/
Operational Guidelines
Document toolboxDocument toolbox

Operational Guidelines

Owned by Panna .
Nov 16, 2023
3 min read

The specialized function of appliances that support DNS Cache Acceleration is to act as a high-speed DNS caching-only name server. The DNS Cache Acceleration appliances share the following characteristics:

  • The DNS Cache Acceleration appliances support the following:

    • Up to six DNS views

    • Forward zones and stub zones, but not authoritative zones

    • Certain Finisar Copper and Fiber SFP modules

    • Anycast for BGP v6 and OSPF v3

    • DNS Anycast and IPv6 Anycast

    • Up to 10,000 entries for each ACL (Access Control List)

    • Only the cyclic ordering for A records over the IPv4 transport

  • The LAN1, LAN2, MGMT and HA interfaces of DNS Cache Acceleration appliances support IPv4 and IPv6 transports and DNS services over IPv4 and IPv6 networks.

  • The DNS Cache Acceleration appliances support the following IPv6 functions and applications:

    • DNS over IPv6 LAN1, LAN2, MGMT, and HA interfaces

    • IP6 addresses on a loopback interface

    • CLI (SSH) access over IPv6

    • GUI access over IPv6

    • PAPI access over IPv6

    • Sending SNMP traps over IPv6

    • SNMP query over IPv6

    • Sending messages to an external syslog server over IPv6

    • Email relay over IPv6

    • IPv6 static routes

  • When a NIOS appliance or the host restarts, you might continue to receive responses for cached queries from the DNS cache accelerator. Queries that are not cached will not be answered.

  • If query logging is enabled, only DNS queries will be logged.

  • The DNS Cache Acceleration appliances do not support the following:

    • DHCP and IPAM functions

    • Zone transfers or dynamic DNS updates

In cache-accelerated mode, the DNS Cache Acceleration appliances have the following characteristics :

  • They support DNS queries over IPv4 and IPv6 transports only for the following record types: A, AAAA, MX, PTR, and CNAME.

  • When the DNS service restarts due to changes in the DNS configuration, all DNS caches are cleared.

  • Appliances with cached acceleration do not support monitoring of DNS packets. They support DNS monitoring alerts and IP rate limiting.

The table below lists the features that are supported or not supported for the DNS Cache Acceleration feature on an appliance that supports DNS Cache Acceleration:

Features on the DNS Cache Acceleration platforms

Features

Supported / Not Supported - Software-Based appliances

Features

Supported / Not Supported - Software-Based appliances

Tiered licensing

Supported
Note that only IB-4015 and TE-4126 support tiered licensing.

RPZ

Supported
For IB-FLEX appliances, only when you configure RPZ zones with DCA-enabled-flex-member, maximum cache lifetime is set to 300 seconds.

Caching (A, AAAA, MX, CNAME, PTR)

Supported

Caching of Type 64 and 65 resource records

Supported from NIOS 9.0.2 onwards

Resource records of type 64 and 65 (HTTPS and SVCB)

Supported from NIOS 9.0.2 onwards

Do not cache: EDNS, TCP, Any, TSIG

Supported

Caching over additional interfaces (v4, v6)

Supported

Dump Acceleration Cache (CLI, GUI, PAPI)

Supported

Clear Acceleration Cache (CLI, GUI, PAPI)

Supported

Cache pre-fetch and cache refresh

Supported

ACLs (Allow-queries/Responses, Match-Clients/Destination, Blackhole)

Supported

AAAA Filtering (Bypassed but support configuring)

Supported

Fixed RRSET ordering

Supported

DNS64

Supported

DNS monitoring feature (netmon)

Supported

DNS Query logging (BIND only)

Supported

DNS Views

Supported

Forward/Stub zones

Supported

DNS cache acceleration related restrictions for configuration.

Supported

Reporting

Supported, see Supported Reports for DNS Cache Acceleration Appliances.

VLAN

Supported

DSCP

Supported

DSCP is not supported when packets are processed by the DNS Cache Acceleration feature in software-based DNS cache acceleration appliances: IB-22x5, IB-V22x5, IB-40x5, IB-V40x5, TE-2326, TE-4126, IB-V2326, IB-V4126

Sort list

Supported

Anycast (OSPF and BGP)

Supported

BFD (Bidirectional Forwarding Detection)

Supported

HA Support

Supported

NIC Bonding

Supported

Multiple-Interfaces on same subnet

Not supported

IP Rate-limit and Response logging

Not supported

EDNS Client Subnet support

Not supported

NXDOMAIN redirection

Supported

DNSSEC (Bypassed but support configuring)

Supported

Debug enhancements

Supported

SNMP Support for DCA service related traps

Supported

SNMP stats support for DNS QPS and CHR

Supported

NX Mitigation

Not supported

NetFilter (Tracking tables)

Supported

Traffic-capture (All modes)

Supported

No flush-mode support for DNS cache acceleration cache

Supported

Per-interface UDP DNS cache acceleration response counters

Supported

CLI commands

You can use the  commands set dns-accel and show dns-accel  to view and set the DNS Cache Acceleration. For more information, see DNS Cache Acceleration CLI Commands.

DNS Query rewrite (Bypassed but supports configuring)

Not supported

Threat Protection

Supported

 

Related content