Viewing rate-limited license statistics
5. In the Global Traffic Management area, view the Effective Rate Limit (RPS), Object Count, and Rate
Rejects statistics.
Description Statistic type
The number of DNS name resolution requests per second the GTM system handles based on the rate-limited license installed on the system.
Effective Rate Limit (RPS)
The sum of these objects configured on the GTM system: data centers, wide IPs, wide IP aliases, servers, GTM pools, GTM pool members, virtual servers, GTM iRules®, and topology records.
Object Count
The number of DNS requests that the GTM system has rejected based on the rate limit of the license installed on the system.
Tip: The GTM license includes the DNS Services license. Global traffic
management requests (requests for wide IPs) are a subset of DNS requests.
Rate Rejects
Therefore, when the number of requests that GTM receives for a wide IP exceeds the DNS Services rate limit, the Rate Rejects count for DNS increments, rather than the Rate Rejects count for Global Traffic Management incrementing.
Index
A
address mapping, about IPv6 to IPv4140
allow-transfer statement
modifying for zone transfers27
allow-transfer statement, modifying for zone file transfers44,
53
also-notify statement
sending NOTIFY message from local BIND to DNS Express28
Analytics
and viewing DNS statistics157
and viewing DNS statistics in tmsh157
creating profile for DNS AVR statistics collection156
Anycast, See IP Anycast.
Application Visibility and Reporting (AVR) and DNS statistics collection156
and viewing DNS statistics157
AVR, and viewing DNS statistics157
B
BIG-IP system
configured as authoritative DNS server24
configured as secondary DNS server24
C
cache clearing
100, 106, 113
and groups of records101, 106, 113
using tmsh101, 107, 114
cache poisoning, and configuring SNMP alerts124
cache size, managing105, 112
caching
and DNS profiles132
caching, and DNS profiles96, 103, 110, 121
custom DNS profiles
and disabling DNS logging154
and enabling DNS Express30
and enabling DNS zone transfers34, 135
and enabling high-speed DNS logging153
and logging DNS queries and responses151–152
and logging DNS responses152
creating144
creating to enable DNSSEC signing of zone transfers81
enabling zone transfers46, 54
custom DNS profiles, and caching DNS responses96
custom monitors, creating DNS55, 97, 120
D
destinations for logging150
for remote high-speed logging150
DLV anchors
and adding to validating resolvers110
DLV anchors (continued)
obtaining for validating resolvers61, 109
DNS
adding nameservers (clients) to BIG-IP34, 86
DNS64, configuring140 DNS AVR statistics overview156 DNS cache 93 about92
about configuring for specific needs123
about forward zones117
about resolver92, 102
about transparent94
about validating resolver92, 107
adding an RPZ130–131
adding local zones130
and adding DLV anchors to validating resolvers110
and adding trust anchors to validating resolvers109
and BIG-IP virtual servers as nameservers for a forward zone123
and BIG-IP virtual servers as nameservers for forward zones119
and creating validating resolvers108
and deleting nameservers associated with a forward zone
119
and forwarding requests to a local zone115
and forward zones117, 119
and local zones114, 117
and modifying forward zones118
and obtaining trust and DLV anchors for validating resolvers61, 109
and statistics for forward zones119
clearing100–101, 106–107, 113–114
clearing groups of records101, 106, 113
configuring to alert for cache poisoning124
configuring to answer DNS queries for default local zones
123
configuring to answer DNS queries for local static zones
115
configuring to generate SNMP alerts124
configuring to use specific root nameservers124
configuring transparent92
creating resolver103, 121
creating transparent95
forward zones about117
managing cache size105, 112
managing transparent cache size100
viewing99, 104, 111
viewing statistics98–99, 103–104, 111, 134
viewing statistics using tmsh99, 105, 112
DNS cache forwarder deleting118
DNS cache profiles
assigning to virtual servers96
customizing to cache DNS responses96, 103, 110, 121
DNS cache profiles, assigning to listeners97
171 Index
DNS caches
adding forward zones118
DNS Express about24
about answering DNS queries25
about answering zone transfer queries25
about configuring24
about zone transfer requests33
acting as secondary authoritative DNS server25, 33
acting as slave DNS server25
and authoritative DNS servers29, 86
and DNSSEC security78
and handling NOTIFY messages without TSIG HMAC30
and listeners31, 132
and NOTIFY messages from local BIND28
and virtual servers32, 133
and zone transfer requests34
enabling30
DNS Express zone
and creating an RPZ129
configuring as an RPZ distribution point135
DNS fast path about38
DNS firewall
and RPZs on the BIG-IP system128
DNS global settings, configuring93
DNS global statistics, overview156
DNS high-speed logging, overview148
DNS Logging disabling154
enabling153
DNS Logging profile
assigning to listener153
assigning to virtual server154
DNS logging profiles, customizing151–152
DNS monitor, creating55, 97, 120
DNS profiles
and disabling DNS logging154
and enabling high-speed DNS logging153
