F5 Logo MyF5
Search
  1. MyF5 Home
  2. BIG-IP DNS Services: Implementations
  3. Configuring Protocol Validation and Response Cache
Manual Chapter : Configuring Protocol Validation and Response Cache

Applies To:

Show Versions Show Versions

BIG-IP LTM

  • 17.1.1, 17.1.0, 17.0.0, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0

BIG-IP DNS

  • 17.1.1, 17.1.0, 17.0.0, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0
Manual Chapter

Configuring Protocol Validation and Response Cache

Configuring Protocol Validation and Response Cache

You can configure Protocol Validation so that responses, both authoritative and non-authoritative, are cached to hardware in order to mitigate against random source flood attacks. By configuring DNS Response Cache to offload/accelerate commonly requested entries in hardware, entries can still be responded to when the software is overwhelmed.
If you have a DNS Services rate-limited license, Response Cache is automatically disabled.

Enable a bitstream

Ensure you are using a VIPRION platform that supports FPGA firmware.
Enable the intelligent bitstream as part of the process to configure Protocol Validation and Response Cache.
  1. On the Main tab, click
    System
    Resource Provisioning
    .
  2. For the
    FPGA Firmware Selection
     setting, select the
    l7-intelligent-fpga
     check box.
    This setting is hidden if the appropriate hardware is not present.
  3. Click
    Submit
    .

Supported platforms for FPGA firmware selection

Platform family
Platform model
VIPRION
B2250 blade
VIPRION
C2200 chassis
VIPRION
C2400 chassis
Hardware DNS features are only available on platforms that support Altera FPGA, including Vic2 and later platforms.

Configure Protocol Validation and Response Cache in a DNS profile

Ensure that the BIG-IP system has a DNS Services license.
Configure Protocol Validation for dropping malformed packets and Response Cache to offload/accelerate commonly asked entries in hardware.
  1. On the Main tab, click
    DNS
    Delivery
    Profiles
    DNS
    .
    The DNS list screen opens.
  2. In the name column, click the system-supplied
    dns
     profile.
    The DNS properties list screen opens.
  3. In the Hardware Acceleration area, from the
    Protocol Validation
     list, select
    Enabled
    .
  4. From the
    Response Cache
     list, select
    Enabled
    .
  5. Click
    Update
    .

Apply a DNS profile to a listener

Apply a DNS profile as part of the process to configure Protocol Validation and Response Cache.
  1. On the Main tab, click
    DNS
    Delivery
    Listeners
    .
    The Listeners List screen opens.
  2. In the
    Name
     column, click the name of a listener you want to modify.
  3. In the Service area, for the
    DNS Profile
     setting, select the
    dns
     profile.
    When the listener is defined from the BIG-IP LTM Virtual Server page, select the
    udp_gtm_dns
     profile.
  4. Click
    Update
    .
Contact Support Contact Support

Have a Question?

Support and Sales >

About F5

Education

F5 Sites

Support Tasks




©2023 F5, Inc. All rights reserved.


Trademarks Policies Privacy California Privacy Do Not Sell My Personal Information