Manual :
BIG-IP DNS Services: Implementations
Applies To:
Show Versions
BIG-IP GTM
- 11.6.5, 11.6.4, 11.6.3, 11.6.2, 11.6.1
BIG-IP LTM
- 11.6.5, 11.6.4, 11.6.3, 11.6.2, 11.6.1
Original Publication Date: 08/25/2014
- Legal Notices and Acknowledgments
-
Configuring DNS Express
- What is DNS Express?
- Configuring DNS Express to answer DNS queries
-
Task summary
- Configuring BIND servers to allow zone transfers
- Configuring local BIND to send NOTIFY messages to DNS Express
- Adding TSIG keys
- Adding namserver objects that represent DNS servers
- Creating a DNS zone to answer DNS queries
- Disabling TSIG verification for NOTIFY messages
- Optional: Enabling DNS Express with a custom DNS profile
- Creating listeners to identify DNS queries
- Creating virtual servers to process DNS queries
- Viewing DNS zone statistics
- Configuring DNS Express to answer zone transfer requests
- Task summary
- Configuring Rapid-Response to Mitigate DNS Flood Attacks
- Configuring a DNS Zone Proxy
-
Configuring BIG-IP to Load Balance Zone Transfer Requests to a Pool of DNS Servers
- Overview: Configuring BIG-IP to load balance zone transfer requests to a pool of DNS servers
-
Task summary
- Configuring BIND servers to allow zone transfers
- Adding TSIG keys
- Adding DNS nameserver (client) objects
- Enabling zone transfers
- Creating a custom DNS monitor
- Creating a pool of local DNS servers for load balancing zone transfer requests
- Creating a DNS zone
- Creating listeners to load balance zone transfer requests to a pool of DNS servers
- Creating virtual servers to load balance zone transfer requests to a pool of DNS servers
-
Configuring DNSSEC
- Introducing DNSSEC
-
About configuring basic DNSSEC
- Creating listeners to identify DNS traffic
- Creating automatically managed DNSSEC zone-signing keys
- Creating manually managed DNSSEC zone-signing keys
- Creating automatically managed DNSSEC key-signing keys
- Creating manually managed DNSSEC key-signing keys
- Creating a DNSSEC zone
- Confirming that GTM is signing DNSSEC records
-
About configuring DNSSEC with an external HSM
- Creating listeners to identify DNS traffic
- Creating automatically managed DNSSEC zone-signing keys for use with an external HSM
- Creating manually managed DNSSEC zone-signing keys for use with an external HSM
- Creating automatically managed DNSSEC key-signing keys for use with an external HSM
- Creating manually managed DNSSEC key-signing keys for use with an external HSM
- Creating a DNSSEC zone
- Confirming that GTM is signing DNSSEC records
- Configuring DNSSEC with an internal HSM
- About DNSSEC signing of zone transfers
-
Task summary
- Enabling BIG-IP to respond to zone transfer requests
- Enabling a DNS listener to process DNSSEC traffic
- Creating automatically managed DNSSEC zone-signing keys
- Creating manually managed DNSSEC zone-signing keys
- Creating automatically managed DNSSEC key-signing keys
- Creating manually managed DNSSEC key-signing keys
- Creating a DNSSEC zone
- Adding namserver objects that represent DNS servers
- Adding nameserver objects that represent DNS nameservers (clients)
- Configuring a DNS zone to answer zone transfer requests
- Viewing DNSSEC zone statistics
- Troubleshooting DNSSEC on the BIG-IP system
-
Configuring DNS Caching
- Overview: Using caching to improve DNS performance
- Configuring DNS cache global settings
-
Overview: Caching responses from external resolvers
- Creating a transparent DNS cache
- Enabling transparent DNS caching
- Assigning a custom DNS profile to an LTM virtual server
- Assigning a custom DNS caching profile to a GTM listener
- Creating a custom DNS monitor
- Creating a pool of local DNS servers
- Determining DNS cache performance
- Clearing a DNS cache
- Overview: Resolving queries and caching responses
- Overview: Resolving queries and caching validated responses
- Overview: Resolving queries for local zones with authoritative responses
- Overview: Forwarding specific DNS queries to specific nameservers
- Task summary
- Overview: Forwarding specific DNS queries to a pool of DNS servers
- Overview: Customizing a DNS cache
-
Configuring DNS Response Policy Zones
- Overview: DNS response policy zones and the BIG-IP system
- About creating an RPZ using ZoneRunner
-
About configuring the BIG-IP system to use an RPZ as a DNS firewall
- Optional: Adding a TSIG key for the server that hosts the RPZ
- Adding a nameserver object for the server that hosts the RPZ
- Creating an RPZ DNS Express zone
- Creating a DNS cache
- Adding a local zone to represent a walled garden
- Adding an RPZ to a DNS cache
- Staging the RPZ on your network
- Creating a custom DNS profile for DNS caching
- Creating listeners to identify DNS queries
- Creating virtual servers to process DNS queries
- Viewing DNS zone statistics
- Viewing DNS cache statistics
- About configuring the BIG-IP system as an RPZ distribution point
- Configuring DNS64
- Configuring IP Anycast (Route Health Injection)
-
Configuring Remote High-Speed DNS Logging
-
Overview: Configuring remote high-speed DNS logging
- Creating a pool of remote logging servers
- Creating a remote high-speed log destination
- Creating a formatted remote high-speed log destination
- Creating a publisher
- Creating a custom DNS logging profile for logging DNS queries
- Creating a custom DNS logging profile for logging DNS responses
- Creating a custom DNS logging profile for logging DNS queries and responses
- Creating a custom DNS profile to enable DNS logging
- Configuring a listener for DNS logging
- Configuring an LTM virtual server for DNS logging
- Disabling DNS logging
- Implementation result
-
Overview: Configuring remote high-speed DNS logging
-
Setting Up and Viewing DNS Statistics
-
Overview: Setting up and viewing DNS statistics
- Creating a DNS profile for AVR statistics collection
- Configuring a GTM listener for DNS AVR statistics collection
- Configuring an LTM virtual server for DNS AVR statistics collection
- Viewing DNS AVR statistics
- Viewing DNS AVR statistics in tmsh
- Viewing DNS global statistics
- Viewing DNS statistics for a specific virtual server
- Implementation result
-
Overview: Setting up and viewing DNS statistics
- Using ZoneRunner to Configure DNS Zones
- Troubleshooting a BIG-IP System with a Rate-Limited License
