DNS Security

Hi everyone!

 

We are having difficulties with our implementation for DNS Security. Our current set-up is, for Incoming Traffic, we have an external DNS which contains all the A records and just forward the traffic to F5 once query is done. For Outbound Traffic, we have an AD which handles DNS query from internal Network and if the AD does not have any record of the query, this is the time that the query is forwarded to F5 going to Internet.

 

We have found some DNS Security from F5 but cannot find a simple explanation of it.

 

Can we have suggestions on how we can implement efficiently the following security features or if it is applicable with our set-up.

 

• DNS Firewall • DNS Query length checking • DNS Fluxing/Behavioral DDOS * DNSSEC * DNS Sinkholes

 

any suggestion or related article will be greatly appreciated