Applies To:

Show Versions Show Versions

Manual Chapter: Configuring Fast DNS
Manual Chapter
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Overview: Improving DNS performance by caching responses from external resolvers

You can configure a transparent cache on the BIG-IP system to use external DNS resolvers to resolve queries, and then cache the responses from the resolvers. The next time the system receives a query for a response that exists in the cache, the system immediately returns the response from the cache. The transparent cache contains messages and resource records.

A transparent cache in the BIG-IP system consolidates content that would otherwise be cached across multiple external resolvers. When a consolidated cache is in front of external resolvers (each with their own cache), it can produce a much higher cache hit percentage.

F5 Networks recommends that you configure the BIG-IP system to forward queries, which cannot be answered from the cache, to a pool of local DNS servers rather than the local BIND instance because BIND performance is slower than using multiple external resolvers.

Note: For systems using the DNS Express feature, the BIG-IP system first processes the requests through DNS Express, and then caches the responses.
BIG-IP system using transparent cache Illustration of BIG-IP system using transparent cache

Task summary

Perform these tasks to configure a transparent cache on the BIG-IP system.

Creating a transparent DNS cache

Create a transparent cache on the BIG-IP system when you want the system to cache DNS responses from external DNS resolvers.
  1. On the Main tab, click Local Traffic > DNS Caches > DNS Cache List. The DNS Cache List screen opens.
  2. Click Create. The New DNS Cache screen opens.
  3. In the Name field, type a name for the cache.
  4. From the Resolver Type list, select Transparent.
  5. Click Finished.
Associate the DNS cache with a custom DNS profile.

Creating a custom DNS profile for transparent DNS caching

Ensure that at least one transparent cache exists on the BIG-IP system.
You can create a custom DNS profile to configure the BIG-IP system to cache responses to DNS queries.
  1. On the Main tab, click Local Traffic > Profiles > Services > DNS. The DNS profile list screen opens.
  2. Click Create. The New DNS Profile screen opens.
  3. In the Name field, type a name for the profile.
  4. In the Parent Profile list, accept the default dns profile.
  5. Select the Custom check box. The fields in the Settings area become available for revision.
  6. From the Use BIND Server on BIG-IP list, select Disabled.
  7. From the DNS Cache list, select Enabled. When you enable the DNS Cache option, you must also select a DNS cache from the DNS Cache Name list.
  8. From the DNS Cache Name list, select the DNS cache that you want to associate with this profile. You can associate a DNS cache with a profile, even when the DNS Cache option, is Disabled. This allows you to enable and disable the cache for debugging purposes.
  9. Click Finished.
Assign the custom DNS profile to the virtual server that handles the DNS traffic from which you want to cache responses.

Assigning a custom DNS profile to a GTM listener

Ensure that at least one custom DNS profile that is configured for DNS caching exists on the BIG-IP system.
You can assign a custom DNS profile to a listener to enable the BIG-IP system to perform DNS caching on the traffic the listener handles.
Note: This task applies only to GTM-provisioned systems.
  1. On the Main tab, click Global Traffic > Listeners. The Listeners List screen opens.
  2. Click the name of the listener you want to modify.
  3. From the DNS Profile list, select the custom DNS profile you created for DNS caching.
  4. Click Finished.

Creating a custom DNS monitor

Create a custom DNS monitor to send DNS requests, generated using the settings you specify, to a pool of DNS servers and validate the DNS responses.
Important: When defining values for custom monitors, make sure you avoid using any values that are on the list of reserved keywords. For more information, see solution number 3653 (for version 9.0 systems and later) on the AskF5 technical support web site.
  1. On the Main tab, click Local Traffic > Monitors. The Monitor List screen opens.
  2. Click Create. The New Monitor screen opens.
  3. Type a name for the monitor in the Name field.
  4. From the Type list, select DNS.
  5. In the Configuration area of the screen, select Advanced. This selection makes it possible for you to modify additional default settings.
  6. Configure settings based on your network requirements.
  7. Click Finished.

Creating a pool of local DNS servers

Ensure that you have created a custom DNS monitor to assign to the pool of DNS servers. Gather the IP addresses of the DNS servers that you want to include in a pool to which the BIG-IP system load balances DNS traffic.
  1. Log in to the command-line interface of the BIG-IP system.
  2. Type tmsh, to access the Traffic Management Shell.
  3. Run a variation on this command sequence to create a pool using the IP addresses of the DNS servers on your network: create /ltm pool DNS_pool members add { 10.10.1.1:domain 10.10.1.2:domain 10.10.1.3:domain } monitor my_custom_dns_monitor
    Note: :domain indicates the DNS port.
    When you run this example command, the system creates a pool named DNS_pool that includes three DNS servers with the following IP addresses: 10.10.1.1, 10.10.1.2, and 10.10.1.3. The custom DNS monitor you created to monitor DNS servers is assigned to the pool. The monitor sends DNS requests to the pool of DNS servers and validates the DNS responses.
  4. Run this command sequence to save the pool: save /sys config
  5. Run this command sequence to display the pool: list /ltm pool
  6. Verify that the pool is configured correctly.

