F5 Logo MyF5
Search
  1. MyF5 Home
  2. Knowledge Centers
  3. BIG-IP LTM
  4. BIG-IP DNS Services: Implementations
  5. Configuring Protocol Validation and Response Cache
Manual Chapter : Configuring Protocol Validation and Response Cache

Applies To:

Show Versions Show Versions

BIG-IP LTM

  • 13.0.1, 13.0.0

BIG-IP DNS

  • 13.0.1, 13.0.0
Manual Chapter
Table of Contents | << Previous Chapter | Next Chapter >>

Overview: Configuring Protocol Validation and Response Cache

You can configure Protocol Validation so that responses, both authoritative and non-authoritative, are cached to hardware in order to mitigate against random source flood attacks. By configuring DNS Response Cache to offload/accelerate commonly requested entries in hardware, entries can still be responded to when the software is overwhelmed.

If you have a DNS Services rate-limited license, Response Cache is automatically disabled.

Task summary

Perform these tasks to configure DNS in order to accelerate DNS responses in hardware:

Enabling a bitstream

Ensure you are using a VIPRION® platform that supports FPGA firmware.
Enable the intelligent bitstream as part of the process to configure Protocol Validation and Response Cache.
  1. On the Main tab, click System > Resource Provisioning .
  2. For the FPGA Firmware Selection setting, select the l7-intelligent-fpga check box.
    Note: This setting is hidden if the appropriate hardware is not present.
  3. Click Submit.

Supported platforms for FPGA firmware selection

Platform family Platform model
VIPRION® B2250 blade
VIPRION C2200 chassis
VIPRION C2400 chassis
Note: Hardware DNS features are only available on platforms that support Altera FPGA, including Vic2 and later platforms.

Configuring Protocol Validation and Response Cache in a DNS profile

Ensure that the BIG-IP® system has a DNS Services license.
Configure Protocol Validation for dropping malformed packets and Response Cache to offload/accelerate commonly asked entries in hardware.
  1. On the Main tab, click DNS > Delivery > Profiles > DNS .
    The DNS list screen opens.
  2. In the name column, click the system-supplied dns profile.
    The DNS properties list screen opens.
  3. In the Hardware Acceleration area, from the Protocol Validation list, select Enabled.
  4. From the Response Cache list, select Enabled.
  5. Click Update.

Applying a DNS profile to a listener

Apply a DNS profile as part of the process to configure Protocol Validation and Response Cache.
  1. On the Main tab, click DNS > Delivery > Listeners .
    The Listeners List screen opens.
  2. In the Name column, click the name of a listener you want to modify.
  3. In the Service area, for the DNS Profile setting, select the dns profile.
    Note: When the listener is defined from the BIG-IP® LTM® Virtual Server page, select the udp_gtm_dns profile.
  4. Click Update.
Table of Contents | << Previous Chapter | Next Chapter >>
Contact Support Contact Support

Have a Question?

Support and Sales >

About F5

Education

F5 Sites

Support Tasks




©2023 F5 Networks, Inc. All rights reserved.


Trademarks Policies Privacy California Privacy Do Not Sell My Personal Information