Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

kgaigl's avatar
kgaigl
Icon for Cirrocumulus rankCirrocumulus
Apr 02, 2025

DNS Request to VS?

Hello, we found on our Firewall lots of DNS-Requests from the floating IP to some VS (with ASM-Policy). Now we want the Firewall to only allow DNS-Requests to the known DNS-Servers. Question: is t...
application delivery
DNS
LTM F5
security
Jmtaylor's avatar
Jmtaylor
Icon for Moderator rankModerator
Apr 24, 2025

kgaigl​ 

 

Hello here is some information that I was able find (Formatting generated by AI)  

https://my.f5.com/manage/s/article/K15430

https://my.f5.com/manage/s/article/K21272

https://my.f5.com/manage/s/article/K13221

 

 

You can check and modify the DNS Resolver settings in the BIG-IP UI (Configuration Utility) by following these steps:

  1. Log in to the Config-Utility (GUI):
    • Open a browser and navigate to your BIG-IP management IP or hostname (e.g., https://<management-ip>).
    • Log in with your management credentials.
  2. Navigate to the DNS Resolver Settings:
    • Go to System > Configuration > Device > DNS.
    • Check the settings under DNS Resolver or System DNS configuration.
    • Verify the listed DNS servers are the expected ones.
  3. Check Virtual Server (VS) and ASM Policies:
    • Navigate to Local Traffic > Virtual Servers to review the virtual server bound to the floating IP.
    • Locate the associated DNS Resolver profile, if any, and associated policies.
    • For ASM: Under Security > Application Security > Policy Building or Policies, ensure policies are configured correctly and not triggering unintended DNS lookups.

 

You can check and modify the DNS Resolver settings in the BIG-IP UI (Configuration Utility) by following these steps:

  1. Log in to the Config-Utility (GUI):
    • Open a browser and navigate to your BIG-IP management IP or hostname (e.g., https://<management-ip>).
    • Log in with your management credentials.
  2. Navigate to the DNS Resolver Settings:
    • Go to System > Configuration > Device > DNS.
    • Check the settings under DNS Resolver or System DNS configuration.
    • Verify the listed DNS servers are the expected ones.
  3. Check Virtual Server (VS) and ASM Policies:
    • Navigate to Local Traffic > Virtual Servers to review the virtual server bound to the floating IP.
    • Locate the associated DNS Resolver profile, if any, and associated policies.
    • For ASM: Under Security > Application Security > Policy Building or Policies, ensure policies are configured correctly and not triggering unintended DNS lookups