:0”   Specifies the prefix to use for the IPv6-formatted IP addresses that the system converts to IPv4-formatted IP addresses
dnsExpressEnabled boolean true true, false Specifies whether the DNS Express engine is enabled. The DNS Express engine receives zone transfers from the authoritative DNS server for the zone. If the Zone Transfer setting is also enabled on this profile, the DNS Express engine also responds to zone transfer requests made by the nameservers configured as zone transfer clients for the DNS Express zone.
dnssecEnabled boolean true true, false Specifies whether the system signs responses with DNSSEC keys and replies to DNSSEC specific queries (e.g., DNSKEY query type)
globalServerLoadBalancingEnabled boolean true true, false Specifies whether the system uses Global Traffic Manager to manage the response
hardwareQueryValidationEnabled boolean false true, false On supported platforms, indicates whether the hardware will accelerate query validation
hardwareResponseCacheEnabled boolean false true, false On supported platforms, indicates whether the hardware will cache responses
label string   “^[^x00-x1fx22#&*<>?x5b-x5d`x7f]*$” Optional friendly name for this object. Allows 0-64 chars, excluding a few likely to cause trouble with string searching, JS, TCL, or HTML
localBindServerEnabled boolean true true, false Specifies whether the system forwards non-wide IP queries to the local BIND server on the BIG-IP system. For best performance, disable this setting when using a DNS cache.
loggingEnabled boolean true true, false Specifies whether to process client-side DNS packets with Recursion Desired set in the header. If set to Disabled, processing of the packet is subject to the unhandled-query-action option.
loggingProfile object     Reference to a DNS logging profile
parentProfile object {“bigip”:”/Common/dns”}   Specifies the name of the object to inherit the settings from,Reference to a DNS profile
rapidResponseEnabled boolean false true, false When enabled, if the query name matches a GTM wide IP name and GTM is enabled on this profile, the DNS query will bypass Rapid Response. Note: This setting is supported only on physical BIG-IP hardware because it needs a High-Speed Bridge (HSB) to work. When using BIG-IP Virtual Edition, however, the system does not prevent you from selecting an action, even though the setting is ignored.
rapidResponseLastAction string “drop” “allow”, “drop”, “noerror”, “nxdomain”, “refuse”, “truncate” Specifies what action the system takes when Rapid Response Mode is enabled and the incoming DNS query does not match a DNS Express Zone
recursionDesiredEnabled boolean true true, false Specifies whether to process client-side DNS packets with Recursion Desired set in the header. If set to Disabled, processing of the packet is subject to the unhandled-query-action option.
remark string   “^[^x00-x1fx22x5cx7f]*$” Arbitrary (brief) text pertaining to this object. Allows 0-64 chars, excluding only control characters, double-quote, and backslash. This is permissive enough that you should worry about XSS attacks
securityEnabled boolean true true, false Specifies whether DNS firewall capability is enabled.
securityProfile object     Reference to a DNS security profile
statisticsSampleRate integer 0 0 - 4294967295 Sets AVR DNS statistics sampling rate. A value of 0 (zero) means that no query will be sent to the analytics database. A value of 1 means that every query will be sent. A value of n means that every nth query will be sent, and that the analytics database will count that query n times. When sampling rate is greater than one, the statistics will be inaccurate if the traffic volume is low. However, when the traffic volume is high, the system performance will benefit from sampling and the inaccuracy will be negligible. DNS statistics contain query name, query type, virtual server IP and client IP.
unhandledQueryAction string “allow” “allow”, “drop”, “hint”, “noerror”, “reject” Specifies whether the system uses the local BIND server on the BIG-IP system
zoneTransferEnabled boolean false true, false Specifies whether the system answers zone transfer requests for a DNS zone created on the system. The DNS Express and Zone Transfer settings on a DNS profile affect how the system responds to zone transfer requests.

DNS_Profile.cache (object)

Reference to a DNS cache

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP DNS cache
use string     AS3 pointer to DNS cache declaration

DNS_Profile.loggingProfile (object)

Reference to a DNS logging profile

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP DNS logging profile

DNS_Profile.parentProfile (object)

Specifies the name of the object to inherit the settings from Reference to a DNS profile

Default: {“bigip”:”/Common/dns”}

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP DNS profile
use string     AS3 pointer to DNS profile declaration

DNS_Profile.securityProfile (object)

Reference to a DNS security profile

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP DNS security profile