DNS Request to VS?

Question

Hello,we found on our Firewall lots of DNS-Requests from the floating IP to some VS (with ASM-Policy).Now we want the Firewall to only allow DNS-Requests to the known DNS-Servers.Question: is this normal behaviour? The BIGIP has DNS-Resolver configured.Where can I check the Config-Utility?Thanks for any hint.Karl

jmtaylor · Answer

kgaigl​&nbsp;
&nbsp;
Hello here is some information that I was able find (Formatting generated by AI)&nbsp;&nbsp;
https://my.f5.com/manage/s/article/K15430
https://my.f5.com/manage/s/article/K21272
https://my.f5.com/manage/s/article/K13221
&nbsp;
&nbsp;
You can check and modify the DNS Resolver settings in the BIG-IP UI (Configuration Utility) by following these steps:

Log in to the Config-Utility (GUI):

Open a browser and navigate to your BIG-IP management IP or hostname (e.g., https://&lt;management-ip&gt;).
Log in with your management credentials.

Navigate to the DNS Resolver Settings:

Go to System &gt; Configuration &gt; Device &gt; DNS.
Check the settings under DNS Resolver or System DNS configuration.
Verify the listed DNS servers are the expected ones.

Check Virtual Server (VS) and ASM Policies:

Navigate to Local Traffic &gt; Virtual Servers to review the virtual server bound to the floating IP.
Locate the associated DNS Resolver profile, if any, and associated policies.
For ASM: Under Security &gt; Application Security &gt; Policy Building or Policies, ensure policies are configured correctly and not triggering unintended DNS lookups.

&nbsp;
You can check and modify the DNS Resolver settings in the BIG-IP UI (Configuration Utility) by following these steps:

Log in to the Config-Utility (GUI):

Open a browser and navigate to your BIG-IP management IP or hostname (e.g., https://&lt;management-ip&gt;).
Log in with your management credentials.

Navigate to the DNS Resolver Settings:

Go to System &gt; Configuration &gt; Device &gt; DNS.
Check the settings under DNS Resolver or System DNS configuration.
Verify the listed DNS servers are the expected ones.

Check Virtual Server (VS) and ASM Policies:

Navigate to Local Traffic &gt; Virtual Servers to review the virtual server bound to the floating IP.
Locate the associated DNS Resolver profile, if any, and associated policies.
For ASM: Under Security &gt; Application Security &gt; Policy Building or Policies, ensure policies are configured correctly and not triggering unintended DNS lookups

Forum Discussion

DNS Request to VS?

1 Reply

The New F5 Certified BIG-IP Administrator Certification Exams Now Live

F5 Academies Are Back – And We’re Coming to a City Near You

Recent Discussions

Load Balancing IIS Servers

rSeries Management route

Creating Client SSL Profile using Certs from a new CA

Azure Virtual Machine Scale Set (VMSS) with F5 LTM

Long URL Redirecting

Related Content

Logging DNS Requests

Logging of DNS Requests and Responses without a DNS license

Implementing Client Subnet DNS Requests

Implementing Client Subnet in DNS Requests

Block requests by reverse DNS record

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS