Forum Discussion

jba3126's avatar
jba3126
Icon for Cirrostratus rankCirrostratus
Feb 28, 2019

ASM - Proactive Bot Defense DNS Resolver Requirement

I have been looking for clear documentation on the ASM PBD (Proactive Bot Defense) requirement for DNS resolution. I've enabled DNS resolution within the System Configuration; however when looking at the details for the Operation Mode I see a section that says the feature will not work without DNS Resolvers configured. Finding documentation on this configuration is like a needle in the haystack. For example, when creating a resolver, what is the name field for? Is this simply a name for the object and in the background it uses the System configured resolver, an FQDN of our internal DNS servers that are our cache revolvers, or an IP of said cache revolvers? I've found numerous references to the need for everything from explicit proxy, APM, ASM, to iRules, but nothing mentioning what this name should be.

 

/jeff

 

application delivery
ASM Advanced WAF
LTM
security

1 Reply

  • suttonsc's avatar
    suttonsc
    Icon for Employee rankEmployee
    Mar 01, 2019

    Configure the DNS resolver in the UI at: Network ›› DNS Resolvers : DNS Resolver List

    You can access this via tmsh also:

    Example:

     tmsh list net dns-resolver
net dns-resolver Goggle-DNS {
    forward-zones {
        googlebot.com {
            nameservers {
                8.8.4.4:domain { }
                8.8.8.8:domain { }
            }
        }
    }
    route-domain 0
}