F5 as DNS Client - configure to require DNSSEC?

Question

Can BIG-IP be configured as a DNS Client using DNSSEC?  
&nbsp;
I have found lots of articles on how to configure F5 as a DNS Server (GTM/DNS) and how to secure that using DNSSEC.  This is not what I'm seeking; we are not seeking to make the F5 a DNS Server.&nbsp;
As a user of DNS, however, the F5 needs to be able to trust the DNS information it receives.  Is there a way to configure the F5, as a DNS Client, to demand DNSSEC?  I have yet to find an article that addresses this.  If you know of one, would you please share the URI?  Thank you.&nbsp;
Thank you,&nbsp;
John&nbsp;

ianb · Answer

There are several places where bigip can perform DNS lookups, and they handle the lookup in different ways, for example FQDN nodes are resolved through the bigd process, whereas http explicit proxy lookups are performed directly in tmm.&nbsp;
I'm not sure if there's any way to get them to validate DNSSEC responses, but it would help if you could clarify where you're hoping to have this functionality work, and then I can focus on that.&nbsp;

Forum Discussion

F5 as DNS Client - configure to require DNSSEC?

1 Reply

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

VIP in https that redirect to another vip in https

VIP is not responding on SYN after enabling other modules like ASM, APM and AFM.

Unblock Request WAF

F5OS login with admin/root failed via console

TLS handshake failure from BIG-IP to backend – Fatal Alert: Decode Error (Server SSL)

Related Content

Configuring BIG-IP for Zone Transfer and DNSSEC

The BIG-IP GTM: Configuring DNSSEC

BIG-IP APM: How to streamline your access requirements

Upcoming Action Required: F5 NGINX Plus R33 Release and Licensing Update

Enabling DNSSEC for 1 record only

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS