Manual Chapter : Configuring Protocol Validation and Response Cache

Applies To:

  • BIG-IP LTM

    21.0.0, 17.5.1, 17.5.0, 17.1.3, 17.1.2, 17.1.1, 17.1.0, 17.0.0, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0

  • BIG-IP DNS

    21.0.0, 17.5.1, 17.5.0, 17.1.3, 17.1.2, 17.1.1, 17.1.0, 17.0.0, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0

back-action BIG-IP DNS Services: Implementations

Updated Date: 05/04/2026

Configuring Protocol Validation and Response Cache

You can configure Protocol Validation so that responses, both authoritative and non-authoritative, are cached to hardware in order to mitigate against random source flood attacks. By configuring DNS Response Cache to offload/accelerate commonly requested entries in hardware, entries can still be responded to when the software is overwhelmed.

If you have a DNS Services rate-limited license, Response Cache is automatically disabled.

Ensure you are using a VIPRION platform that supports FPGA firmware.

Enable the intelligent bitstream as part of the process to configure Protocol Validation and Response Cache.

  1. On the Main tab, click System > Resource Provisioning.

  2. For the FPGA Firmware Selection setting, select the l7-intelligent-fpga check box.

    Note: This setting is hidden if the appropriate hardware is not present.

  3. Click Submit.

Platform family Platform model
VIPRION B2250 blade
VIPRION C2200 chassis
VIPRION C2400 chassis

Note: Hardware DNS features are only available on platforms that support Altera FPGA, including Vic2 and later platforms.

Ensure that the BIG-IP system has a DNS Services license.

Configure Protocol Validation for dropping malformed packets and Response Cache to offload/accelerate commonly asked entries in hardware.

  1. On the Main tab, click DNS > Delivery > Profiles > DNS.

    The DNS list screen opens.

  2. In the name column, click the system-supplied dns profile.

    The DNS properties list screen opens.

  3. In the Hardware Acceleration area, from the Protocol Validation list, select Enabled.

  4. From the Response Cache list, select Enabled.

  5. Click Update.

Apply a DNS profile as part of the process to configure Protocol Validation and Response Cache.

  1. On the Main tab, click DNS > Delivery > Listeners.

    The Listeners List screen opens.

  2. In the Name column, click the name of a listener you want to modify.

  3. In the Service area, for the DNS Profile setting, select the dns profile.

    Note: When the listener is defined from the BIG-IP LTM Virtual Server page, select the udp_gtm_dns profile.

  4. Click Update.