For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

kgaigl's avatar
kgaigl
Icon for Cirrocumulus rankCirrocumulus
Apr 02, 2025

DNS Request to VS?

Hello,

we found on our Firewall lots of DNS-Requests from the floating IP to some VS (with ASM-Policy).

Now we want the Firewall to only allow DNS-Requests to the known DNS-Servers.

Question: is this normal behaviour? The BIGIP has DNS-Resolver configured.

Where can I check the Config-Utility?

Thanks for any hint.

Karl

application delivery
dns
LTM F5
security

1 Reply

  • Jmtaylor's avatar
    Jmtaylor
    Icon for Moderator rankModerator
    Apr 24, 2025

    kgaigl​ 

     

    Hello here is some information that I was able find (Formatting generated by AI)  

    https://my.f5.com/manage/s/article/K15430

    https://my.f5.com/manage/s/article/K21272

    https://my.f5.com/manage/s/article/K13221

     

     

    You can check and modify the DNS Resolver settings in the BIG-IP UI (Configuration Utility) by following these steps:

    1. Log in to the Config-Utility (GUI):
      • Open a browser and navigate to your BIG-IP management IP or hostname (e.g., https://<management-ip>).
      • Log in with your management credentials.
    2. Navigate to the DNS Resolver Settings:
      • Go to System > Configuration > Device > DNS.
      • Check the settings under DNS Resolver or System DNS configuration.
      • Verify the listed DNS servers are the expected ones.
    3. Check Virtual Server (VS) and ASM Policies:
      • Navigate to Local Traffic > Virtual Servers to review the virtual server bound to the floating IP.
      • Locate the associated DNS Resolver profile, if any, and associated policies.
      • For ASM: Under Security > Application Security > Policy Building or Policies, ensure policies are configured correctly and not triggering unintended DNS lookups.

     

    You can check and modify the DNS Resolver settings in the BIG-IP UI (Configuration Utility) by following these steps:

    1. Log in to the Config-Utility (GUI):
      • Open a browser and navigate to your BIG-IP management IP or hostname (e.g., https://<management-ip>).
      • Log in with your management credentials.
    2. Navigate to the DNS Resolver Settings:
      • Go to System > Configuration > Device > DNS.
      • Check the settings under DNS Resolver or System DNS configuration.
      • Verify the listed DNS servers are the expected ones.
    3. Check Virtual Server (VS) and ASM Policies:
      • Navigate to Local Traffic > Virtual Servers to review the virtual server bound to the floating IP.
      • Locate the associated DNS Resolver profile, if any, and associated policies.
      • For ASM: Under Security > Application Security > Policy Building or Policies, ensure policies are configured correctly and not triggering unintended DNS lookups