You can configure DNS Express on BIG-IP Global Traffic Manager (GTM) to mitigate distributed denial-of-service attacks (DDoS) and improve performance of both the local BIND server on the BIG-IP system and any back-end DNS servers.
Perform these tasks to configure DNS Express on your BIG-IP system.
Create a DNS Express TSIG key when you want to verify the identity of the authoritative server that is sending information about the zone.
|Allow||Forward the connection request to another DNS server or DNS server pool. Note that if a DNS server pool is not associated with a listener and the Use BIND Server on BIG-IP option is enabled, connection requests are forwarded to the local BIND server. (Allow is the default value.)|
|Drop||Do not reply.|
|Reject||Return the query with the REFUSED return code.|
|Hint||Return the query with a list of root name servers.|
|No Error||Return the query with the NOERROR return code.|
You can view information about the zones that are protected by DNS Express.
|SOA Records||Displays start of authority record information.|
|Resource Records||Displays the number of resource records for the zone.|