and global statistics158
and IPv6 to IPv4 mapping141–142
and listeners configured for route advertisement144
assigning to listeners97, 141
assigning to virtual servers142
creating144
creating Rapid-Response38
creating to enable DNSSEC signing of zone transfers81
customizing to cache DNS responses96, 103, 110, 121,
132
customizing to handle IPV6 to IPv4 address mapping140
enabling DNS Express30
enabling DNS zone transfers34, 135
enabling zone transfers46, 54
handling non-wide IP queries144
DNS proxy about42, 50
DNS queries
creating listeners to forward47
DNS Rapid-Response and viewing statistics39
system validation errors and warnings38
DNS RPZ
creating virtual servers to handle zone transfer requests
136
DNSSEC
and accessing SEP records for a zone88
and DNS infrastructure illustrated62
and dynamic signing of static zones77, 80
and zone transfers78–79
configuring compliance62
DNSSEC, about60
dnssec keys
and generations88
DNSSEC keys
and DNS zone proxy79
creating for emergency rollover63–66, 82–83, 85
creating for key signing65–66, 83, 85
creating for zone signing63–64, 82–83
creating key-signing keys for use with network HSM70,
72, 75
creating zone-signing keys for use with network HSM69– 70, 74
DNSSEC keys, about60
DNSSEC records, viewing88
DNSSEC zones
and signature validation67, 73, 77
and statistics87
assigning keys67, 72, 76, 85
creating67, 72, 76, 85
DNS server pools, and listeners122
DNS servers
and adding server TSIG keys45
and creating pools97, 121
and custom DNS cache profiles96
and load balancing zone transfer requests55
configuring to allow zone file transfers44, 53
configuring to allow zone transfers27
DNS servers, and zone transfers163
DNS Services
about rate-limited license statistics170
DNS services, about IP Anycast144
DNS statistics
collecting AVR statistics156
viewing analytics in tmsh157
viewing global158
viewing in AVR157
viewing per virtual server158
DNS traffic
and statistics per virtual server158
DNS views, creating165
DNS zone files, described166
DNS zone proxy
and adding DNS nameservers to the BIG-IP system configuration45, 54
and DNSSEC79
DNS zones
about load balancing zone transfers to a pool of DNS servers50
about TSIG authentication50
about TSIG key authentication26, 42–43, 51
and DNSSEC security78–79
and statistics32, 134
DNS zones (continued) creating29
creating proxy46, 56
DNS zone transfer requests
creating listeners to load balance56
DS records
and SEP records61, 109
E
effective rate limit (RPS)
about rate-limited license statistics170
emergency rollover
and DNSSEC key-signing keys65–66, 83, 85
and DNSSEC zone-signing keys63–64, 82–83
F
fast path DNS about38
file transfers, See zone file transfers. firewall
and RPZs on the BIG-IP system128
forward zones
and BIG-IP virtual servers as nameservers119
and deleting nameservers119
and DNS caches118
and DNS caching117
and listeners123
and reverse zones118
and viewing statistics119
G
generations and keys88
GTM
about rate-limited license statistics170
H
high-speed logging and DNS148
and server pools149
Hint zone, configuring using ZoneRunner163
I
IP Anycast about144
and listeners145
IPv4-only servers
and mapping to IPv6-only clients140
passing traffic from IPv6-only clients141–142
IPv6-only clients
about mapping to IPv4-only servers140
passing traffic to IPv4-only DNS servers141–142
IPv6 to IPv4 mapping
and DNS profiles140–142
configuring listeners141
configuring virtual servers142
K
key-signing keys
creating65–66, 83, 85
creating for use with network HSM70, 72, 75
L
listeners
advertising virtual addresses146
and creating to handle zone transfer requests for an RPZ
136
and IPv6 to IPv4 mapping141
and pools of DNS servers122
and route advertisement146
and ZebOS144
assigning custom DNS profile for DNS caching97
assigning DNS Logging profile153
assigning DNS profiles141
configuring for route advertisement145
creating to forward DNS queries47
creating to identify DNS Express traffic31, 132
creating to identify DNSSEC traffic81
creating to identify DNS traffic63, 68, 74
creating to load balance zone transfer requests56
defined27, 44, 52
dynamic routing protocol144
passing traffic between IPv6-only clients and IPv4-only DNS servers141
load balancing
zone transfer requests to a pool50
local BIND servers, and DNS profiles144
local zone
and DNS cache forwarding115
local zones
adding to DNS cache for walled garden130
and configuring DNS cache to answer DNS queries123
and configuring DNS cache to answer DNS queries for static115 and DNS caching114, 117 logging and destinations150 and pools149 and publishers151
DNS queries and responses151–152
DNS responses152
M
message cache
managing size105, 112
managing size for transparent cache100
N
named.conf
configuring using ZoneRunner162
defined162
nameserver cache, managing size105, 112
nameservers
adding authoritative DNS servers29, 86
adding DNS nameservers (clients) to BIG-IP34, 86
173 Index
nameservers (continued)
adding to the BIG-IP system configuration45, 54
adding zone transfer clients34
and listeners123
and modifying forward zones119
nameservers, adding for an RPZ129
non-wide IP queries, and custom DNS profiles144
NOTIFY messages
disabling TSIG verification for DNS Express zones30
