Operational Guidelines
- Aliaksei Shautsou (Deactivated)
- Panna .
- Arkadi_Bourkov
Note
From NIOS 9.0 onwards, IB-4030 and IB-4030-10GE appliances are not supported.
Similar features and functionalities are available on software-based DNS Cache Acceleration appliances, and it is recommended to use the software-based DCA supported appliances. For a list of supported appliances, see as described in Supported DNS Cache Acceleration Appliances.
The specialized function of IB-4030 or IB-4030-10GE is to act as a high-speed DNS caching only name server. IB-4030 and IB-4030-10GE share the following characteristics:
- IB-4030 or IB-4030-10GE support the following:
- Up to six DNS views
- Forward zones and stub zones, but not authoritative zones
- Certain Finisar Copper and Fiber SFP modules
- Anycast for BGP v6 and OSPF v3
- DNS Anycast and IPv6 Anycast
- Up to 10,000 entries for each ACL (Access Control List)
- Only the cyclic ordering for A records over the IPv4 transport
- The IB-4030 or IB-4030-10GE LAN1, LAN2, MGMT and HA interfaces all support IPv4 and IPv6 transports and DNS services over IPv4 and IPv6.
- IB-4030 and IB-4030-10GE support the following IPv6 functions and applications:
- DNS over IPv6 LAN1, LAN2, MGMT, and HA interfaces
- IP6 addresses on a loopback interface
- CLI (SSH) access over IPv6
- GUI access over IPv6
- PAPI access over IPv6
- Sending SNMP traps over IPv6
- SNMP query over IPv6
- Sending messages to an external syslog server over IPv6
- Email relay over IPv6
- IPv6 static routes
- When a NIOS appliance or the host restarts, you might continue to receive responses for cached queries from the DNS cache accelerator. Queries that are not cached will not be answered.
- If query logging is enabled, only DNS queries will be logged.
- IB-4030 and IB-4030-10GE do not support the following:
- DHCP and IPAM functions
- Zone transfers or dynamic DNS updates
In cache-accelerated mode, IB-4030 and IB-4030-10GE have the following characteristics :
- They support DNS queries over IPv4 and IPv6 transports only for the following record types: A, AAAA, MX, PTR, and CNAME.
- When DNS service restarts due to changes in the DNS configuration, all DNS caches are cleared.
- IB-4030 or IB-4030-10GE with cached acceleration does not support monitoring of DNS packets. It still supports DNS monitoring alerts and IP rate limiting.
The table below lists the features that are supported or not supported for DNS cache acceleration feature on an IB-4030 appliance:
Table 1 Features on the DNS Cache Acceleration platforms
Features | Supported / Not Supported -Â IB-4030 or IB-4030-10GE | Supported / Not Supported - Software-Based appliances |
|---|---|---|
Tiered licensing | Four tiers of DNS queries per second are supported. Rate limiting enforces Queries Per Second (QPS) levels for Tier-2, Tier-3 and Tier-4. | Supported Note that only IB-4015 supports tiered licensing. |
RPZ | Supported When you enable RPZ license, the maximum cache lifetime for DNS cache acceleration is set to 300 seconds. | Supported For IB-FLEX appliances, only when you configure RPZ zones with DCA-enabled-flex-member, maximum cache lifetime is set to 300 seconds. |
Caching (A, AAAA, MX, CNAME, PTR) | Supported | Supported |
Do not cache: EDNS, TCP, Any, TSIG | Supported | Supported |
Caching over additional interfaces (v4, v6) | Supported | Supported |
Dump Acceleration Cache (CLI, GUI, PAPI) | Supported | Supported |
Clear Acceleration Cache (CLI, GUI, PAPI) | Supported | Supported |
Cache pre-fetch and cache refresh | Supported | Supported |
ACLs (Allow-queries/Responses, Match-Clients/Destination, Blackhole) | Supported | Supported |
AAAA Filtering (Bypassed but support configuring) | Supported | Supported |
Fixed RRSET ordering | Supported | Supported |
DNS64 | Supported | Supported |
DNS monitoring feature (netmon) | Supported | Supported |
DNS Query logging (BIND only) | Supported | Supported |
DNS Views | Supported, supports up to six DNS views. | Supported |
Forward/Stub zones | Supported | Supported |
DNS cache acceleration related restrictions for configuration. | Supported, for NIOS version 8.2.0 restrictions are enforced based on whether the DNS cache acceleration feature is enabled or disabled. | Supported |
Reporting | Supported, see Supported Reports for DNS Cache Acceleration Appliances. | Supported, see Supported Reports for DNS Cache Acceleration Appliances. |
VLAN | Supported | Supported |
DSCP | Supported | Supported DSCP is not supported when packets are processed by DNS cache acceleration over software- based DNS cache acceleration appliances: IB-22x5, IB-v22x5, IB-40x5, IB-v40x5. |
Sort list | Supported | Supported |
Anycast (OSPF and BGP) | Supported | Supported |
BFD (Bidirectional Forwarding Detection) | Supported | Supported |
HA Support | Supported | Supported |
NIC Bonding | Supported | Supported |
Multiple-Interfaces on same subnet | Supported | Not supported |
IP Rate-limit and Response logging | Not supported | Not supported |
EDNS Client Subnet support | Not supported | Not supported |
NXDOMAIN redirection | Supported | Supported |
DNSSEC (Bypassed but support configuring) | Supported | Supported |
Debug enhancements | Supported | Supported |
SNMP Support for DCA service related traps | Supported | Supported |
SNMP stats support for DNS QPS and CHR | Supported | Supported |
NX Mitigation | Not supported | Not supported |
NetFilter (Tracking tables) | Supported | Supported |
Traffic-capture (All modes) | Supported | Supported |
No flush-mode support for DNS cache acceleration cache | Supported | Supported |
Per-interface UDP DNS cache acceleration response counters | Supported | Supported |
CLI commands | You can use the commands | You can use the commands set dns-accel and show dns-accel to view and set DNS cache acceleration information, see see DNS Cache Acceleration CLI Commands. |
DNS Query rewrite (Bypassed but supports configuring) | Not supported | Not supported |
Threat Protection | Yes, you can enable threat protection and DNS cache acceleration simultaneously. | Supported |