Manual Chapter : Configuring Protocol Validation and Response Cache
Applies To:Show Versions
- 14.0.1, 14.0.0
- 14.0.1, 14.0.0
Configuring Protocol Validation and Response Cache
Overview: Configuring Protocol Validation and Response Cache
You can configure Protocol Validation so that responses, both authoritative and non-authoritative, are cached to hardware in order to mitigate against random source flood attacks. By configuring DNS Response Cache to offload/accelerate commonly requested entries in hardware, entries can still be responded to when the software is overwhelmed.
If you have a DNS Services rate-limited license, Response Cache is automatically disabled.
for configuring protocol validation and response cache
Perform these tasks to configure DNS in order to accelerate DNS responses in hardware:
Enabling a bitstream
Ensure you are using a VIPRION platform that supports FPGA firmware.
Enable the intelligent bitstream as part of the process to configure Protocol Validation and Response Cache.
- On the Main tab, click.
- For theFPGA Firmware Selectionsetting, select thel7-intelligent-fpgacheck box.This setting is hidden if the appropriate hardware is not present.
Supported platforms for FPGA firmware selection
Hardware DNS features are only available on platforms that support Altera FPGA, including Vic2 and later platforms.
Protocol Validation and Response Cache in a DNS profile
Ensure that the BIG-IP system has a DNS Services license.
Configure Protocol Validation for dropping malformed packets and Response Cache to offload/accelerate commonly asked entries in hardware.
- On the Main tab, click.The DNS list screen opens.
- In the name column, click the system-supplieddnsprofile.The DNS properties list screen opens.
- In the Hardware Acceleration area, from theProtocol Validationlist, selectEnabled.
- From theResponse Cachelist, selectEnabled.
Applying a DNS
profile to a listener
Apply a DNS profile as part of the process to configure Protocol Validation and Response Cache.
- On the Main tab, click.The Listeners List screen opens.
- In theNamecolumn, click the name of a listener you want to modify.
- In the Service area, for theDNS Profilesetting, select thednsprofile.When the listener is defined from the BIG-IP LTM Virtual Server page, select theudp_gtm_dnsprofile.