NXDOMAIN response, and RPZs126
O
object count
about rate-limited license statistics170
P
pools
and DNS servers55, 97, 121
for high-speed logging149
profiles
and disabling DNS logging154
creating custom DNS96, 103, 110, 121, 132
creating custom DNS logging151
creating custom DNS query and response logging152
creating custom DNS response logging152
creating custom DNS to enable zone transfers46, 54
creating DNS140
creating DNS Rapid-Response38
creating for DNS AVR statistics collection156
creating for DNS Express30
creating for DNS logging153
creating for DNS zone transfers34, 135
creating to enable DNSSEC signing of zone transfers81
proxy zones creating46, 56
publishers
creating for logging151
R
Rapid-Response DNS and DNS profiles38
rate-limited DNS Services license and viewing statistics170
rate-limited GTM license and viewing statistics170
rate rejects
about rate-limited license statistics170
remote servers
and destinations for log messages150
for high-speed logging149
resolver cache about102
creating103, 121
resolver DNS cache about92
resource record cache managing size105, 112
managing size for transparent cache100
response policy zone (RPZ)
about configuring BIG-IP as a distribution point135
adding nameservers129
adding to a DNS cache131
adding to DNS caches130
and BIG-IP systems126, 128
and configuring resource records using ZoneRunner127
and creating a DNS Express zone129
and creating listeners to handle zone transfer requests
136
configuring a zone as a distribution point135
creating using ZoneRunner126
creating with ZoneRunner126
staging on your network131
reverse zones
and forward zones118
root nameservers, and DNS cache124
route advertisement, and listeners145–146
route health injection 144
See also IP Anycast. about144
See also IP Anycast.
S
secondary DNS server
about BIG-IP and zone transfer requests42
about BIG-IP load balancing zone transfer requests50
about DNS Express25 and DNS Express33 and DNSSEC78–79 SEP records about61, 109 viewing88
server pools, and listeners122
servers
and destinations for log messages150
and publishers for log messages151
for high-speed logging149
signature validation, of DNSSEC zones67, 73, 77
slave DNS server
about BIG-IP and zone transfer requests42
about BIG-IP load balancing zone transfer requests50
about DNS Express25
and DNS Express25, 33
and DNSSEC78–79
SNMP alerts
and cache poisoning124
configuring cache to generate105, 112
static zones
and dynamic DNSSEC signing77, 80
statistics
and viewing for Rapid-Response DNS traffic39
viewing DNS global158
viewing for a DNS cache99, 104, 111, 134
viewing for cache98, 103, 111
viewing for DNS cache99, 105, 112
viewing for DNSSEC zones87
viewing for DNS traffic per virtual server158
viewing for DNS zones32, 134
T
tmsh, and viewing cache statistics99, 105, 112
transparent cache about94 creating95 managing size100 transparent DNS cache about92 trust anchors
adding to validating resolvers109
obtaining for validating resolvers61, 109
TSIG authentication about50–51
TSIG key
adding to BIG-IP system configuration128
TSIG key, adding to BIG-IP system configuration28
TSIG key authentication about26, 42–43, 50–51
and DNS Express33
and load balancing zone transfer requests to a pool50
and zone transfer requests42
TSIG keys
adding server TSIG45
creating53
U
Unsolicited Replies Threshold setting, modifying105, 112
V
validating resolver caches about107
and adding DLV anchors110
and adding trust anchors109
and obtaining trust and DLV anchors61, 109
creating108
validating resolver DNS cache about92
views
creating for DNS in ZoneRunner165
defined165
virtual addresses, advertising146
virtual servers
and IPv6 to IPv4 mapping142
assigning DNS cache profiles96
assigning DNS Logging profile154
assigning DNS profiles142
creating to forward DNS zone transfer requests47
creating to handle RPZ zone transfer requests136
creating to identify DNS Express traffic32, 133
creating to load balance zone transfer requests57
passing traffic between IPv6-only clients and IPv4-only DNS servers142
W
walled garden
and adding local zone to DNS cache130
and RPZs on the BIG-IP system126
Z
ZebOS dynamic routing protocol and listeners145
enabling144
verifying route advertisement146
zone file transfers, and configuring DNS servers44, 53
ZoneRunner about162
and configuring a hint zone163
and configuring a zone162
and configuring named162
and configuring resource records for an RPZ127
and creating DNS views165
and viewing DNSSEC records88
creating an RPZ126
creating RPZs126
zones
and zone transfers87
configuring hint163
configuring using ZoneRunner162
zones creating DNSSEC 67, 72, 76, 85
See also DNSSEC zones. zone-signing keys
creating63–64, 82–83
creating for use with network HSM69–70, 74
zones protecting from DDoS attacks creating29
zones transfers and RPZs135
zone transfer requests
and BIG-IP as zone proxy42
and DNS Express33
and DNS zones34
creating virtual servers to forward47
creating virtual servers to load balance57
load balancing to a pool50
load balancing using TSIG authentication51
zone transfers
about configuring for RPZs135
and configuring DNS servers27
and DNSSEC78–79
and RPZs136
creating virtual servers to handle for RPZs136
zone transfers, and GTM163
175 Index