Search Knowledge Base Articles

EfficientIP Knowledge base

  • Measure QPS on BIND9

    BIND9 DNS engine was installed on Ubuntu server, the goal is to measure the QPS by enabling the statistics.Installing the BIND9 command: sudo apt install bind9 bind9utils bind9-doc bind9-hostLocate the named.stats file on your server u...

  • Enabling DNSSEC on an external zone

    Domain Name System Security Extensions (DNSSEC) is used to strengthen DNS protocol security.It controls the integrity of all DNS answers and ensures that client queries are answered by theproper server.By providing origin authent...

  • Utilizing ioc2rpz.net as open source RPZ

    ioc2rpz community is a portal which provides open source DNS Firewall / RPZ feeds. The DNS Firewall feeds are based on publicly available threat intelligence(TI). The TI feeds are maintained by 3rd party communities or companies and only a limited...

  • Enable Guardian for nonsupported interfaces

    Broadcom interface is not supported by default, only intel interfaces are supported for the Guardian service. this workaround only for POC: ...

  • Cascaded DNS

    EDNS: ...

  • NXDomain Redirection

    What is NXDOMAIN Redirection? NXDOMAIN redirection provides the ability for a recursive server to replace an NXDOMAIN response to a query with a configured answer of its own - usually pointing to a helpf...

  • GSS-TSIG DDNS updates

    Introduction  GSS-TSIG (Generic Security Service Algorithm –Transaction Signature) is used to authenticate DDNS (Dynamic Domain Name System) updates. It is an extension of TSIG authentication that uses the Kerb...

  • Configuring time to live (TTL) for the negative responses

    ...

  • How to enable cache sharing between Guardian servers

    Cache sharing is a feature that allows sharing the cache entries between Guardian servers automatically or on demand.Cache sharing benefits:1. Improving performance; higher cache hit rate.2...

  • Whitelisting in Guardian

    Whitelisting in Guardian Guardian operates in a secured framework, with the cache separated from the recursive DNS engines. It performs a continuous real-time analysis of the inbound and outbound traffic and therefore offers complete DNS T...

  • How to configure Identity Manager

    How to configure Identity Manager   Prerequisites: SOLIDServer 7.3+, or 8.0+ CA Certificate and its key in PEM format. ...

  • Enable Configurations Versioning on Cisco 2960S

    Enable Configurations Versioning on Cisco 2960S The switch I am going to use is Cisco 2960s, if you try to access ssh from the CLI of SOLIDServer you will get an error as below: no matching key exchange method found. Their...

  • Script changing the DNS resolvers

    The following is a method to automate changing the DNS resolvers on manually assigned devices like servers. Note: Test on small sample, do not execute on production environment as more tests might be required 1. Create a T...