When you enable the virtual DNS cache acceleration feature on IB-FLEX and non IB-FLEX appliances, it acts as a high-speed DNS caching-only name server. This feature provides DNS cache acceleration support for recursive UDP DNS queries.

The DNS cache acceleration feature is bundled with tiered licensing for IB-FLEX appliances and for non-IB-FLEX appliances it is based on the type of tiered license that is installed. Only the Tier 1 (unlimited QPS up to capability) license can be installed on IB-2215 and IB-V2225 appliances. When you install the license, you are entitled to use the DNS cache acceleration feature. For non-IB-Flex appliances, the warning message is based on the tiered license that is installed, and the QPS is rate-limited which is based on the type of license installed. If the tiered license and the QPS exceed the threshold, a warning message is displayed. For more information on the Tiered licensing feature, see the Features on the Software DNS Cache Acceleration Platforms table below for features on the Software DNS cache acceleration platforms.

All the appliances support RPZ, but the response for RPZ queries are not cached by the DNS cache accelerator. Instead, these queries are bypassed to the host. You can configure the cache expiry period for RPZ queries. Note that the maximum cache lifetime for DNS cache acceleration is set to 300 seconds if the RPZ license is installed. However, for IB-Flex appliances, you must configure RPZ zones for a member.

You can also use elastic scaling to pre-provision DNS cache acceleration. These appliances support Intel x86_64 systems with IOMMU, Hugepages processors, virtio-net, and Intel 82599 10 G NIC and SRIOV with Intel 82599 ethernet controllers for DNS cache acceleration.

You can configure DNS cache acceleration using the Grid Manager or API. To view accelerated cache details, you can either log in to Grid Manager, or use CLI commands, or Infoblox API. Infoblox supports Auto Scaling that contains OpenStack packages to automatically scale the required number of resources based on your application. For more information, refer to Auto Scaling for Virtual DNS Cache Acceleration.

From NIOS 9.0.4 onwards:

Associated characteristics of the supported appliance include the following:

• Cache delete through the Grid Manager, CLI, or Infoblox API. For more information, see Clearing DNS Cache.

• ACL for IPv4 and IPv6.

• Sending SNMP traps for DNS cache acceleration service.

• SNMP queries for supported appliances.

• Fixed RRSET order for accelerated responses, for A and AAAA record types, for IPv4, and IPv6.

• Both non-accelerated recursive and authoritative DNS with Software ADP.

The following table lists the features that are either supported or not supported on the Software DNS cache acceleration platforms:

Features on the Software DNS Cache Acceleration Platforms

Viewing Accelerated Cache Details

When you view cached contents of the DNS accelerator through the Grid Manager, there might be a slight impact on the DNS query performance of the selected member.

To view accelerated cache from the Grid Manager:

1. From the Data Management tab, select the DNS tab and click the Members tab -> Member checkbox. Choose View from the Toolbar, and then click View Cache.

2. Click Yes in the View Acceleration Cache dialog box.

3. The system displays a File Download was Successful message and the cache data is displayed in table format in a new browser tab or browser window.

Limitations for Virtual DNS Cache Acceleration

• You cannot enable the DNS cache acceleration feature during a scheduled NIOS upgrade, but if you have already enabled this feature, it will function normally during the upgrade process.

• The appliance prompts for a reboot when you enable the DNS cache acceleration feature for the first time. You must accept it to start the service.

• You must disable the DNS cache acceleration feature and reboot the appliance manually to switch from virtual DNS cache acceleration to authoritative servers.

• The appliance prompts for a reboot when you enable virtual DNS cache acceleration and Software ADP on IB-FLEX, IB-22x5 and IB-40x5 platforms .

• DSCP is not supported if vDCA is enabled on IB-FLEX 22x5 and IB-40x5.

• DHCP license cannot be installed if the DCA license is installed and vice versa.

• DCA and Microsoft Management licenses cannot be installed and configured simultaneously.

• On all vNIOS appliances that support vDCA (virtual DNS Cache Acceleration) or vADP (virtual Advanced DNS Protection), you must run vDCA or vADP on a single virtual NUMA node. If the configuration of the virtual NUMA node and physical NUMA node are not the same, it may result in performance degradation.

• For virtual DCA appliances using virtio, it is recommended to increase the number of virtio queues to 2 for IB-v14x5, 4 for IB-v22x5, 4 for IB-v40x5, 2 for IB-FLEX Small, 4 for IB-FLEX Medium and 4 for IB-FLEX Large systems.

• The output for show dns-accel-cache CLI command is restricted to 255 bytes for DNS type 64 and DNS type 65 records respectively. If one or more serviceparam value contributes to the displayed output, the param size is displayed in brackets. To view the complete output, use the expand option in the show dns-accel-cache CLI command.

Limitations for DNS Cache Acceleration in Subscriber Services Parental Control

Enabling DNS Cache Acceleration for subscriber services in the Parental Control tab has the following limitations:

• The DNS Cache Acceleration subscriber site features, query count logging and blocked and allowed list support are applicable on Virtual DNS Cache Acceleration.

• The DNS Cache Acceleration subscriber site features, query count logging and blocked and allowed list support and retains only unknown bits and does not support unknown policies (AVP).

• DNS Cache Acceleration uses BIND to process the guests behind Customer Premises Equipment (CPEs).

• The appliance prompts for a reboot when there is a configuration change.

• DNSTAP is required for query count logging.

• DNS Cache Acceleration does not cache blocked domains from BIND as it only uses category information for resolved domains.

• At Virtual DNS Cache Acceleration, the subscriber has access only to the primary MSP IP address.

• DNS Cache Acceleration subscriber site feature supports only 16 additional blocking policies.

• Before blocking another opt in subscriber at DNS Cache Acceleration, an opt in subscriber must resolve a domain.

• Proxy-All replies comes from DNS Cache Acceleration as long as the client connection status to MSP is "connected." If the client connection status is "disconnected," the first few queries goes to BIND, and future requests comes from DNS Cache Acceleration. Note that, TCP idle connections are closed every 20 seconds by MSP.

• The query name for the subscriber allowed and blocked list must contain a known TLD (top-level domain) and, if there are any prefixes, must conclude with a '.'.

• Only domain names are supported by the subscriber allowed and blocked lists, the wildcards and services are not supported.

For Information on Upgrading Parental Control at DNS Cache Acceleration, see Upgrading Parental Control at DNS Cache Acceleration.

IB-FLEX Platform Settings for DNS Cache Acceleration

When you enable the DNS cache acceleration feature on IB-FLEX, ensure that it has enough CPU and memory to start the service. Note that you cannot start the service if the total CPU is less than 8 cores or if memory is less than 12G. To start the service, see the number of mandatory resources mentioned in the Total Resource Usage for Different Use Cases table.

If the DNS cache acceleration feature is enabled on a pre-provisioned member and fails to start due to insufficient resources on the member, the DCA status is displayed as failed. If you disable DCA on a member with insufficient resources, the member is not displayed in the DCA -> Members tab.