Determining DNS cache performance

You can view statistics to determine how well a DNS cache on the BIG-IP system is performing.
  1. On the Main tab, click Statistics > Module Statistics > Local Traffic. The Local Traffic Statistics screen opens.
  2. From the Statistics Type list, select DNS Cache.
  3. In the Details column for a cache, click View, to display detailed information about the cache.
  4. To return to the Local Traffic Statistics screen, click Back.

Viewing records in a DNS cache

You can view records in a DNS cache to determine how well a specific cache on the BIG-IP system is performing.
  1. Log in to the command-line interface of the BIG-IP system.
  2. At the BASH prompt, type tmsh.
  3. At the tmsh prompt, type show ltm dns cache <cache type> <cache name>, and press Enter. For example, the command sequence show ltm dns cache transparent my_transparent_cache, displays the messages and resource records in the transparent cache named my_transparent_cache.

Viewing DNS cache statistics using tmsh

You can view DNS cache statistics using tmsh to determine how well a specific cache on the BIG-IP system is performing.
  1. Log in to the command-line interface of the BIG-IP system.
  2. At the BASH prompt, type tmsh.
  3. At the tmsh prompt, type show ltm dns cache, and press Enter. Statistics for all of the DNS caches on the BIG-IP system display.
  4. At the tmsh prompt, type show ltm dns cache <cache-type>, and press Enter. For example, the command sequence show ltm dns cache transparent, displays statistics for each of the transparent caches on the system.
  5. At the tmsh prompt, type show ltm dns cache <cache type> <cache name>, and press Enter. For example, the command sequence, show ltm dns cache transparent my_t1, displays statistics for the transparent cache on the system named my_t1.

Managing transparent cache size

Determine the amount of memory the BIG-IP system has and how much of that memory you want to commit to DNS caching. View the statistics for a cache to determine how well the cache is working.
You can change the size of a DNS cache to fix cache performance issues.
  1. On the Main tab, click Local Traffic > DNS Caches > DNS Cache List. The DNS Cache List screen opens.
  2. Click the name of the cache you want to modify.
  3. In the Message Cache Size field, type the maximum size in bytes for the DNS message cache. The BIG-IP system caches the messages in a DNS response in the message cache. A higher maximum size makes if possible for more DNS responses to be cached and increases the cache hit percentage. A lower maximum size forces earlier eviction of cached content, but can lower the cache hit percentage.
    Important: The message cache size includes all tmms on the BIG-IP system; therefore, if there are eight tmms, multiply the size by eight and put that value in this field.
  4. In the Resource Record Cache Size field, type the maximum size in bytes for the DNS resource record cache. The BIG-IP system caches the supporting records in a DNS response in the Resource Record cache. A higher maximum size makes if possible for more DNS responses to be cached and increases the cache hit percentage. A lower maximum size forces earlier eviction of cached content, but can lower the cache hit percentage.
    Important: The resource record cache size includes all tmms on the BIG-IP system; therefore, if there are eight tmms, multiply the size by eight and put that value in this field.
  5. Click Finished.

Clearing a DNS cache

You can clear all records from a specific DNS cache on the BIG-IP system.
  1. On the Main tab, click Local Traffic > DNS Caches > DNS Cache List. The DNS Cache List screen opens.
  2. Click the Statistics tab. The Local Traffic Statistics screen opens.
  3. Select the check box next to the cache you want to clear, and then click Clear Cache.

Clearing specific records from a DNS cache

You can clear specific records from a DNS cache using tmsh. For example, you can delete all RRSET records or only the A records in the specified cache.
Tip: In tmsh, you can use the command completion feature to discover the types of records that are available for deletion.
  1. Log in to the command-line interface of the BIG-IP system.
  2. At the BASH prompt, type tmsh.
  3. At the tmsh prompt, type ltm dns cache records, and press Enter to navigate to the dns cache records module.
  4. Type delete <cache-type> type <record-type> cache <cache-name>, and press Enter. For example, the command sequence delete rrset type a cache my_resolver_cache, deletes the A records from the resource record cache of the resolver cache named my_resolver_cache.

Implementation result

You now have an implementation in which the BIG-IP system caches DNS responses from external DNS resolvers, and answers queries for a cached response. Additionally, the system forwards DNS queries that cannot be answered from the cache to a pool of local DNS servers.

Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)