Applies To:

Show Versions Show Versions

Manual Chapter: Customizing a DNS Cache
Manual Chapter
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Overview: Customizing a DNS cache

You can customize a DNS cache on the BIG-IP system to meet specific network needs by changing the default values on the DNS cache settings.

Configuring a DNS cache to answer queries for local zones

You can configure a DNS cache on the BIG-IP system to answer client requests for local zones.
  1. On the Main tab, click Local Traffic > DNS Caches > DNS Cache List. The DNS Cache List screen opens.
  2. Click the name of the cache you want to modify.
  3. Select the Enabled check box for the Answer Default Zones setting, when you want the BIG-IP system to answer queries for the default zones: localhost, reverse 127.0.0.1 and ::1, and AS112 zones.
  4. Click Update.

Configuring a DNS cache to use specific root nameservers

You can configure a resolver or validating resolver DNS cache on the BIG-IP system to use a specific server as an authoritative nameserver for the DNS root nameservers.
  1. On the Main tab, click Local Traffic > DNS Caches > DNS Cache List. The DNS Cache List screen opens.
  2. Click the name of the cache you want to modify.
  3. In the Root Hints section, in the IP address field, type the IP address of a DNS server that the system considers authoritative for the DNS root nameservers, and then click Add.
    CAUTION:
    By default, the system uses the DNS root nameservers published by InterNIC. When you add DNS root nameservers, the BIG-IP system no longer uses the default nameservers published by InterNIC, but uses the nameservers you add as authoritative for the DNS root nameservers.
    Based on your network configuration, add IPv4 or IPv6 addresses or both.
  4. Click Update.

Configuring a DNS cache alert for cache poisoning

You can configure a resolver or validating resolver DNS cache on the BIG-IP system to generate SNMP alerts and log messages when the cache receives unsolicited replies. This is helpful as an alert to a potential security attack, such as cache poisoning or DOS.
  1. On the Main tab, click Local Traffic > DNS Caches > DNS Cache List. The DNS Cache List screen opens.
  2. Click the name of the cache you want to modify.
  3. In the Unsolicited Reply Threshold field, change the default value if you are using the BIG-IP system to monitor for unsolicited replies using SNMP. The system always rejects unsolicited replies. The default value of 0 (off) indicates the system does not generate SNMP traps or log messages when rejecting unsolicited replies. Changing the default value alerts you to a potential security attack, such as cache poisoning or DOS. For example, if you specify 1,000,000 unsolicited replies, each time the system receives 1,000,000 unsolicited replies, it generates an SNMP trap and log message.
  4. Click Update.
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)